Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harbor incubation proposal #163

Merged
merged 1 commit into from Nov 14, 2018
Merged

Harbor incubation proposal #163

merged 1 commit into from Nov 14, 2018

Conversation

ghost
Copy link

@ghost ghost commented Oct 12, 2018

Harbor incubation review for Technical Oversight Committee.

Signed-off-by: clouderati <35942204+clouderati@users.noreply.github.com>
@caniszczyk caniszczyk added this to In progress (due diligence) in TOC Project Backlog Oct 16, 2018
@caniszczyk
Copy link
Contributor

caniszczyk commented Oct 16, 2018

RFC @cncf/toc

@caniszczyk
Copy link
Contributor

caniszczyk commented Nov 5, 2018

Here's an incubation presentation from the Harbor community: https://docs.google.com/presentation/d/1aBQnE96kKatc1_t3E97lJBwiWvL-3GTitojuv-nWMuo/edit?usp=sharing

@quinton-hoole
Copy link
Contributor

quinton-hoole commented Nov 5, 2018

+1 Congrats on the solid production adoption, release cadence and on growing your contributor and maintainer base.

Looking forward to extending core maintainers beyond VMWare, publishing the results of your security reviews, and progressing towards graduation.

@kenowens12
Copy link
Contributor

kenowens12 commented Nov 5, 2018

+1

@bgrant0607
Copy link
Contributor

bgrant0607 commented Nov 6, 2018

@quinton-hoole-2 @kenowens12 Did sufficient technical diligence occur when Harbor entered the Sandbox, or should that be done now?

@quinton-hoole
Copy link
Contributor

quinton-hoole commented Nov 6, 2018

@ryanconley1
Copy link

ryanconley1 commented Nov 6, 2018

+1

@rothgar
Copy link
Member

rothgar commented Nov 8, 2018

First let me just say I think Harbor works great and I absolutely am happy that it exists as an open source project. I don't know of another open source container registry that has as many features or checks as many boxes as Harbor. I also have never done any development on the product so I have no clue what the code is like. I hope this feedback helps the product improve and I by no means mean this as an attack on the developers of Harbor.

What I have done is run multiple instances of Harbor in development environments (both directly on a VM and in containers) as well as used it as an end user in a production environment (provisioned in a PKS environment). I have experience with running the docker-registry and using Quay, gcr, ecr, and Gitlab's container registry.

My only objection with Harbor is its inclusion as a promoted CNCF project. My opinion is the CNCF should only be promoting projects that promote workflows, development practices, and operational overhead that encourage certain ways of working for building and maintaining software and infrastructure. From my experience Harbor does not live up to my perceived standards for CNCF projects. Just for clarification, Harbor isn't the only project I feel this way about. It just happens to be the topic at hand.

My main complaints come from my limited use of Harbor as an operator and user. The basic install has you download the .tar file, extract it, edit the harbor.cfg, and then run an install.sh script. Nothing about that experience feels like a cloud native. The deployment is not declarative and the default install was very manual. I also ran into problems with the install on a VM because of a hard coded /data path in the prepare script which was already being used by other software in my environment. I was able to edit the file to get it running.

I had to repeat this process multiple times to get my harbor.cfg file with all the right settings for my environment and in some cases I gave up because the manual steps (e.g. TLS) seemed way to manual even though they are (or should be) required for a default installation.

The installation on Kubernetes was a similar experience with an optional manual import of container images onto k8s worker nodes, a k8s-prepare script reading from harbor.cfg (which requires python) and then some assumptions being made about where persistent storage should exist (I don't think it should be on hostPath because if the pod is re-scheduled to a new node all the data will be gone) which assumes you have 100+ Gb free. It also writes logs to a hostPath which won't be picked up by standard k8s logging agents for centralized logging.

As for being a user of Harbor there are some bugs we've found and some oddities that wouldn't exclude my vote to make it a CNCF incubation project but I have not yet done my due diligence to make sure issues exist for those problems or missing features I would like to see. The only issue that maybe stood out is user accounts and the ability to automate Harbor with API keys/sessions. My team could not find a way to create a robot account for API access and automation purposes. We had to create standard user accounts which was a step backward from our experience with Quay. This also doesn't promote the workflows I think should be a top priority for CNCF projects.

I have no idea about install base and usage of Harbor outside of the ADOPTERS.md but I don't think that should be a selling point for some projects when it's bundled with other software (e.g. PKS) or inside very large organizations which likely run one of everything. My personal experience has show that big organizations will run Docker Enterprise, Quay, docker registry, harbor, and probably a few in house built tools. Having adoption at one is no longer a selling point to me.

Again, I'm very glad Harbor exists. I'm thrilled that it's an open source option! I just have reservations about making it a promoted CNCF project because of my experience and personal convictions about what should be included as a project under the CNCF.

@rockpanda
Copy link

rockpanda commented Nov 9, 2018

+1 non-binding

@Ghostbaby
Copy link

Ghostbaby commented Nov 9, 2018

+1 non-binding

Our company has deployed harbor in the prod environment, the number of kubernetes nodes is 200+, the number of applications is 400+, the number of the image is 4000+, and the cluster size is growing rapidly.

Harbor is a very important part of our CICD process. We call the harbor API to implement full lifecycle management of the image.

Harbor provides HA mode, with shared storage, shared Postgres database and SLB, we can ensure the availability of Image pull/push service.

@cd1989
Copy link

cd1989 commented Nov 9, 2018

+1 non-binding

@moooofly
Copy link

moooofly commented Nov 9, 2018

+1 non-binding

Harbor facilitates the workflow of CI/CD process in our company. 👍

@Ghostbaby
Copy link

Ghostbaby commented Nov 9, 2018

@Benniu
Copy link

Benniu commented Nov 9, 2018

+1

@caniszczyk caniszczyk merged commit e85b0e7 into cncf:master Nov 14, 2018
1 check passed
@caniszczyk caniszczyk moved this from In progress (due diligence) to Done in TOC Project Backlog Nov 15, 2018
@kofj
Copy link

kofj commented Nov 29, 2018

+1 nb
First let me just say I think Harbor works great, My company 360 is DOPTER of Harbor. We use Harbor serve for hundreds of projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Development

Successfully merging this pull request may close these issues.

None yet