Manage Container (Docker) Images, Helm, CNAB, and Other Artifacts With Harbor
Вставка
- Опубліковано 17 лип 2024
- Do you know how to manage container (Docker) images, how to run a container image registry and security scans, how to sign container images, how to prevent usage of images that are not verified or signed, how to replicate container images, and how to store Helm charts, binaries, and other artifacts? In this video, I'll show you how to do all of that with Harbor.
#harbor #containerregistry #kubernetes
Consider joining the channel: / devopstoolkit
▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬
➡ Gist with the commands: gist.github.com/0a322f969368b...
🔗 Harbor: goharbor.io
🎬 Signing And Verifying Container Images With Sigstore Cosign And Kyverno: • Signing and Verifying ...
▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬
If you are interested in sponsoring this channel, please use calendly.com/vfarcic/meet to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).
▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬
➡ Twitter: / vfarcic
➡ LinkedIn: / viktorfarcic
▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬
🎤 Podcast: www.devopsparadox.com/
💬 Live streams: / devopsparadox
▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬
00:00 Introduction To Container (Docker) Image Registries
03:09 Build And Push Container (Docker) Images
07:47 Sign Container (Docker) Images
10:17 Vulnerability Scanning With Harbor And Trivy
14:02 Store Helm Charts And Other Artifacts In Harbor
18:29 Other Harbor Features
19:58 Harbor Pros And Cons - Наука та технологія
Where are you storing container images and other artifacts?
gcr
and nexus
great video! It is a really heavy application with tons of components, even though it's the best altetnative and the only way to make it highly available.
If you run it without HA it weighs less but that might not be what you need. It certainly has some baggage from the early days but there is no better alternative (that I'm aware of).
Thanks Viktor ! Can you please publish one quick video on Finch also? An Open Source Client for Container Development.
Adding it to my TODO list... :)
Thanks for you video, I am starting Harbor for our company and you summarize the points I have seen. Can I suggest about the Pros, to indicate it's Open Source. For some companies, it's mandatory! Anyway thanks for your video and I guess I have to look at your channel seriously!
You're absolutely right. I forgot to mention that it is open source. My bad.
@@DevOpsToolkit Thanks a lot again for your video, now Harbor is alive and kicking and I have a better understanding of what I can "sell" to my colleagues !
That was an excellent tutorial.
Thanks, Viktor.
I have two questions:
1) Which one do you suggest, Nexus or Harbor?
2) Do you have a video about Nexus as well?
I haven't used Nexus for quite some time now so I'm not up-to-date and could not compare them :(
Depends on your usecase, Harbor has IMHO a nicer UI and is completely open source, but Nexus has much more fine grained access controls. We used harbor quite some time, but in the end switched to nexus because of Access/Rights management.
It depends, If you need to store non OCI artefacts go with Artifactory or Nexus. They do OCI and much more like Maven, Nugget etc.
If you only need to store OCI artefacts I think Harbour or JFrog Container Registry are very good choices!
I am following your cncf-demo repository. Will you make a video in future about how to make an end to end cloudnative project ? It will be awesome then 😍😍
That's the plan Whitney Lee and I have. We'll make it public soon so I cannot share much info just yet. For now, all I can say is that it'll be probably my focus throughout most of 2023.
If you do a docker pull (with docker) you‘ll get details about CVEs affecting the image in docker’s output.
I rarely use Docker myself (it's all about Kubernetes in my case) so I was not aware of that feature. That's great to know.
Hello Viktor
Can harbor Store Git repository as well. Asking it because Gitlab can store Helm charts, container images and Repository. Likewise can Harbor store Git repositories...
No. Harbor stores only container images. GitLab, on the other hand, is a suite of products, only of them being image registry.
(How) can I use harbor to work with crossplane packages? I assume yes because its OCI, demo would be nice!
I assume you're referring to Crossplane Packages. If that's the case, you're right. They are OCI and can be stored in any registry. Similarly, when you apply a package, you have to provide a full address of the image (starting with registry url).
I'm not in front of my computer so I don't have a link to the video at hand. However, if you go to the Upbound UA-cam channel, you should find it there. I'm sure I published there at least one video that uses OCI packages.
Hi , recently I have upgraded my harbor version from 2.7.2 to 2.8.4 , while logging into the registry through CLI , I'm getting Client.timeout exceeded while waiting for the headers error but i checked all the proxy configurations that are available, running docker version is 24.0.5-ce and docker-compose version 1.25.1 , Could you please help me to troubleshoot it ..!! Thanks in advance.
It's hard t9 deal with issues through comments on UA-cam. Better if you open an issues on the project's GitHub repo.
@@DevOpsToolkit, Thanks for the prompt response, sure I will open an issue ticket, if you suggest any troubleshooting steps It will help me..!! Thanks.
Maybe the intention of the vague error message is a good thing? Not every consumer is a trusted user right?
It could be… Nevertheless, when you are a trusted user it can be frustrating.
@@DevOpsToolkit True. And, I can't imagine anyway of flagging trusted and untrusted users, except generally as a repository setting. So, I guess they are erring on the safer side of everyone is untrustworthy. 😁
@@scottamolinari Makes sence
I have all my images in a tar file, how do I push it to harbor
I never tried that so I'm not sure... I always keep my images in a registry.
What are you doing with those images today? Are you pushing them to Docker hub? If you are, than the process is the same.
@@DevOpsToolkit my kubernetes environment is airgapped and I’m using dkp from D2iQ to created my cluster. So I was able to resolve the issue and what happened is that dkp creates a temporary registry at runtime, loads the images then push them to harbor.