PKS Harbor in action

By Al
In the previous post we introduced PKS (Pivotal Container Services) and showed a video that illustrated how easy it is to deploy by using Pivotal Ops Manager. Both the video and the post were well received but our colleagues and partners. Some of them have shown interest in the Harbor component and that is precisely what we are going to cover today.
Harbor is an enterprise-class registry for Docker images. It offers improved security, high availability and performance when compared to most choices out there. Let's look at each of those in detail.

SECURITY
  • On-prem. Chances are that you are packaging your own code and even other pieces of intellectual property inside your container images for easier, faster deployment. If you do and you feel nervous about storing your container images in an online registry service like Docker Hub, let me say it, you are not the only one. As much as we all love the flexibility of cloud services, there are some risks involved and every day there new examples of providers getting hacked. When you implement PKS on-prem you can have your very own container image registry within your firewall.
  • Harbor also offers RBAC and integration with AD/LDAP.  You can even enable auditing to track all activity in your repositories
  • Vulnerability Scanning. I briefly mentioned this feature in the last post, but it is worth looking at it more in detail. Harbor automatically checks for updates from various CVE (Common Vulnerabilities and Exposures) sources and downloads them automatically. When a user uploads a new container image, Harbor scans it against the vulnerabilities it knows about. When it finds a vulnerability it assigns it a severity level (High, Medium, Low, Normal). These severity levels are then compared against the administrator-defined threshold. For example if the threshold is set to "High" then Harbor won't allow the deployment of images that contain any "High" severity vulnerability.

HIGH AVAILABILITY
If you don't like putting all your eggs in one basket, Harbor allows you to deploy multiple registry instances. Once you do that you can set it so that images are replicated between them, effectively providing you with a highly available container registry solution. This also provides load-balancing and can enable hybrid and multi-cloud scenarios

PERFORMANCE
In general containers are much smaller size than virtual machines because they leverage portions of the parent, however there is no doubt that having the registry closer to your build and run environment is going to make your image transfers faster

EASY
Harbor installs very easily from a VMware OVA. It provides an intuitive GUI which allows you to browse and search your images but at the same time it provides a RESTful API for easy integration with other management software. Finally Harbor is free and open source. You can get from:
https://vmware.github.io/harbor/

Seeing is believing! So here you have a video of Harbor in action from my colleague and Pied Piper partner-in-crime Theo Crithary. Thanks Theo, keep them coming!


As you can see Harbor provides lots of benefits to container environments and it is a great addition to PKS.

Comments

Post a Comment

Popular posts from this blog

Sending PowerStore alerts via SNMP

By Al
Image
In this previous article we discussed how to leverage PowerStore's powerful API to collect audit logs and send them to a Syslog server . We used Logstash to do that because of its extensive list of plugins Sometimes I come across organizations that still have a requirement to send storage array Alerts to SNMP. As in the Syslog case, ultimately most modern monitoring tools today support collecting information via REST API because that's the way the application world is going, i.e. the cloud native way ... it would be fun to see Prometheus monitoring Kubernetes via SNMP :) However there is still some requirement out there for SNMP traps, so we will explore how to do it. For simplicity we will use the same toolset that we used in the previous article. I encourage you to revisit quickly the article as we did an extensive introduction to Logstash, with practical examples as well as a description of the logs available in PowerStore. I won't cover those aspects in this article I
Read more

Sending PowerStore logs to Syslog

By Al
Image
In this article we will explore how to get the logs from a DellEMC PowerStore array to a Syslog server. For this purpose we will use the PowerStore’s REST API, which is a great piece of engineering and a joy to work with as a developer. If you want to learn more about the PowerStore REST API I strongly recommend you quickly skim through the 2 articles I have written about the REST API. Part 1 - http://anzpiper.blogspot.com/2020/08/intro-to-dellemc-powerstore-rest-api.html Part 2 - http://anzpiper.blogspot.com/2020/08/powerstore-rest-api-best-practices.html In particular the second article demonstrates the capabilities of the REST API query language. This is a great feature I will use heavily in the last section so I strongly recommend you read that one at least As a side note, Syslog was developed in 1980. So this year it has turn 40 years old! That is a long time by any measure ... many of my colleagues were not even born in 1980. But in the technology scale it looks even scarier. 198
Read more

Electronic Nose - eNose

By Al
Image
In the previous article I provided details on VeeFarm which was one of the best projects we saw in ANZ Pied Piper 2019 edition and one of the best projects in the history of the program. The program inspired me and others to work together to showcase a great idea and the Pied Piper program itself during our presales conference. An idea I suggested to enhance VeeFarm was an electronic nose that could be used to detect the optimal ripening of the produce to advise the owner that it is the right time to pick it up the produce. This is an idea I had in the backburner for a while but never found the time to work on. Vee gave me the perfect excuse. The electronic nose, or eNose for short, is a custom PCB that hosts a range of gas sensors. For the proof of concept, I used the cheap MQ sensors. These are designed mostly for hobbyists and makers and they barely cost $1 per sensor. As one could expect, tweaking and calibrating these sensors it is even harder than the most expensive counter
Read more