Harbor Operator
ATTENTIONS: THE
mainBRANCH MAY BE IN AN UNSTABLE OR EVEN BROKEN STATE DURING DEVELOPMENT.
Harbor is a CNCF hosted open source trusted cloud-native registry project that stores, signs, and scans content. Harbor is composed on numerous stateful and stateless components and dependencies that may be deployed, updated, healed, backuped or scaled respecting some constraints.
The Harbor Operator provides an easy and solid solution to deploy and manage a full Harbor service stack including both the harbor service components and its relevant dependent services such as database, cache and storage services to the target Kubernetes clusters in a scalable and high-available way. The Harbor Operator defines a set of Harbor-related custom resources on top of Kubernetes Custom Resources. The Kubernetes API can then be used in a declarative way to manage Harbor deployment stack and ensure its scalability and high-availability operation, thanks to the Kubernetes control loop. The project harbor-operator aims to cover both Day1 and Day2 operations of an enterprise-grade Harbor deployment.
Features
Harbor deployment stack is controlled by a custom Harbor resource HarborCluster. HarborCluster owns the custom resource Harbor that represents the Harbor own service stack, and the custom resources of the related dependent services (PostgreSQL, Redis and MinIO) that are required when deploying the full Harbor deployment stack.
- Provides strong flexibility to deploy different stacks of Harbor cluster (identified by
HarborClusterCR)- Minimal stack: only required Harbor components
Core,Registry,Registry Controller,Job ServiceandPortalare provisioned. - Standard stack: the optional Harbor components
Notary,Trivy,ChartMuseumandMetrics Exportercan be selected to enable. - Full stack: both the Harbor components (required+optional) and also the related dependent services including the database (PostgreSQL), cache (Redis) and storage (MinIO) can be deployed into the Kubernetes cluster together with a scalable and high-available way.
- Minimal stack: only required Harbor components
- Supports configuring either external or in-cluster deployed dependent services
- Supports a variety of backend storage configurations
- [X] filesystem: A storage driver configured to use a directory tree in the a kubernetes volume.
- [X] s3: A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
- [X] swift: A driver storing objects in Openstack Swift.
- [X] azure: A driver storing objects in Microsoft Azure Blob Storage.
- [X] gcs: A driver storing objects in a Google Cloud Storage bucket.
- Supports updating the deployed Harbor cluster
- Adjust replicas of components
- Add/remove the optional Harbor components
- Supports upgrading the managed Harbor registry version
- Deletes all the linked resources when deleting the Harbor cluster
- Support services exposed with ingress: nginx(default), gce, contour and
ncp - Support Day2 operations
- Configures Harbor system settings with configuration CRD (
recommend) or labeled ConfigMap (deprecated)
- Configures Harbor system settings with configuration CRD (
Future features
- Support Day2 operations
- Image pulling secret auto-injection
- Auto mapping Kubernetes namespaces to the Harbor project
- Image pulling path auto-rewriting
- Transparent proxy cache settings
- Certification auto injection
- Manage Harbor resources with the declaration way
- Robot account
- and more
- Auto-scaling for each component.
- Backup/restore data (registry layer, chartmuseum data, databases content).
- Support services exposed with LoadBalancer
Release plans
Getting started
For a quick first try follow the instructions of this tutorial.
Versioning
Versions of the underlying components are listed below:
| Components | Harbor | MinIO operator | PostgreSQL operator | Redis operator |
|---|---|---|---|---|
| Versions | 2.5.x [1] |
4.4.28 | 1.7.0 | 1.1.1 |
NOTES:
[1] .x means all the patch releases of Harbor can be naturally supported in one operator version.
Compatibility
Applicative Kubernetes versions
Harbor operator supports two extra Kubernetes versions besides the current latest version (n-2 pattern):
| Versions | 1.21 | 1.22 | 1.23 | 1.24 |
|---|---|---|---|---|
| Compatibility | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Cert manager versions
Harbor operator relies on cert manager to manage kinds of certificates used by Harbor cluster components. Table shown below lists the compatibilities of cert manager versions:
| Versions | 1.6[.3] | 1.7[.3] | 1.8[.2] | 1.9[.1] |
|---|---|---|---|---|
| Compatibility | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Ingress controller types
Harbor operator exposes the frontend service with ingress (CRD version: v1beta1). Table shown below lists the ingress controller types supported.
| Ingress Controller | Compatibility | Description |
|---|---|---|
| default | :heavy_check_mark: | Default ingress controller like NGINX |
| gce | :heavy_check_mark: | Google Cloud Engine ingress controller |
| ncp | :heavy_check_mark: | NSX-T Container plugin ingress controller |
| contour | :heavy_check_mark: | Ingress controller that works by deploying the Envoy proxy |
NOTES:
:heavy_check_mark: : supported :heavy_multiplication_x: : not supported :o: : not verified (probably supported)
Documentation
- How it works
- Installation
- CRD references
- Manifests references
- Customize storage, database and cache services
- Customize images
- Day2 configurations
- Day2 manage Harbor projects
- Upgrade Harbor cluster
- Delete Harbor cluster
- Backup data
- Useful Makefile Targets
- Operator configurations
- Enable Minio console
- Performance comparison between fs & MinIO
- Monitor logs with grafana
Contributions
Harbor operator project is developed and maintained by the Harbor operator workgroup. If you're willing to join the group and do contributions to operator project, welcome to contact us. Follow the Development guide to start on the project.
Special thanks to the contributors who did significant contributions (see feature area).
Community
- Twitter: @project_harbor
- User Group: Join Harbor user email group: harbor-users@lists.cncf.io to get update of Harbor's news, features, releases, or to provide suggestion and feedback.
- Developer Group: Join Harbor developer group: harbor-dev@lists.cncf.io for discussion on Harbor development and contribution.
- Slack: Join Harbor's community for discussion and ask questions: Cloud Native Computing Foundation, channel: #harbor-operator-dev
- Community meeting: attend bi-weekly community meeting for Q&A
Additional references
- cert-manager
- Underlying postgreSQL operator
- Underlying redis operator
- Underlying minio operator
- Kubernetes operator
- Custom Resource Definition
- Kubebuilder
Related links
- Contribute: https://github.com/goharbor/harbor-operator/blob/main/CONTRIBUTING
- Report bugs: https://github.com/goharbor/harbor-operator/issues
- Get latest version: https://hub.docker.com/r/goharbor/harbor-operator
Recognition
The operator was initially developed by OVHcloud and donated to the Harbor community as one of its governing projects in March 2020, becoming the basis of the official Harbor Operator.
OVHcloud uses the operator at scale to operate part of its private registry service. But the operator was designed in an agnostic way and it's continuing to evolve into a more pervasive architecture to bring values to any companies in search of deploying and managing one or multiple Harbor.
License
See LICENSE for licensing details.