After your first steps with containers, you will arrive at the container registry, a central place to store and manage container images. Containers and Harbor are the best known container registries within Kubernetes. What is Harbor? Why should you get started with the tool? And what use cases do Harbor for Kubernetes support? In this blog, we give you answers.
The landscape of cloud native technologies is very broad and diverse. For example, dozens of providers offer tools that support you in all kinds of ways. How do you find your way around these tools? Engineers and architects from True help you on your way. In this series, we share our knowledge with you about various Kubernetes tools.
What is Harbor to Kubernetes?
If you want to get started with Kubernetes, you must first store your containers somewhere. This can be done in various ways, such as with Azure Container Registry or Docker Hub. However, you can also choose to host containers in-house. This choice can have several reasons. For example, some companies do not want to be dependent on another external party. If the container registry is down, your entire platform or application will collapse. In other cases, said providers do not offer the configuration options you are looking for. Harbor can offer a solution in such a case.
This container registry tool was originally developed by VMware and donated to the Cloud Native Computing Framework (CNCF). The CNCF is an open source, a vendor-independent hub for cloud native computing and hosts projects such as Kubernetes and tools such as Harbor. CNCF is part of the non-profit organization Linux Foundation. Harbor is available as an open source tool by CNCF. With Harbor, you can get started hosting a containerized application yourself. You keep the web application completely under your own management.
What are the benefits of Harbor?
Harbor is designed to simplify container image management. The tool removes several challenges. This way you have full control over the registry yourself and you can also manage multiple registries in a consistent manner. Harbor also includes capabilities to scan containers for known vulnerabilities, in order to take security to a higher level.
An added benefit is that users can upload and save Kubernetes Helm Charts via Harbor. Helm is an open source project originally developed by DeisLabs and donated to CNCF. The tool is aimed at improving the management of Kubernetes YAML files. Helm uses so-called Helm Charts for this. A Helm Chart is a scheme that ensures that all necessary dependencies are installed automatically when you install a containerized application.
What is an example of using Harbor Kubernetes?
For Testing for Access, engineers from True Harbor deployed within Kubernetes. Testing for Access was set up in spring 2021 in response to the COVID-19 pandemic. Dutch people could be tested via the platform if they wanted access to events, among other things, as part of the 3G policy. The team had to quickly set up a platform that could handle a large number of visitors and facilitate up to 400,000 test appointments per day. The use case called for a combination of speed, scalability, and a solid infrastructure. We were allowed to support the project from True. Testing for Access uses Kubernetes. The stack includes a combination of Harbor Kubernetes for hosting containers, and threat runtime security platform Falco for security.
What is Harbor Kubernetes use cases or use cases?
Harbor Kubernetes has several usage scenarios. The main ones are:
Use case #1 – Hosting containerized applications yourself
Hosting containerized applications yourself has many advantages. For example, many large providers offer you all kinds of configuration options, but you are limited to the options that the provider offers. Harbor Kubernetes gives you more control over your registry, which you can configure completely as you wish. You are in control and therefore decide how things are rolled out.
Use case #2 – Handling different registries for development and production
Harbor Kubernetes offers features that you will not find with many major providers. It is common practice to use different registries for development and production with this tool. Harbor Kubernetes not only helps you take care of these registries but also ensures consistent management of them. You can also synchronize images between different registries with Harbor Kubernetes. For example, if you want to push an image from a test environment to production or if you want to duplicate a test environment.
Use case #3 – Taking security to the next level
However, the capabilities of Harbor Kubernetes go further. The open source tool also includes all kinds of functionalities that take the security of a containerized application to a higher level. With Harbor Kubernetes, you can scan images for known vulnerabilities, among other things, so that they can be proactively tackled. The tool instantly shows the severity of vulnerabilities, which helps identify detected issues. Harbor Kubernetes also enables image signing. Another possibility is being able to secure artifacts using security policies and access control based on function and role.
Video: Harbor Kubernetes Basics in Three Minutes
In the video below, Saiyam Pathak, Director of technical evangelism at Civo Cloud and ambassador of the CNCF, explains the basics of Harbor Kubernetes in three minutes.