• Stars
    star
    350
  • Rank 121,229 (Top 3 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Kubernetes operator for Harbor service components

Harbor Operator

CI Pipeline CodeQL Codacy Badge Go Reference

ATTENTIONS: THE MASTER BRANCH MAY BE IN AN UNSTABLE OR EVEN BROKEN STATE DURING DEVELOPMENT.

Harbor is a CNCF hosted open source trusted cloud-native registry project that stores, signs, and scans content. Harbor is composed on numerous stateful and stateless components and dependencies that may be deployed, updated, healed, backuped or scaled respecting some constraints.

The Harbor Operator provides an easy and solid solution to deploy and manage a full Harbor service stack including both the harbor service components and its relevant dependent services such as database, cache and storage services to the target Kubernetes clusters in a scalable and high-available way. The Harbor Operator defines a set of Harbor-related custom resources on top of Kubernetes Custom Resources. The Kubernetes API can then be used in a declarative way to manage Harbor deployment stack and ensure its scalability and high-availability operation, thanks to the Kubernetes control loop. The project harbor-operator aims to cover both Day1 and Day2 operations of an enterprise-grade Harbor deployment.

Features

Harbor deployment stack is controlled by a custom Harbor resource HarborCluster. HarborCluster owns the custom resource Harbor that represents the Harbor own service stack, and the custom resources of the related dependent services (PostgreSQL, Redis and MinIO) that are required when deploying the full Harbor deployment stack.

  • Provides strong flexibility to deploy different stacks of Harbor cluster (identified by HarborCluster CR)
    • Minimal stack: only required Harbor components Core, Registry, Registry Controller, Job Service and Portal are provisioned.
    • Standard stack: the optional Harbor components Notary, Trivy, ChartMuseum and Metrics Exporter can be selected to enable.
    • Full stack: both the Harbor components (required+optional) and also the related dependent services including the database (PostgreSQL), cache (Redis) and storage (MinIO) can be deployed into the Kubernetes cluster together with a scalable and high-available way.
  • Supports configuring either external or in-cluster deployed dependent services
  • Supports a variety of backend storage configurations
    • filesystem: A storage driver configured to use a directory tree in the a kubernetes volume.
    • s3: A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
    • swift: A driver storing objects in Openstack Swift.
    • azure: A driver storing objects in Microsoft Azure Blob Storage.
    • gcs: A driver storing objects in a Google Cloud Storage bucket.
  • Supports updating the deployed Harbor cluster
    • Adjust replicas of components
    • Add/remove the optional Harbor components
  • Supports upgrading the managed Harbor registry version
  • Deletes all the linked resources when deleting the Harbor cluster
  • Support services exposed with ingress: nginx(default), gce, contour and ncp
  • Support Day2 operations
    • Configures Harbor system settings with configuration CRD (recommend) or labeled ConfigMap (deprecated)

Future features

  • Support Day2 operations
    • Image pulling secret auto-injection
      • Auto mapping Kubernetes namespaces to the Harbor project
    • Image pulling path auto-rewriting
      • Transparent proxy cache settings
    • Certification auto injection
    • Manage Harbor resources with the declaration way
      • Robot account
      • and more
  • Auto-scaling for each component.
  • Backup/restore data (registry layer, chartmuseum data, databases content).
  • Support services exposed with LoadBalancer

Release plans

Getting started

For a quick first try follow the instructions of this tutorial.

Versioning

Versions of the underlying components are listed below:

Components Harbor MinIO operator PostgreSQL operator Redis operator
Versions 2.5.x [1] 4.4.28 1.7.0 1.1.1

NOTES:

[1] .x means all the patch releases of Harbor can be naturally supported in one operator version.

Compatibility

Applicative Kubernetes versions

Harbor operator supports two extra Kubernetes versions besides the current latest version (n-2 pattern):

Versions 1.21 1.22 1.23 1.24
Compatibility ✔️ ✔️ ✔️ ✔️

Cert manager versions

Harbor operator relies on cert manager to manage kinds of certificates used by Harbor cluster components. Table shown below lists the compatibilities of cert manager versions:

Versions 1.6[.3] 1.7[.3] 1.8[.2] 1.9[.1]
Compatibility ✔️ ✔️ ✔️ ✔️

Ingress controller types

Harbor operator exposes the frontend service with ingress (CRD version: v1beta1). Table shown below lists the ingress controller types supported.

Ingress Controller Compatibility Description
default ✔️ Default ingress controller like NGINX
gce ✔️ Google Cloud Engine ingress controller
ncp ✔️ NSX-T Container plugin ingress controller
contour ✔️ Ingress controller that works by deploying the Envoy proxy

NOTES:

✔️ : supported ✖️ : not supported : not verified (probably supported)

Documentation

Contributions

Harbor operator project is developed and maintained by the Harbor operator workgroup. If you're willing to join the group and do contributions to operator project, welcome to contact us. Follow the Development guide to start on the project.

Special thanks to the contributors who did significant contributions (see feature area).

Community

Additional references

Related links

Recognition

The operator was initially developed by OVHcloud and donated to the Harbor community as one of its governing projects in March 2020, becoming the basis of the official Harbor Operator.

OVHcloud uses the operator at scale to operate part of its private registry service. But the operator was designed in an agnostic way and it's continuing to evolve into a more pervasive architecture to bring values to any companies in search of deploying and managing one or multiple Harbor.

License

See LICENSE for licensing details.

More Repositories

1

harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
Go
23,697
star
2

harbor-helm

The helm chart to deploy Harbor
Mustache
1,184
star
3

terraform-provider-harbor

A Terraform provider for Harbor. To configure and manage all aspects of your Harbor Container Registry with Terraform Infrastructure as Code.
Go
115
star
4

acceleration-service

Provides a general service to support image acceleration based on kinds of accelerator like Nydus and eStargz etc.
Go
77
star
5

community

Harbor community-related material
73
star
6

harbor-arm

Build Harbor for arm architecture.
Shell
70
star
7

go-client

Client library with golang for accessing Harbor API.
Go
41
star
8

harbor-cli

[Sandbox] Official Harbor CLI
Go
35
star
9

harbor-scanner-clair

Use Clair as a plug-in vulnerability scanner in the Harbor registry
Go
34
star
10

website

Source for the main Harbor website
HTML
33
star
11

harbor-cluster-operator

Kubernetes operator for deploying and managing Harbor and its dependent services (database, cache and storage) in a scalable and high-available way
Go
27
star
12

perf

performance test scripts and data
JavaScript
20
star
13

pluggable-scanner-spec

Open API spec definition for the scanners that can be plugged into Harbor to do artifact scanning.
20
star
14

jenkins-shared-library

Shell
9
star
15

goharbor.github.io

fully rendered hugo site
HTML
6
star
16

xk6-harbor

Go
6
star
17

replication-verification

This repository is created to keep and regularly run the related compatibility testing cases that are used to verify whether the related replication adapters are still working well in Harbor or not.
RobotFramework
5
star
18

chartmuseum-migration-tools

Go
3
star
19

harbor-loongson

Build Harbor for loongson architecture.
1
star
20

harbor-scanner-fake

Go
1
star