Use Harbor as Rainbond's default container image repository to expand Rainbond's image management capabilities
Rainbond is an integrated cloud-native application management platform. It provides an "application-centric" abstraction. Users do not need to learn K8s and containers. The platform encapsulates K8s and containers inside. It greatly improves the ease of use and the convenience of installation, but how to replace the internal components of the package is a problem. This article will explain how to use Harbor to replace the original default mirror warehouse of Rainbond.
Introduction to Harbor
Harbor is an enterprise-level Registry server for storing and distributing Docker images, and it is also the first open-source enterprise-level DockerRegistry project of the China-originated Cloud Native Foundation (CNCF). Security, identity and management, and more, extend the open source Docker Distribution.As an enterprise-grade private registry server, Harbor provides better performance and security.Improve the efficiency of transferring images for users to build and run the environment using the Registry.
Solve the Rainbond image management problem through Harbor
Rainbond used the basic Registry provided by Docker by default before. There were many problems in the process of use, such as image security, complicated and troublesome image cleaning, etc. After continuous research, Harbor can not only solve these problems, but also expand Many image management capabilities, Harbor's functions mainly include four categories of multi-user control:role-based access control and project isolation), image management policies (storage quota, artifact retention, vulnerability scanning, source signature, immutable artifacts, garbage collection) etc.), security and compliance (authentication, scanning and CVE exception rules, etc.) and interoperability (webhooks, remote copying of content, pluggable scanners, REST APIs, bot accounts, etc.).
Docking Harbor
At present, harbor supports two forms of docking with Rainbond, one is as an internal basic storage warehouse of rainbond, and the other is as an external custom mirror warehouse.
- Harbor, as Rainbond's internal basic storage warehouse, is very simple to connect, and it only needs to be customized when initializing the platform cluster.
The format of the yaml file is very strict to avoid problems when you configure it. The correct yaml file has been placed below, and you can use it after copying.
**Note:**Be sure to modify the name of the warehouse, the project name of the warehouse, the user name, and the password, otherwise the problem of image upload failure will occur.
Example:
apiVersion: rainbond.io/v1alpha1
kind: RainbondCluster
metadata:
name: rainbondcluster
namespace: rbd-system
spec:
imageHub:
domain: www.est.com/test
password: Harbor12345
username: admin
- Harbor provides services as an external warehouse of rainbond. It is based on the webhook function of harbor and rainbond. The configuration is as follows.
- Make sure that the component has enabled the webhook function of the mirror warehouse, and the application status is not closed, and you need to configure the webhooks url of the application to the webhooks of the target mirror warehouse.
- In the target mirror warehouse, create a new webhook, then fill in the webhooks url of the application in the Endpoint address, and configure the trigger event type that meets the requirements.
- The image storage management is realized through Harbor, which improves the convenience of work.
- Automatic vulnerability scanning is realized when building based on Rainbond, which improves security management.
-
Through the strategy of automatic mirror cleaning, the storage is reasonably utilized and the storage cost is reduced.
- It is recommended to use strategy:to apply to warehouse matching**, keep the 3 most recently pushed artifacts based on conditional tags matching** based on conditions without tags
- Recommended regular cleaning:custom cron : 0 0 0 1 */1 * (seconds, minutes, hours, days, months, weeks)
-
Whether the image is signed and the vulnerability level can also be set as one of the image security policies, so that only signed images or images with low vulnerability levels can be pulled.
The overall process after integration
As can be seen from the above flowchart, in the whole process of loading configuration, users can customize the image source to pull the image, and automatically push it to the Harbor image warehouse through the Rainbond platform, and then automatically pull after the image scanning is completed. Build a container instance.