Kategorien
k8s

k8s registries, nexus/harbor

What registry to choose ? See this collection of links: https://nubenetes.com/registries/#harbor-cloud-native-repository-for-kubernetes

Here is a specific comparison of nexus and harbor.

Nexus and Harbor are both container image registries used for managing and distributing Docker images. While they share many similarities, they differ in their approach to certain aspects of container image management. Here are the pros and cons of each:

Nexus:

Pros:

  • Nexus is an all-in-one solution for managing all types of artifacts, including Docker images, npm packages, and Java libraries.
  • Nexus supports multiple container image formats, including Docker and OCI.
  • Nexus has a user-friendly web interface that allows for easy browsing and searching of repositories.
  • Nexus has powerful security features, including access controls and vulnerability scanning.

Cons:

  • Nexus can be more resource-intensive than Harbor, which may be a consideration for organizations with limited computing resources.
  • Nexus can be more complex to set up and configure than Harbor.

Harbor:

Pros:

  • Harbor is designed specifically for Docker image management, so it may be a better choice for organizations focused solely on container image management.
  • Harbor is lightweight and easy to install and configure.
  • Harbor has a powerful API that allows for easy integration with other tools and services.
  • Harbor has an integrated Clair scanner for vulnerability scanning of images.

Cons:

  • Harbor only supports Docker container images, which may be limiting for organizations that use other container formats.
  • Harbor has a less user-friendly web interface compared to Nexus.

In summary, Nexus and Harbor are both capable container image registries, and the choice between them depends on an organization’s specific needs and preferences. Nexus is a more comprehensive solution that supports multiple types of artifacts, but it may be more resource-intensive and complex to set up. Harbor is a lightweight and easy-to-use solution designed specifically for Docker image management, but it only supports Docker container images.

(thanks goes to https://chat.openai.com/chat !)

Lets add that nexus has many feature, but some are available only in the Nexus Pro version (https://www.sonatype.com/products/repository-oss-vs-pro-features)

To try out harbor, you may find a harbor installer bash script, but this is not the preferred way anymore. Use the online or offline installer. (also note, harbor can be installed with a helm chart into kubernetes – not shown here).

# on one of my ubuntu systems (also one of my k8s cluster nodes)

root@node1:/tmp# wget https://github.com/goharbor/harbor/releases/download/v2.7.1/harbor-offline-installer-v2.7.1.tgz
# download and extract harbor offline installer
tar xzvf harbor-offline-installer-v2.7.1.tgz 
harbor/harbor.v2.7.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

# install.sh needs hostname in harbor.yml
# docker must be installed.
apt install docker
apt install docker.io
apt install docker-compose

bash -x install.sh
...
+ docker load -i ./harbor.v2.7.1.tar.gz

a83e69e7a5ba: Loading layer [==================================================>]  8.987MB/8.987MB
4976a6e767f1: Loading layer [==================================================>]  14.47MB/14.47MB
480d367aea76: Loading layer [==================================================>]  29.29MB/29.29MB
dee8463c1f24: Loading layer [==================================================>]  22.02kB/22.02kB
54570f91d11d: Loading layer [==================================================>]  14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.7.1
1f4c775bffe8: Loading layer [==================================================>]  5.758MB/5.758MB
3284ab8d01eb: Loading layer [==================================================>]  8.987MB/8.987MB
dd8fa1a2b2b0: Loading layer [==================================================>]  15.88MB/15.88MB


+ ./prepare
prepare base dir is set to /tmp/harbor
no config file: /tmp/harbor/harbor.yml

# some fixes - see https://github.com/ron7/harbor_installer/blob/main/harbor.sh

IPorFQDN=$(hostname -I|cut -d" " -f 1)
echo $IPorFQDN 
cp harbor.yml.tmpl harbor.yml
sed -i "s/reg.mydomain.com/$IPorFQDN/g" harbor.yml
sed -e '/port: 443$/ s/^#*/#/' -i harbor.yml
sed -e '/https:$/ s/^#*/#/' -i harbor.yml
sed -e '/\/your\/certificate\/path$/ s/^#*/#/' -i harbor.yml
sed -e '/\/your\/private\/key\/path$/ s/^#*/#/' -i harbor.yml

./install.sh --with-chartmuseum

Now running:

Harbor is setup as docker containers:

docker ps

If you forgot to change the postgress password in harbor.yml, remove /data/database completely and run ./prepare again. Then startup everything with docker-compose up.

Here is the UI:

Harbor in my example runs in docker on ubuntu – not even using https. Not secure at all 🎅 So don’t forget to stop and delete again.