k8sjp#15_KubeCon-recap_Harbor&Dragonfly_by capsmalt

Transcript

1. 2 82 5 95 5 55 0 # 5 9

   /52 5 # 5 2 # ! #!# 2 5@ 152

2. 2
   

3. 3
    ( "##
   " 
   #  %$ 
   "$$

   &#$ & !"
   & $ Cloud Native Meetup Tokyo Cloud Native Developer JP   
     %
   $&
   (+,*)' > @ ) ) ) <

4. 4

5. 5

6. 6

7. 7 W ( : . A7 : ) : Y

   _( ( 7 7E7 +A 7( ( G 7 /1 8 & EDH T_Z V SYcbM W A C a F JD :

8. 8 Runtime Runtime Runtime Service Endpoint Images Harbor Dragonfly Content

   Cache Image Management Image Distribution P2P Distribute (pull)

9. 9 Runtime Runtime Runtime Service Endpoint Images Harbor Dragonfly Content

   Cache Image Management Image Distribution P2P Full Stack Image Management Distribute (pull)

10. 10 v K / v7 BRBK Q /BK E KD

    S B vE MO H K & O EBA J BRBK . , vE MO Q Q B :S. O v I Q K FKB FVBA ,KRF KJBK O 1 FK : H C / KA D KCI v1F Q IIBK 7QK vE MO H K & O EBA J BRBK . E vhttps://youtu.be/kskWZsf_7oE v BBM FRB / v8 K 1F KD 1F Q S B vE MO H K & O EBA J BRBK . B vE MO Q Q B 2G T O8 Whin jldecfgkpbomZ X Ya

11. 11
     v + v + v + v +

    + v

12. 12 + 1 0 0 v o o • KC

    • A C • C o o :

13. 13 1 vT 8 o ( K 12 ( o

    Do P • M • e PM • vo ots od o )05 0 21/BG vr

14. 14 
     v v ( v ) )

15. 15  0 1

16. 16   
    
    
    

17. 17    

18. 18 0 0 1

19. 19 ( ) 0 G 1 B( (

20. 20   
    
    
    

21. 21 2017    

22. 22 2018 2017    

23. 23  2019 2018 2017    

24. 24 2019 2018 2017    

25. 25 n I       

     n P n 
      n P   n   n D ) ) ( / /T/ / 25

26. 26   

27. 27 ('%! " "  #$ &   DockerHub

     100
    ('%

28. 28 F + f g eab E + YFW d

    DC H J F :

29. 29 v VF MN o ( 1 2:8 : 0

    1: 0 1: o ( : 0 1: : o/ 0 ) 0 a o).) 2 10 : C vb oI N oH F o F MN • F M 8 ) 0

30. 30

31. 31 
     

32. 32

33. 33

34. 34 H • : • • • RBAC • AD/LDAP

    • • • Pull • : • Push • Pull Helm Chart • Helm Chart • a b • HA

35. 35 ( )

36. 36 API Routing Core Service (API/Auth/GUI/Chart) Image Registry Trusted Content

    Vulnerability Scanning Job Service Admin Service SQL Database Key/Value Storage Local or Remote Storage (block, file, object) Users (GUI/API) Container Schedulers/Runtimes LDAP/ AD Harbor components 3rd party components Persistence components Consumers Supporting services Harbor Packaging Docker Kubernetes Cloud Foundry Chart Museum

37. 37  
     Proxy Portal Registry Job service

    Database Admin Service Notary Notary server Clair Redis Notary signer CVE Datasources Core Service K8sL Ingress a Harbor O C GUI API Postgres Harbor B W HelmI CH DockerI CH Chart museum Other Harbor Instance LDAP/AD

38. 38  
      Dev Registry CI Git Test

    Registry images images images Staging Registry images images Images are synchronized between environments by using Harbor registry. Production Registry images

39. 39 )( ) Members Images
    Guest:
    Developer:
    Admin: docker pull

    ... docker pull/push Project operation & management Settings 3 3

40. 40   4 $ 3 2 4 C .

    C 4 4 4 C 4 C 4 2 3 4 3 2 4 C 3 4 I P I 4 C 4 C 
      v RN F ( () 2C1 42 o I ,C o I ,C SV

41. 41 
     v Ia . ) A v bd Hec

    o B AB E B ( A o . ) A B AD A o + BC B AD A o o , o A API Registry V2 Job Service Console DB Harbor Save Data Pull Layers Scan Get Info Dispatch Jobs REST CVE Repos Retrieve vulnerability metadata 0 1 2 3 4 5 6 Clair v OLV U o O N o S o TR

42. 42 Initial Replication Incremental 
    Target Repo Source Repo Target

    Pro Source pro Trigger Policies Filters 
            
    

43. 43 Docker Client push pull pull 
    

44. 44 • Identical images across multiple sites • Image backup

    • Local access 
    

45. 45 
    

46. 46 v Helm Chart v v v ) Helm) o

    o o

47. 47

48. 48 v. . DS P N D id S v

    7 1 2 0 : 8 0 : 8 v 7 v(871010 Fba v /0: 1 A vf v D DS v gl DS ap v hCS D G n m oc

49. 49 INTEGRATIONS

50. 50 D v o D I o g P l

    ( - 2 v o O i o NC ) v o D Iae v : o o ( M M I O o n D I

51. 51  "!  v 
    
    
     o o

    ( o 0G ) ( o G v 
    
    
     o ( 1 B .) o 0 ( .)    
    
    
    
    
     

52. 52 D A 1 v o o ( o B

    ( g g v o ( e 0 o G( .0 1 1 I B G 1 )

53. 53

54. 54  
       

55. 55 v : I o 3 3 3 N o

    3& D C 3 o M C P N

56. 56

57. 57 1.  Pull 2. SuperNode Pull /* 3. (41.%$)

    !   4. Peer 02 5. (Peer & "-/ 6. ( "#"   (' Pull)+,3

58. 58 Harbor •    Dragonfly •  

     Cooperation • Harbor   SuperNode  Supported Future Policy based trigger

59. 59 Runtime Runtime Runtime Service Endpoint Images Harbor Dragonfly Content

    Cache Image Management Image Distribution P2P Distribute (pull) 
    

60. 60 Runtime Runtime Runtime Service Endpoint Images Harbor Dragonfly Content

    Cache Image Management Image Distribution P2P Full Stack Image Management Distribute (pull) 
    

61. 61 F ) f g + eab E YFW d

    DC H J F :

62. 62 
     v 2 o [N C H o F

    A: C P P v 2 o C o C :C o in: lg v ] [H D P f ar v 2 C b v 2 C b

63. 63
    

64. 64 ./ / .

65. 65 v v v v v v v IA CDFB

    v v v v
    CNCF Cloud Native Landscape GJ

66. 66 C

67. 67    
     v +

68. 68 v O K S ( )( ( / H

       
    

69. 69 v_26#3.8*+.7 P o #5*K MD:ID %++5! o  8

    HA? !CR Harbor!! v&6$/8*+.7(1+ P o #5*K U> KV ? o 8 W< U>G@N\Harbor v )+-4B=MD KV  o HZ #5* P  #5*`]F^T/IDYSG@QD o '9-0#5*LO"&,+E[XJ ;KV P!

70. 70 ( ) ( ( / - . - ./

    / / - / . - .- .

71. 71 

72. 72 ) ( ) v K v 1 : 2

    v 9 v 9 0 v 1 2 9 0 1 0 1 9 v-/ +: C 2 : H v IC. 2 ( ) ( P

73. 73 
    
    
    ) (

74. 74  
    
    
     

75. 75 IBM Cloud Kubernetes Service (IKS) IBM Cloud Private (ICP)

        
     OSS 

76. !