Written by the Harbor Team at VMware
VMware Pivotal Container Service (PKS) 1.2 went into general availability on September 27th, including integration with Harbor 1.6. The integration of this latest version of Harbor delivers advanced cloud registry features, such as Helm charts management, improved LDAP support, image replication, and database migration functionality.
Harbor is an open source cloud native registry developed by VMware and donated to the Cloud Native Computing Foundation in July 2018. Harbor stores, signs, and scans container images for vulnerabilities. It also fills a gap in the market for organizations that run apps which cannot use a public or cloud-based registry, or those that want a consistent experience across clouds.
PKS has included Harbor as its default container registry since day one, offering you a production-grade container registry you can trust to deliver compliance, performance, and interoperability.
Integrated with latest Harbor 1.6, PKS 1.2 delivers a list of exciting new features to help enterprise customers manage and secure their Kubernetes deployments through a trusted cloud registry. The new features brought in by Harbor 1.6 include:
Helm Charts management
Helm has become Kubernetes’ de facto package manager, making it easy to deploy a vast array of applications. A dedicated Helm Chart repository is a must-have system for building new enterprise IT infrastructure and platforms. Helm charts should work seamlessly together with container images, and therefore supporting both image management and Helm chart management has become the natural direction for Harbor.
- Charts are isolated by project namespace
- Access control is applied to charts by RBAC
- User management portal:
- List all the charts under the specified project namespace with list or card view
- List all the chart versions of one specified chart with list or card view
- Show the details of the specified chart version
- README content and other metadata information
- Signature prov file status
- Usage commands reference
- Dependencies of the chart version
- Value file content with the key-value view and yaml view
- Upload chart w/ prov file
- Download the specified chart version
- Delete the specified chart version
How to get started with Helm Charts on Harbor
- Use Helm Repo Add to add Harbor as a unified chart repository with specified username. All the project namespaces accessible by that user should be visible to Helm.
- Use Helm Repo Add to add a Harbor project as a separate chart repository, only the charts under that project are visible to Helm.
- Use the Helm CLI push plugin to push charts to Harbor.
- Use Helm Install to download the chart from Harbor and install it to the target Kubernetes environment.
- Other commands like helm search and helm verify are also supported.
For more details see the Helm Charts section of the Harbor user guide.
LDAP group support
Many Harbor administrators use LDAP to authenticate Harbor users, requiring them to then assign roles to each of these users. To make this more scalable, Harbor now supports role assignment to LDAP groups as well as to individual users.
- Assign role to LDAP group:
- An administrator can import groups from an LDAP server by using their group DN. The LDAP users in this group then inherit the group’s role.
- Define Harbor admin group DN:
- After defining the Harbor admin group, all LDAP users in the group will have Harbor admin privileges.
Replicate images with label filters
Two new replication filters, the repository name filter and the repository tag filter, were introduced in the previous version of Harbor. These both require you to match the filter pattern to the images being replicated, which can often be difficult. With the introduction of label filters, users can add a label to an image without having to change the image name.
Users can replicate images by adding labels and creating new filtering rules with the label filter.
For more details see the replicating images section of the Harbor user guide.
Coalesce multiple DBs to one PostgreSQL DB
Previous releases have included two or three database instances running on one Harbor node, specifically MariaDB/MySQL and PostgreSQL, increasing the effort required to maintain the Harbor system. The new release includes refactoring that merges multiple databases into a single database, reducing system requirements and making HA solutions possible for future releases.
- Migrate Harbor DB to PostgreSQL
- Migrate Notary DB to PostgreSQL
- Redirect Clair DB to Harbor/Notary DB