Shulou(Shulou.com)06/01 Report--

What is the principle of Harbor components in VMware? aiming at this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Simple architecture diagram

Harbor-adminserver / harbor/start.sh Up (healthy) harbor-db / usr/local/bin/docker-entr... Up (healthy) 3306/tcp harbor-jobservice / harbor/start.sh Up harbor-log / bin/sh-c / usr/local/bin/... Up (healthy) 127.0.0.1 Up 1514-> 10514/tcp harbor-ui / harbor/start.sh Up (healthy) nginx nginx-g daemon off Up (healthy) 0.0.0.0 443/tcp 4443-> 4443/tcp, 0.0.0.0 443/tcp 80-> 80/tcpredis docker-entrypoint.sh redis. Up 6379/tcp registry / entrypoint.sh serve / etc/... Up (healthy) 5000/tcp

Harbor-adminserver:harbor system management interface, which can modify system configuration and obtain system information.

Harbor-db: stores metadata, users, rules, replication policies, and other information about the project

Harbor-jobservice:harbor is mainly used for synchronization of image repositories.

Harbor-log: collect log information for other harbor. Rsyslogd

Harbor-ui: a user interface module for managing registry. Mainly the interface between the front-end page and the back-end CURD

A reverse proxy component of nginx:harbor that proxies services such as registry, ui, token, etc. This agent forwards various requests from harbor web and docker client to the back-end service. It's a nginx. Nginx is responsible for traffic forwarding and security verification. All external traffic is forwarded from nginx. It distributes traffic to ui at the back end and docker registry that is mirrored in docker storage.

Registry: a service that stores docker images and provides pull/push services.

Redis: storing cache information

Webhook: log updates, replicate, etc., when the state of the image in registry changes.

Token service: today's release of token when docker client is doing pull/push.

Harbor-login

A nginx agent receives a request from client at port 80 and forwards the request to the backend registry.

C when docker client receives the url, it initiates a request for the url, and the user name and password need to be inserted in the request header.

D when the request arrives at the nginx reverse proxy, nginx forwards the request to the ui service, because the ui conforms to the token service in a container, and the token service decodes the user name and password in the request header

E after getting the user name and password, it will be compared with the one in db. If the verification is correct, it will return success and include a private key in the returned http request.

Harbor-push

Omit the step of proxy forwarding

When you have successfully logged in to harbor, docker push is ready to use.

A docker client interacts with registry to get the url of token service

B then docker client interacts with token service, telling token that push operation is needed

C token service checks db, whether the user has the relevant permissions to push image, and if so, returns a private key

Additional clair

It is an open source container vulnerability scanning tool for coreos. Today, with the increasing popularity of containers, the security problem of container image is becoming more and more serious. Clair is one of the few open source security scanning tools, which mainly provides software package vulnerability scanning for OS (centos,debian,ubuntu, etc.). Clair can be deployed standalone or on K8s, and can be integrated with existing registry.

The answer to the question about the principle of Harbor components in VMware is shared here. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.