Harbor Architecture Explained

Harbor : 

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content.

The mission is to provide Cloud Native environments the ability to confidently manage and serve container images and related artifacts.

Architecture :

 

 

Data Access Layer :

k-v storage : formed by Redis, provides data cache functions and supports temporarily persisting job metadata for the job service.

data storage : multiple storages supported for data persistence as backend storage of registry and chart museum. For checking more details, please refer to the driver list document at docker website and ChartMuseum GitHub repository.

Database : stores the related metadata of Harbor models, like projects, users, roles, replication policies, tag retention policies, scanners, charts, and images. PostgreSQL is adopted.

Fundamental Services :

Proxy

reverse-proxy formed by the Nginx Server to provide API routing capabilities. Components of Harbor, such as core, registry, web portal, and token services, etc., are all behind this reversed proxy. The proxy forwards requests from browsers and Docker clients to various backend services.

Core

Harbor’s core service, which mainly provides the following functions:

  • API Server:
    A HTTP server accepting REST API requests and responding those requests rely on its submodules such as ‘Authentication & Authorization’, ‘Middleware’, and ‘API Handlers’.

    • Authentication & Authorization
      • requests are protected by the authentication service which can be powered by a local database, AD/LDAP or OIDC.
      • RBAC mechanism is enabled for performing authorizations to the related actions, e.g: pull/push an image
      • Token service is designed for issuing a token for every docker push/pull command according to a user’s role of a project. If there is no token in a request sent from a Docker client, the Registry will redirect the request to the token service.

    • Middleware:

      Preprocess some requests in advance to determine whether they match the required criteria and can be passed to the backend components for further processing or not. Some functions are implemented as kinds of middleware, such as ‘quota management’, ‘signature check’, ‘vulnerability severity check’ and ‘robot account parsing’ etc.

    • API Handlers:
      Handle the corresponding REST API requests, mainly focus on parsing and validating request parameters, completing business logic on top of the relevant API controller, and writing back the generated response.

  • Config Manager:
    Covers the management of all the system configurations, like authentication type settings, email settings, and certificates, etc..

  • Project Management:
    Manages the base data and corresponding metadata of the project, which is created to isolate the managed artifacts.
  • Quota Manager:
    Manages the quota settings of projects and performs the quota validations when new pushes happened.

  • Chart Controller:
    Proxy the chart related requests to backend chartmuseum and provides several extensions to improve chart management experiences.

  • Retention Manager:
    Manages the tag retention policies and perform and monitor the tag retention processes

  • Content Trust:
    add extensions to the trust capability provided by backend Notary to support the smoothly content trust process. At present, only container images are supported to sign.

  • Replication Controller:
    Manages the replication policies and registry adapters, triggers and monitors the concurrent replication processes. Many registry adapters are implemented:

    • Distribution (docker registry)
    • Docker Hub
    • Huawei SWR
    • Amazon ECR
    • Google GCR
    • Azure ACR
    • Ali ACR
    • Helm Hub
    • Quay
    • Artifactory
    • GitLab Registry

  • Scan Manager:
    Manages the multiple configured scanners adapted by different providers and also provides scan summaries and reports for the specified artifacts.
    • The Trivy scanner provided by Aqua Security, the Anchore Engine scanner provided by Anchore, the Clair scanner sponsored by CentOS (Redhat), and DoSec Scanner provided by DoSec will be supported.
    • At present, only container images or bundles are built on top of images like the manifest list/OCI index or CNAB bundle are supported to scan.

  • Notification Manager(webhook):
    A mechanism configured in Harbor so that artifact status changes in Harbor can be populated to the Webhook endpoints configured in Harbor. The interested parties can trigger some follow-up actions by listening to the related webhook events. Now, two ways are supported:
    • HTTP Post request
    • Slack channel

  • OCI Artifact Manager:
    Core component to manage the lifecycle of all the OCI artifacts across the whole Harbor registry. It provides the CRUD operations to manage the metadata and related additions such as scanning report, building history of container images and readme, dependencies, and value.yaml of helm charts, etc. of the artifact, it also supports the capabilities of managing artifact tags and other helpful operations.

  • Registry Driver:
    Implemented as a registry client SDK to do communications with the underlying registry (docker distribution at this moment). ‘OCI Artifact Manager’ relies on this driver to get additional info from the manifest and even config JSON of the specified artifact that located at the underlying registry.

Job Service: 

General job execution queue service to let other components/services submit requests of running asynchronous tasks concurrently with simple restful APIs

Log collector: 

Log collector, responsible for collecting logs of other modules into a single place.

GC Controller: 

manages the online GC schedule settings and start and track the GC progress.

Chart Museum: 

A 3rd party chart repository server providing chart management and access APIs. To learn more details, check here.

Docker Registry:

A 3rd party registry server, responsible for storing Docker images and processing Docker push/pull commands. As Harbor needs to enforce access control to images, the Registry will direct clients to a token service to obtain a valid token for each pull or push request.

Notary

a 3rd party content trust server, responsible for securely publishing and verifying content. To learn more details, check here.

Consumers :

As a standard cloud-native artifact registry, the related clients will be naturally supported, like docker CLI, notary client, OCI compatible client like Oras, and Helm. Besides those clients, Harbor also provides a web portal for the administrators to easily manage and monitor all the artifacts.

Web Portal: 

a graphical user interface to help users manage images on the Registry

Features :

  • Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.

  • Role based access control: Users access different repositories through ‘projects’ and a user can have different permission for images or Helm charts under a project.

  • Policy based replication: Images and charts can be replicated (synchronized) between multiple registry instances based on policies with using filters (repository, tag and label). Harbor automatically retries a replication if it encounters any errors. This can be used to assist loadbalancing, achieve high availabiliy, and faciliate multi-datacenter deployments in hybrid and multi-cloud scenarios.

  • Vulnerability Scanning: Harbor scans images regularly for vulnerabilities and has policy checks to prevent vulnerable images from being deployed.

  • LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor that can then be given permissions to specific projects.

  • OIDC support: Harbor leverages OpenID Connect (OIDC) to verify the identity of users authenticated by an external authorization server or identity provider. Single sign-on can be enabled to log into the Harbor portal.

  • Image deletion & garbage collection: System admin can run garbage collection jobs so that images(dangling manifests and unreferenced blobs) can be deleted and their space can be freed up periodically.

  • Notary: Support signing container images using Docker Content Trust (leveraging Notary) for guaranteeing authenticity and provenance. In additon, policies that prevent unsigned images from being deployed can also be activated.

  • Graphical user portal: User can easily browse, search repositories and manage projects.

  • Auditing: All the operations to the repositories are tracked through logs.

  • RESTful API: RESTful APIs are provided to facilitate administrative operations, and are easy to use for integration with external systems. An embedded Swagger UI is available for exploring and testing the API.

  • Easy deployment: Harbor can be deployed via Docker compose as well Helm Chart, and a Harbor Operator was added recently as well.

 

Reference link :

https://github.com/goharbor/harbor

https://github.com/goharbor/harbor/wiki/Architecture-Overview-of-Harbor

https://github.com/goharbor/harbor/wiki/Video-demos-for-Harbor

 

 

1 Comments

  1. I’m really impressed together with your writing skills as well as
    with the layout in your blog. Is this a paid theme or did you modify it your self?
    Anyway keep up the excellent high quality writing, it is rare to look a nice blog like
    this one today..

  2. Hi there would you mind letting me know which webhost you’re utilizing?
    I’ve loaded your blog in 3 different internet browsers and I must say this blog loads a lot
    faster then most. Can you suggest a good internet hosting provider at a
    reasonable price? Many thanks, I appreciate it!

  3. Hello there! Quick question that’s completely off topic. Do you know how to make your site mobile friendly?
    My blog looks weird when viewing from my iphone. I’m trying to find a template or plugin that might be able to correct this issue.

    If you have any suggestions, please share. Cheers!

  4. Bu kişilerin instagram takipçi satın al gibi platformlar aracılığı ile
    gerçek takipçiye sahip olarak etkileşimleri en kısa zamanda en yüksek seviyelere taşıma imkanı elde ederler.

    Bu kişilere günün her saatinde destek sağlanacağı da biliniyor.

    Bu sayede kısa zamanda daha geniş kitlelere ulaşım sağlayarak dolaylı olarak da etkileşimlerinizi ve takipçi sayısı arttırma imkanı ile Tercih edilecek olan miktarlar ve tercih edilecek olan seçeneklere göre ayrı fiyatlandırmaların da var olduğu bilinmelidir.

  5. Hey would you mind stating which blog platform you’re working with?
    I’m going to start my own blog in the near future but I’m having a
    difficult time selecting between BlogEngine/Wordpress/B2evolution and Drupal.

    The reason I ask is because your layout seems different then most blogs and I’m looking for
    something completely unique. P.S My apologies
    for being off-topic but I had to ask! 0mniartist asmr

  6. Thanks for the marvelous posting! I truly enjoyed reading it, you will be a great author.
    I will always bookmark your blog and will often come back very
    soon. I want to encourage continue your great job, have a nice
    morning!

  7. Great blog here! Also your website loads up very fast!
    What host are you using? Can I get your affiliate link to your host?
    I wish my website loaded up as fast as yours lol

  8. Howdy! Do you use Twitter? I’d like to follow you if that would be okay.
    I’m definitely enjoying your blog and look forward to new updates.

  9. You really make it seem so easy with your presentation but I find this topic to be really something which I think I would never understand.
    It seems too complex and extremely broad for me. I’m looking forward for your next post, I’ll try to get the hang
    of it!

  10. Некоторые лекарства оказывают воздействие РЅРµ РЅР°РїСЂСЏРјСѓСЋ РЅР° СЌСЂРµРєС†РёСЋ. Это препараты общего характера, влияние которых имеет больше психологический характер. Их РїСЂРёРјРµРЅСЏСЋС‚ для дополнения Рє РѕСЃРЅРѕРІРЅРѕРјСѓ лечению. Как правило, РѕСЃРЅРѕРІРѕР№ подобных средств является Р№РѕС…РёРјР±РёРЅ. Такие препараты РїРѕРјРѕРіСѓС‚ восстановить потенцию, спровоцированную вегетососудистой дистонией. РЎ эректильной дисфункцией может столкнуться каждый мужчина среднего Рё старшего возраста. Психологический дискомфорт, испытываемый РІ ситуации отсутствия полового влечения Рє женщине или РїСЂРё недостаточной эрекции, причиняет существенный вред ментальному Р·РґРѕСЂРѕРІСЊСЋ мужчины. Р’ качестве решения проблемы применяются препараты для потенции. https://casheshw875420.blog-ezine.com/3299040/повышение-потенции-Сѓ-мужчин-РІ-домашних Уменьшает боли РїСЂРё месячных. Хранить Женскую виагра для женщин РІ аптеках Сургута Виагру следует РІ фирменном блистере. Возбудитель женский РєРѕРЅСЃРєРёР№ купить заказать лучший женский возбудитель, самый безопасный женский возбудитель РІ каплях. Форум самые эффективные женские возбудители женский дешевый возбудитель, возбудитель для женщин иркутск купить женский возбудитель домашние рецепты. Женский возбудитель РІ аптеках тюмень лучший женский возбудитель РІ домашних условиях, женский возбудитель винница.

  11. scoliosis
    Woah! I’m really digging the template/theme of this site.
    It’s simple, yet effective. A lot of times it’s very difficult
    to get that “perfect balance” between usability and appearance.
    I must say that you’ve done a very good job with this. Additionally,
    the blog loads extremely quick for me on Firefox.
    Outstanding Blog! scoliosis

  12. free dating sites
    Howdy! I realize this is kind of off-topic however I needed to ask.
    Does building a well-established website like yours require a large amount of work?
    I am brand new to blogging however I do write in my journal daily.
    I’d like to start a blog so I will be able to share my personal experience and thoughts online.
    Please let me know if you have any ideas or tips for brand new aspiring blog owners.
    Appreciate it! free dating sites

  13. Hi, Neat post. There is a problem along with your web site in internet explorer,
    could check this? IE nonetheless is the market leader and a large section of other folks
    will miss your magnificent writing because of this problem.

  14. Hi! I know this is somewhat off topic but I was wondering if you knew where I could find a captcha plugin for my comment form?
    I’m using the same blog platform as yours and I’m having problems
    finding one? Thanks a lot!

  15. I know this if off topic but I’m looking into starting
    my own blog and was curious what all is required to get setup?
    I’m assuming having a blog like yours would cost a pretty penny?
    I’m not very internet savvy so I’m not 100% positive. Any suggestions or advice would be greatly
    appreciated. Cheers

  16. I think this is among the most important information for me.

    And i’m glad reading your article. But should remark on few general
    things, The web site style is perfect, the articles is really great : D.
    Good job, cheers

  17. Magnificent beat ! I would like to apprentice while you amend your web
    site, how can i subscribe for a blog website? The
    account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided bright
    clear concept

  18. Write more, thats all I have to say. Literally, it seems as
    though you relied on the video to make your point.

    You obviously know what youre talking about, why throw away your intelligence on just posting videos
    to your weblog when you could be giving us
    something enlightening to read?

  19. Wow! This could be one particular of the most helpful blogs We’ve ever arrive across on this subject. Actually Excellent. I am also an expert in this topic so I can understand your hard work.

  20. Wow! This can be one particular of the most helpful blogs We have ever arrive across on this subject. Basically Great. I’m also an expert in this topic therefore I can understand your effort.

  21. Wow! This could be one particular of the most beneficial blogs We’ve ever arrive across on this subject. Actually Wonderful. I am also an expert in this topic therefore I can understand your effort.

  22. Wow! This can be one particular of the most useful blogs We’ve ever arrive across on this subject. Actually Excellent. I’m also an expert in this topic therefore I can understand your hard work.

  23. Woah! I’m really loving the template/theme of this blog. It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between user friendliness and visual appearance. I must say you’ve done a fantastic job with this. Additionally, the blog loads very quick for me on Chrome. Excellent Blog!

  24. Wow! This can be one particular of the most useful blogs We’ve ever arrive across on this subject. Actually Excellent. I’m also an expert in this topic therefore I can understand your hard work.

  25. Wonderful message. I discover something much more challenging on different blogs day-to-day. It will certainly constantly be stimulating to check out content from other writers as well as exercise a little something from their store. I?d favor to make use of some with the web content on my blog whether you don?t mind. Natually I?ll offer you a link on your internet blog site. Thanks for sharing.

  26. Woah! I’m really loving the template/theme of this blog. It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between user friendliness and visual appearance. I must say you’ve done a fantastic job with this. Additionally, the blog loads very quick for me on Chrome. Excellent Blog!

  27. When I initially commented I clicked the -Notify me when new comments are added- checkbox and now every time a remark is added I get four emails with the same comment. Is there any manner you can remove me from that service? Thanks!

  28. When I originally commented I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on each time a comment is added I get 4 emails with the exact same comment. Is there a means you can remove me from that service? Cheers!

  29. When you are ready doing everything we have talked about in the previous paragraphs, which is considering your shopping list with careful planning accuracy, finding the drugs you require remember that we have a great number of sildenafil pills, which are generic Viagra tablets in their different editions, forms and dosages and sending them to the shopping cart, you will be redirected to the page with your personal details.

  30. Woah! I’m really loving the template/theme of this blog. It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between user friendliness and visual appearance. I must say you’ve done a fantastic job with this. Additionally, the blog loads very quick for me on Chrome. Excellent Blog!

  31. When I originally commented I appear to have clicked on the -Notify me when new comments are added- checkbox and now every time a comment is added I get four emails with the exact same comment. Is there a means you are able to remove me from that service? Thank you!

  32. When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove people from that service? Cheers!

  33. While they don t keep the same type of statistics for sex as they do for major league baseball otherwise you may not want to see your batting average or on-base percentage , one has to wonder how using such sex PEDs may have altered the perceptions, dynamics, psychology, emotional aspects, and health of sex.

  34. While they don t keep the same type of statistics for sex as they do for major league baseball otherwise you may not want to see your batting average or on-base percentage , one has to wonder how using such sex PEDs may have altered the perceptions, dynamics, psychology, emotional aspects, and health of sex.

  35. When I initially commented I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on each time a comment is added I get four emails with the same comment. Perhaps there is a way you are able to remove me from that service? Appreciate it!

  36. You really make it seem really easy along with your presentation however I to find this matter to be really something which I believe I’d by
    no means understand. It seems too complex and extremely broad for me.
    I’m looking forward in your subsequent submit, I will attempt to get the dangle of
    it!

  37. Please let me know if you’re looking for a article writer for
    your weblog. You have some really good articles
    and I believe I would be a good asset. If you ever want to take some of the load off, I’d absolutely
    love to write some material for your blog in exchange for a link back to mine.
    Please shoot me an e-mail if interested. Many thanks!

  38. Great post. I was checking continuously this blog and I’m
    impressed! Very helpful info specifically the last part 🙂 I care for such information a lot.
    I was looking for this particular info for a long time.
    Thank you and best of luck.

  39. Заполните форму для консультации и заказа Молния Зевса средство для потенции. Оператор уточнит у вас все детали и мы отправим ваш заказ. Через 1-10 дней вы получите посылку и оплатите её при получении Повышение потенции фруктами препараты для усиления потенции мужчин список, повышение потенций и эрекции. Средство от потенции инфорте меню для повышения потенции у мужчин, отзывы средство повышения потенции александр ласточкин повышение потенции. Maxman iv препарат для повышения потенции отзывы средство спрей для потенции, средства для быстрого восстановления потенции. Сильный мужской пенис, увеличение мужского пениса, масло для виагры, мужской спрей для задержки, афродизиак, длительное время секса, для повышения иммунитета для мужчин Оглавление 10 мл спрей для задержки секса для мужчин наружное использование против преждевременной эякуляции продлевает 60 минут увеличение пениса для мужчин t таблетки Валентина Также медикаменты данного типа запрещено употреблять одновременно с альфа-блокаторами или гипогликемическими средствами.Именно поэтому для повышения потенции у мужчин часто применяют различные спреи и фитопрепараты. http://www.pokeproject.net/forums/member.php?action=profile&uid=91407 Врач ультразвуковой диагностики Мужской врач уролог-андролог, уролог-сексолог. *Внимание! Указанные цены приведены как справочная информация и не являются публичной офертой. Уточняйте актуальные цены по телефону и непосредственно в клиниках. Подождите немного.Отправляем вашу заявку! Предстательная железа (простата) – орган половой системы, вырабатывающий секрет, который входит в состав спермы. Она располагается между мочевым пузырём и прямой кишкой. Через предстательную неё проходит уретра. Секрет простаты разжижает сперму, активизируя движение сперматозоидов. Простата также участвует в формировании либидо и оргазма. — Не устраивает продолжительность полового акта. Пентюк О.О., Волощук Н.І., Машевська О.В. В одном исследовании сообщали о финансировании академическими грантами, а в других четырех – о спонсорской поддержке или грантах от фармацевтических компаний. В других исследованиях заявляли о финансировании за счет собственных средств или вовсе не упоминали о финансировании. Две трети случаев ЗППП регистрируются у подростков и молодых людей в возрасте до 25 лет. 1 из 4 сексуально активных подростков заражается ЗППП до 21 года. Существует более 20 различных типов ЗППП, воспаление обычно затрагивает слизистую оболочку полового и мочеиспускательного трактов.

  40. I feel that is one of the so much important info for me.

    And i’m happy reading your article. However should remark
    on few common things, The web site style is great, the articles is
    in point of fact excellent : D. Excellent process, cheers

  41. I do not even know how I ended up here, but I thought this post was good. I don’t know who you are but certainly you’re going to a famous blogger if you are not already 😉 Cheers!
    Hey terrific website! Does running a blog similar to this require a lot of work? I’ve absolutely no knowledge of programming however I had been hoping to start my own blog in the near future. Anyhow, should you have any suggestions or tips for new blog owners please share. I know this is off subject but I simply had to ask. Thank you!

  42. You can definitely see your enthusiasm within the
    article you write. The world hopes for more passionate writers such as you who are not afraid to say how they believe.

    Always follow your heart.

  43. Great blog right here! Also your site lots
    up fast! What web host are you the usage of? Can I get your
    associate link in your host? I want my website loaded up as quickly as
    yours lol

  44. Hi, Neat post. There is a problem with your website in web explorer, might test
    this? IE still is the marketplace chief and a big part of
    other people will pass over your excellent writing due to this problem.

  45. Very nice post. I just stumbled upon your blog and wished to say that
    I have really enjoyed browsing your blog posts. In any case I’ll be subscribing to your
    feed and I hope you write again very soon!
    휴게텔

  46. An interesting discussion is definitely worth comment. I do believe that you should publish more about this topic, it
    might not be a taboo subject but generally people do not
    talk about such issues. To the next! Cheers!!

  47. Good day! This is kind of off topic but I need some help from
    an established blog. Is it difficult to set up your own blog?
    I’m not very techincal but I can figure things out pretty fast.

    I’m thinking about setting up my own but I’m not sure where to
    start. Do you have any points or suggestions? With thanks

  48. Howdy great website! Does running a blog such as this require
    a lot of work? I have no expertise in coding but I
    had been hoping to start my own blog soon. Anyways, if you have any suggestions or tips for new blog owners please share.
    I know this is off topic however I just had to ask.
    Thank you!