Help Center/ SoftWare Repository for Container/ Best Practices/ Migrating Container Images/ Migrating Images Across Clouds from Harbor to SWR
Updated on 2025-09-10 GMT+08:00
View PDF
Share

Migrating Images Across Clouds from Harbor to SWR

Scenarios

If you are using a self-built Harbor registry on other cloud, you can replicate images from Harbor to SWR.

  1. If Harbor can access SWR over the Internet, perform the replication as instructed in Accessing SWR over the Internet.
  2. If Harbor accesses SWR through a VPC endpoint by using a private line, perform the replication as instructed in Accessing SWR Through a VPC Endpoint by Using a Private Line.

Background

Harbor is an open source enterprise-class Docker Registry server developed by VMware. It extends the Docker Distribution by adding the functionalities such as role-based access control (RBAC), image scanning, and image replication. Harbor has been widely used to store and distribute container images.

Accessing SWR over the Internet

  1. Configure a registry endpoint on Harbor.

    Harbor 1.10.5 and later can interconnect with Huawei Cloud SWR. You only need to set Provider to Huawei SWR when configuring an endpoint on Harbor. Harbor 2.4.1 is used as an example.

    1. Add an endpoint.

    2. Configure the following parameters.

      • Provider: Select Huawei SWR.
      • Name: Enter a name for the endpoint.
      • Endpoint URL: Enter the public network domain name of SWR in the format of https://{SWR image registry address}. To obtain a registry address, log in to the SWR console, choose My Images and click Upload Through Client. In the displayed dialog box, view the image registry address in the current region.

      • Access ID: Enter an access ID in the format of Regional project name@[AK].
      • Access Secret: Enter an access secret. It is generated by using AK and SK. Access Secret will be used together with Access ID to generate a long-term login command. For details, see Obtaining a Long-Term Login Command.
      • Verify Remote Cert: Deselect the option (recommended).

  2. Configure a replication rule.

    1. Create a replication rule.

    2. Configure the following parameters.

      • Name: Enter a name for the rule.
      • Replication mode: Select Push-based, indicating that images are pushed from the local Harbor to a remote registry.
      • Source resource filter: Images in Harbor will be filtered to replicate based on the configured rule.
      • Destination registry: Select the endpoint created in 1.
      • Destination

        Namespace: Enter an organization of SWR.

        If the Namespace value contains a slash (/), for example, ns1/test, Huawei SWR considers ns1 as the organization name and test as the path to the image. So ns1/test means the image name under the ns1 organization is test/*.

        Flattening: Select Flatten All Levels to remove all hierarchy from the replicated images. For example, if the hierarchy of Harbor is library/nginx and the destination namespace is dev-container, library/nginx replicates to dev-container/nginx.

      • Trigger Mode: Select Manual.
      • Bandwidth: Set the maximum network bandwidth for each replication task. –1 indicates unlimited bandwidth.

    For more information, see the Harbor official website.

  3. Select the replication rule and click REPLICATE to replicate images.

Accessing SWR Through a VPC Endpoint by Using a Private Line

  1. Configure a VPC endpoint.

  2. Obtain the private IP address and domain name of the VPC. (By default, the domain name resolution rule is automatically added to Huawei Cloud VPCs, so you only need to configure hosts for non-Huawei Cloud endpoints.) You can query the IP address and domain name in Private Domain Name on the VPC endpoint details page.

  3. Configure a registry endpoint on Harbor.

    Harbor 1.10.5 and later can interconnect with Huawei Cloud SWR. You only need to set Provider to Huawei SWR when configuring an endpoint on Harbor. Harbor 2.4.1 is used as an example.

    1. Add an endpoint.

    2. Configure the following parameters.

      • Provider: Select Huawei SWR.
      • Name: Enter a name for the endpoint.
      • Endpoint URL: Enter the private domain name of a VPC endpoint, which must start with https. In addition, the domain name mapping must be configured in the container where Harbor is located.
      • Access ID: Enter an access ID in the format of Regional project name@[AK].
      • Access Secret: Enter an access secret (SK). The AK and SK are used to generate a long-term login command. For details, see Obtaining a Long-Term Login Command.
      • Verify Remote Cert: Deselect the option.

  4. Configure a replication rule.

    1. Create a replication rule.

    2. Configure the following parameters.

      • Name: Enter a name for the rule.
      • Replication mode: Select Push-based, indicating that images are pushed from the local Harbor to a remote registry.
      • Source resource filter: Images in Harbor will be filtered to replicate based on the configured rule.
      • Destination registry: Select the endpoint created in 3.
      • Destination

        Namespace: Enter an organization of SWR.

        If the Namespace value contains a slash (/), for example, ns1/test, Huawei SWR considers ns1 as the organization name and test as the path to the image. So ns1/test means the image name under the ns1 organization is test/*.

        Flattening: Select Flatten All Levels to remove all hierarchy from the replicated images. For example, if the hierarchy of Harbor is library/nginx and the destination namespace is dev-container, library/nginx replicates to dev-container/nginx.

      • Trigger Mode: Select Manual.
      • Bandwidth: Set the maximum network bandwidth for each replication task. –1 indicates unlimited bandwidth.

    For more information, see the Harbor official website.

  5. Select the replication rule and click REPLICATE to replicate images.

Parent Topic: Migrating Container Images