Skip to content

Container registry integration with Harbor

Harbor is an open-source container registry used within the Kubernetes-based PaaS architecture to store and manage container images and Helm charts.^[400-devops__06-Kubernetes__k8s-paas__README.md] It serves as the centralized repository for artifacts built by continuous integration (CI) pipelines.

Integration in CI/CD

In a typical CI/CD workflow, Jenkins is responsible for pulling source code from a version control system (e.g., GitLab or Gitee), compiling it (e.g., using Maven), and packaging the application into a container image.^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md] Once the image is built, it is tagged and pushed to Harbor, where it is stored for subsequent deployment.^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md]

Kubernetes Authentication

To allow the Kubernetes cluster to pull images from a private Harbor registry, a docker-registry secret must be created within the target namespace.^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md] This secret encapsulates the registry credentials (server, username, and password).

[kubectl](<./kubectl.md>) create secret docker-registry harbor \
  --docker-server=harbor.od.com \
  --docker-username=admin \
  --docker-password=Harbor12345 \
  -n <namespace>

This secret is then referenced in the Pod's deployment specification under imagePullSecrets.^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md]

Project Organization

Harbor is typically organized into distinct projects to isolate different types of artifacts or environments.^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md] Common projects include: * public: Stores base images and third-party tools (e.g., jenkins, jre8). * infra: Stores infrastructure-related images (e.g., dubbo-monitor). * app: Stores business application images (e.g., dubbo-demo-service). * base: Stores foundational runtime environments.

Sources

^[400-devops__06-Kubernetes__k8s-paas__README.md] ^[400-devops-06-kubernetes-k8s-paas-05k8scicd.md]