harbor - cloud native computing foundation · other security considerations •enable content trust...
TRANSCRIPT
![Page 1: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/1.jpg)
©2019 VMware, Inc.
HarborSecurity and Day 2 Operations with Harbor - CNCF Webinar
Michael Michael
Core Maintainer, Harbor
Director of Product Management, [email protected]
![Page 2: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/2.jpg)
2
goharbor.io
Cloud Native Computing Foundation Incubating project
Stars
8000+
![Page 3: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/3.jpg)
3
Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities
![Page 4: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/4.jpg)
4
Our mission is to provide users the ability to confidently manage and serve container images
![Page 5: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/5.jpg)
5
Project Isolation and policy
Security and vulnerability analysis
Content signing and validation
Identity integration and role-based access control
Image replication across multiple registries
Extensible API and web UI
Multi-tenant
Security Management
Harbor key featuresIntegrations
![Page 6: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/6.jpg)
6
Architecture
API Routing
Core Service (API/Auth/GUI)
Image Registry
Trusted Content
Vulnerability Scanning Job Service Admin
Service
Harbor components3rd party components
SQL DatabaseKey/Value Storage
Persistence components
Local or Remote Storage (block, file, object)
Users (GUI/API) Container Schedulers/Runtimes
Consumers
LDAP/Active Directory
Supporting services
Harbor Packaging
Docker
Kubernetes
![Page 7: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/7.jpg)
7
OIDC Support
Replication
Health Check API
Robot Accounts for
CI/CD Integration
Robot Accounts for deployments integrated for CI/CD.
Enables OpenID Connect as a simple identity layer to verify the user based on authentication and provide basic profile information.
To monitor the API’s health and performance.
Replication provider model with capabilities to replicate to/from non-Harbor registries.
v1.8
Reliability/Stability Fixes
Enhanced Automation, Security, Monitoring, and Cross-Registry Support
![Page 8: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/8.jpg)
8
Roadmap
Webhook
Project Quotas
Proxy Cache
Logging Endpoint Perf & ScaleMetadata
Management
Interrogation Service
Kubernetes Operator
Management
Extensibility
P2P DistributionRepository Beyondimage/Helm with git
![Page 9: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/9.jpg)
9
Community is Thriving
• An open source cloud native registry created by VMware, and donated to the Cloud Native Computing Foundation (CNCF) as a Sandbox project in August 2018
• Graduated to a CNCF Incubating project in November 2018
8000+GitHub Stars
120+Contributors
30K+Downloads
2000+Forks
Data as of 4/9/2019
20+Product
Implementations
80+Contributing Organizations
300+Community Members
![Page 10: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/10.jpg)
10
harbor.devstats.cncf.io/d/5/companies-table?orgId=1&var-period_name=Since%20joining%20CNCF&var-metric=contributions
Contributor Growth
Donated to CNCF in August 2018
![Page 11: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/11.jpg)
11
• [email protected]• [email protected]
• #harbor• #harbor-dev
@project_harbor
https://demo.goharbor.io• Username: admin• Password: Ask in Slack
slack.cncf.io
How to reach usGoHarbor.io
https://github.com/goharbor/community/blob/master/MEETING_SCHEDULE.md (bi-weekly)
• APAC+EU zone: 9pm UTC+8 time zone• America+EU zone: 1pm Pacific time zone
![Page 12: Harbor - Cloud Native Computing Foundation · Other security considerations •Enable content trust by installing Notary service –Image is signed by publisher’s private key during](https://reader036.vdocuments.us/reader036/viewer/2022081614/5fc04b2db45b4065954b872d/html5/thumbnails/12.jpg)
Thank You