TLDR
As Kubernetes adoption continues to rise, so does the complexity of managing container images. Enterprises running multiple clusters face challenges such as image availability, security, compliance, and performance optimization. A robust container registry solution is no longer optional—it is a necessity.
Harbor, an open-source container registry, is designed to address these challenges. It provides enhanced security, vulnerability scanning, role-based access control (RBAC), and image replication, making it an ideal choice for enterprises.
But how do you ensure every Kubernetes cluster in your organization has a Harbor registry available without tedious manual configuration? This is where Sveltos comes in.
Sveltos enables automated deployment and management of Harbor registries across multiple Kubernetes clusters, ensuring seamless registry provisioning, configuration enforcement, and lifecycle management.
The Need for a Dedicated Harbor Registry in Every Kubernetes Cluster
1. Image Availability and Performance
Relying on a centralized container registry (such as Docker Hub or a single Harbor instance) introduces potential latency and downtime risks. If the registry is unavailable or too far from a cluster, pulling images becomes slow, impacting application deployment times.
By deploying a Harbor registry in every cluster, you ensure that images are available locally, reducing pull times and improving resilience.
2. Security and Compliance
Harbor offers built-in security features such as vulnerability scanning (powered by Trivy or Clair), image signing (via Cosign or Notary), and RBAC.
When each cluster has its own Harbor registry, security policies can be tailored per environment, ensuring compliance with organizational and regulatory standards.
3. Network Isolation and Air-Gapped Environments
Certain deployments, especially in regulated industries or on-premises setups, require air-gapped clusters with no internet access. A dedicated Harbor registry per cluster enables local image storage while maintaining strict security and operational controls.
4. Multi-Cluster Image Distribution
Running multiple Kubernetes clusters (across cloud, edge, or hybrid environments) necessitates an efficient way to distribute images. Harbor’s image replication allows images to be synchronized across registries, ensuring that each cluster has access to required container images.
Challenges in Deploying and Managing Harbor Registries Manually
Manually setting up and maintaining a Harbor registry for each Kubernetes cluster is a complex task:
- Installation Overhead: Deploying Harbor requires setting up Postgres, Redis, and storage backends, making it time-consuming.
- Configuration Drift: Managing Harbor configurations across multiple clusters can lead to inconsistencies.
- Lifecycle Management: Upgrading and monitoring Harbor across different clusters requires dedicated operational effort.
This is where Sveltos simplifies the entire process.
Sveltos: Automating Harbor Registry Deployment and Management
What is Sveltos?
Sveltos is an open-source Kubernetes management tool that enables automated deployment, configuration, and policy enforcement across multiple clusters. It works alongside Cluster API (CAPI) and extends GitOps-based management to application components, such as Harbor registries.
With Sveltos, you can:
✅ Deploy Harbor registries automatically when a new cluster is created.
✅ Ensure consistent Harbor configurations across multiple clusters.
✅ Enforce security policies, such as vulnerability scanning and image signing.
✅ Manage Harbor registry lifecycle, including upgrades and decommissioning.
How to Use Sveltos to Deploy Harbor Registries Across Clusters
Prerequisites
A Kind cluster is used as management cluster. Then two extra clusters all with label env=fv.
+------------------------+-------------+-------------------------------------+
| Cluster Name | Version | Comments |
+------------------------+-------------+-------------------------------------+
| civo/cluster1 | v1.29.8+k3s1| Civo 3 Node - Medium Standard |
| civo/cluster2 | v1.30.5+k3s1| Civo 3 Node - Medium Standard |
+------------------------+-------------+-------------------------------------+
Install Sveltos on Managament Cluster
For this tutorial, we will install Sveltos in the management cluster. Sveltos installation details can be found here.
kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.46.1/manifest/manifest.yaml
kubectl apply -f https://raw.githubusercontent.com/projectsveltos/sveltos/v0.46.1/manifest/default-classifier.yaml
Register Clusters with Sveltos
Download the Kubeconfigs, then:
kubectl create ns civo
sveltosctl register cluster --namespace=civo --cluster=cluster1 --kubeconfig=civo-cluster1-kubeconfig --labels=env=production
sveltosctl register cluster --namespace=civo --cluster=cluster2 --kubeconfig=civo-cluster2-kubeconfig --labels=env=production
Verify your clusters were successfully registered:
kubectl get sveltoscluster -A --show-labels
NAMESPACE NAME READY VERSION LABELS
civo cluster1 true v1.29.8+k3s1 env=production,projectsveltos.io/k8s-version=v1.29.8,sveltos-agent=present
civo cluster2 true v1.30.5+k3s1 env=production,projectsveltos.io/k8s-version=v1.30.5,sveltos-agent=present
mgmt mgmt true v1.31.2 projectsveltos.io/k8s-version=v1.31.2,sveltos-agent=present
Step 1: Create a Cluster Profile for Harbor
To deploy Harbor with Sveltos, you first need to create a ClusterProfile YAML configuration. This file defines the Harbor deployment, including the Helm chart repository and the required settings.
Here’s the YAML configuration I’m using:
Breaking Down the YAML Configuration
• apiVersion: Specifies the version of the Sveltos API.
• kind: Defines the resource type (ClusterProfile).
• metadata: Contains the name of the ClusterProfile.
• spec: Defines the deployment details.
• clusterSelector: Targets clusters labeled with env: production.
• syncMode: Set to Continuous, ensuring ongoing monitoring and updates.
• helmCharts: Specifies the Helm chart details for Harbor, including the repository URL, chart name, version, release name, and namespace.
• values: Customizes Helm chart values, setting Harbor to be exposed via a LoadBalancer with TLS enabled.
Step 2: Apply the Cluster Profile
Once you have the YAML configuration ready, you can apply it to your Kubernetes cluster with the following command:
kubectl apply -f deploy-harbor.yaml
This creates the ClusterProfile and kicks off the Harbor deployment on any cluster matching the specified label.
Step 3: Verify the Deployment
After applying the configuration, you can check whether Harbor is deploying correctly by running on the managed clusters:
kubectl get pods -n harbor
You should see the Harbor components starting up. It may take a few moments for all pods to be in the Running state.
Step 4: Access Harbor
Once the deployment is complete, you need to access the Harbor UI. Since you configured Harbor to use a LoadBalancer, you can retrieve the external IP address by running on the managed clusters:
kubectl get svc -n harbor
You can then look for the service named harbor and note the external IP address. Finally, open your web browser and navigate to:
http://<external-ip>.
Step 5: Configure Harbor
When you access Harbor for the first time, you are prompted to set up an admin account. You can simply follow the on-screen instructions to complete the setup.
Conclusion
And that’s it! You’ve successfully deployed Harbor on you Kubernetes cluster using Sveltos. With Harbor in place, you can now manage my container images securely and efficiently.
If you have any questions or need further assistance, feel free to reach out or check the official Sveltos and Harbor documentation. Happy containerizing!
Top comments (2)
Nice article champ!
Just updated with an intro about the "Why"