当前位置：网站首页>Harbor v2. 5 update, what functions have been added?

Harbor v2. 5 update, what functions have been added?

2022-04-22 13:29:00 【Key guest Li Dabai】

‍ Blogger introduction ： Hello everyone ！ I'm Li Dabai , An O & M engineer , Love sharing knowledge , Nice to meet you here

Be good at the field ： Cloud native 、 database 、 Automatic operation and maintenance

If this article is helpful to all of you , Focus on + give the thumbs-up + Comment on + Collection , I'll pay a return visit, too , Help each other ！！！

In addition, my level is limited , Designed to create easy to understand articles , If there is any mistake in the description of the article , Please correct me , In this thank you ！！！

Fallen leaves and know autumn , Knowledgeable and knowledgeable ！

Boutique column ： Harbor vernacular （ Enterprise class ）

sketch

2022 year 04 month 11 Japan ,Harbor The project has released the latest version Harbor v2.5 edition , The new version brings the following important new features and functions to users ：

1. Cosign Introduction of signatures , Make products （ Mirror image, etc ） When copying, the signature can be copied synchronously .
2. Improves the performance of concurrent pull requests .
3. Improved fault tolerance of garbage collection function , When deleting an artifact （Artifact） When something goes wrong , You can continue to delete other artifacts .
4. You can skip artifacts in proxy cache items during replication .
5. Activate Distribtion purging function , You can delete upload Orphaned files in directory .
6. Use Golang v1.17.7 Built .
7. Use Distribution v2.8.0 and Trivy v0.22.0.

new function

Added right Cosign Artifact Signature and verification support

This version introduces a pair of Sigstore/Cosign As Harbor Support for artifact signing and validation providers in .Cosign signed OCI And push the generated signature to the Harbor. This signature is stored next to the signed artifact as an attachment to the artifact .Harbor Manage the link between signed artifacts and countersignature , Allows you to apply tag retention rules and immutability rules to signed artifacts , And will be extended to signed artifacts and signatures . This allows you to use Harbor Built in functionality to manage signed artifacts and Cosign Signature attachment .Cosign Signatures are also subject to Harbour Constraints of replication rules , And copy the workpiece with its signature at the same time .

Additional features

Improves the performance of concurrent pull requests .
Improved fault tolerance of garbage collection , You can now continue to delete subsequent artifacts when an error occurs while trying to delete the current artifact .
Replication now supports skipping artifacts in proxy cache projects .
Activate distribution upload cleanup to delete orphaned files from the upload directory .
Harbor Now it's using Golang v1.17.7 Built .
Harbor Now use Distribution v2.8.0 and Trivy v0.22.0.

Major changes

from Harbor v2.5 Start , External databases only support PostgreSQL>= 10 . Before upgrading , You should make sure that your external database uses supported PostgreSQL edition .

Abandoning

Harbour The team plans to discard... In future releases Chartmuseum. You should consider using Helm v3.8+ And Harbor Manage together OCI Compatibility chart . Please note that , And Chartmuseum Related function requests or error reports may not be given priority .

Chartmuseum It is still supported in the current version , Only in subsequent versions may be enabled .

‍BUG Repair

Harbor v2.5 to update , What functions have been added ？_ Operation and maintenance

Cosign What is it ？

Cosign As a new feature , It can be used for us Harbor How can it help ？

stay Harbor products （Artifact） Warehouse , Signature and signature verification of products is one of the key security functions , It can help users check the integrity of products .Harbor 2.5 By working with two other open source projects Notary and Cosign Integration of , Support content trust , among Cosign It's a new feature .

Cosign It's a OCI Product signature and verification solution , yes Sigstore Open source project Part of .

Harbor v2.5 to update , What functions have been added ？_ Operation and maintenance _02

Cosign Function is introduced

use Cosign Yes OCI After the product is signed , The generated signature can be pushed into （push） To Harbor in . This signature is attached to the product （accessory） Store with the product .Harbor Manage and maintain signed products and cosign The connection between signatures , stay Tag Keep the rules （tag retention rules） And immutable rules （immutable rules） And other functions ,Harbor The built-in function of automatically maintains the correspondence between artifacts and signatures .

take Cosign And Harbor The combination solves a previous outstanding problem ： Images and other artifacts are used in remote replication , Its signature information cannot be copied to the target end . Now? , When users copy rules （replication rule） When copying the signed artifact to the remote end ,Harbor The signature information is also synchronously copied to the remote end , Make the remote product have the same signature .

Enable cosign（ and notary)

 
       # ./install.sh --with-notary --with-trivy
       
[Step 
       
       0]: checking 
       
       if docker is installed ...
       
...
       
...
       
...
       
[Step 
       
       5]: starting Harbor ...
       
Creating network 
       
       "harbor_harbor" with the default driver
       
Creating network 
       
       "harbor_harbor-notary" with the default driver
       
Creating network 
       
       "harbor_notary-sig" with the default driver
       
Creating harbor-log ... 
       
       done
       
Creating harbor-portal ... 
       
       done
       
Creating redis         ... 
       
       done
       
Creating registryctl   ... 
       
       done
       
Creating registry      ... 
       
       done
       
Creating harbor-db     ... 
       
       done
       
Creating trivy-adapter ... 
       
       done
       
Creating notary-signer     ... 
       
       done
       
Creating harbor-core   ... 
       
       done
       
Creating harbor-jobservice ... 
       
       done
       
Creating nginx             ... 
       
       done
       
Creating notary-server     ... 
       
       done
       
       --
       
       --Harbor has been installed and started successfully.----
      
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.

install Cosign

      
      
       
        See installation documentation ：https://docs.sigstore.dev/cosign/installation/, The installation operation is not described in detail here .
      
      
      
      
       
       1.

Cosign Use

establish cosign Key pair

      
      
       
       $ cosign generate-key-pair
       
       
Enter password 
       
       for private key:
       
       
Enter again:
       
       
Private key written to cosign.key
       
       
Public key written to cosign.pub
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.

Harbor v2.5 to update , What functions have been added ？_ Mirror image _03

Export the password of the key （ Also known as pass-phrase ）, For use in automation ：

 
       export 
       
       COSIGN_PASSWORD
       
       =Your_Super_P1
       
       $$w0rD
      
1.

Mirror signature

Once we're in Harbor There are available images in , We can use it cosign To make a mirror signature .

 
       $ cosign sign 
       
       --key cosign.key harbor1.orlix.org/cosign/pause:1
       
Enter password 
       
       for private key:
       
Pushing signature to: harbor1.orlix.org/cosign/pause
      
1.
2.
3.

Verify the signature

After the replication task is triggered , Verifiable signature

 
       $ cosign verify 
       
       --key cosign.pub harbor1.orlix.org/cosign/pause:1 | jq .
       
Verification 
       
       for harbor1.orlix.org/cosign/pause:1 
       
       --
       
The following checks were performed on each of these signatures:
       
       - The cosign claims were validated
       
       - The signatures were verified against the specified public key
       
[
       
  {
       
       "critical": {
       
       "identity": {
       
       "docker-reference": 
       
       "harbor1.orlix.org/cosign/pause"
       
      },
       
       "image": {
       
       "docker-manifest-digest": 
       
       "sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105"
       
      },
       
       "type": 
       
       "cosign container image signature"
       
    },
       
       "optional": null
       
  }
       
]
       
       $ cosign verify 
       
       --key cosign.pub harbor2.orlix.org/cosign/pause:1 | jq .
       
Verification 
       
       for harbor2.orlix.org/cosign/pause:1 
       
       --
       
The following checks were performed on each of these signatures:
       
       - The cosign claims were validated
       
       - The signatures were verified against the specified public key
       
[
       
  {
       
       "critical": {
       
       "identity": {
       
       "docker-reference": 
       
       "harbor1.orlix.org/cosign/pause"
       
      },
       
       "image": {
       
       "docker-manifest-digest": 
       
       "sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105"
       
      },
       
       "type": 
       
       "cosign container image signature"
       
    },
       
       "optional": null
       
  }
      
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.

Verify that the return result and exit code are zero , Indicates that the signature is valid ！ Abstract （digest） The same value ！ such ,Cosign Function configuration succeeded !

版权声明
本文为[Key guest Li Dabai]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/04/202204221135476095.html