本文详细介绍了为何选择Harbor而非直接使用Registry V2,并阐述了Harbor的RBAC权限管理、项目类型、架构及工作流程。重点讨论了Harbor的高可用性方案,包括两种HA模式及实际生产环境中的定制开发,如对接CAS、CMDB和OA,以及组件拆分等。同时,提出了下一步的改进计划,如新Portal、集成Clair和PaaS CI/CD等。
说明:我们是基于Harbor V0.4.1进行分析和改造的。
为什么不是直接使用Registry V2,而选用Harbor?
可以用Harbor做以下事情:
- Manage your projects.
- Manage members of a project.
- Replicate projects to a remote registry.
- Search projects and repositories.
- Manage Harbor system if you are the system administrator:
- Manage users.
- Manage destinations.
- Manage replication policies.
- Pull and push images using Docker client.
- Delete repositories.
Harbor提供RBAC (Role Based Access Control)能力
- Guest: Guest has read-only privilege for a specified project.
- Developer: Developer has read and write privileges for a project.
- ProjectAdmin: When creating a new project, you will be assigned the “ProjectAdmin” role to the project. Besides read-write privileges, the “ProjectAdmin” also has some management privileges, such as adding and removing members.
- SysAdmin: “SysAdmin” has the most privileges. In addition to the privileges mentioned above, “SysAdmin” can also list all projects, set an ordinary user as administrator and delete users. The public project “library” is also owned by the administrator.
- Anonymous: When a user is not logged in, the user is considered as an “anonymous” user. An anonymous user has no access to private projects and has read-only access to public projects.
在我们的生产环境中,不会启动Anonymous用户。
Harbor支持2种Project Types
- Public: All users have the read privilege to a
最低0.47元/天 解锁文章
扫一扫
281
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
