• Harbor is an open-source container registry that secures artifacts with policies and role-based access control, ensuring images are scanned for vulnerabilities and signed as trusted. • To learn more about Harbor and how to deploy it on a Virtual Machine (VM) and in Kubernetes (K8s), refer to parts 1 and 2 of the series. • While deploying Harbor is straightforward, making it production-ready requires careful consideration of several key aspects. • This blog outlines critical factors to ensure your Harbor instance is robust, secure, and scalable for production environments. • For this blog, we will focus on Harbor deployed on Kubernetes via Helm as our base and provide suggestions for this specific deployment. • High Availability (HA) and scalability For a production environment, single points of failure are unacceptable, especially for an image registry that will act as a central repository for storing and pulling images and artifacts for development and production applications.

Article Summaries:

  • Harbor, an open‑source container registry, is highlighted in a new blog that details how to make it production‑ready on Kubernetes using Helm. The post stresses that a single point of failure is unacceptable for a central image store, recommending an Ingress controller (e.g., Traefik) with cert‑manager for TLS, and scaling core components-core, jobservice, portal, registry, trivy, exporter, and nginx-to at least three replicas. It also advises configuring shared persistent storage via StorageClasses for all Harbor volumes and moving the built‑in PostgreSQL to a high‑availability database cluster. These steps collectively aim to ensure Harbor’s robustness, security, and scalability in enterprise environments.
  • Harbor, an open‑source container registry, can be made production‑ready on Kubernetes by addressing high availability, scalability, and security. The blog recommends deploying Harbor via Helm with an Ingress controller (e.g., Traefik) and cert‑manager for TLS, and increasing replicas for core components (core, jobservice, portal, registry, trivy, exporter, nginx) to eliminate single points of failure. Persistent data should use shared storage classes, and the built‑in PostgreSQL should be replaced with an external, HA‑enabled database to avoid bottlenecks. These steps collectively ensure a robust, secure, and scalable Harbor deployment for enterprise use.

Sources: