Help Center> Software Repository for Container> Best Practices> Migrating Container Images> Synchronizing Images Across Clouds from Harbor to SWR
Updated on 2024-04-09 GMT+08:00

Synchronizing Images Across Clouds from Harbor to SWR

Scenarios

A customer deploys services in multiple clouds and uses Harbor as their image repository. There are two scenarios for synchronizing images from Harbor to SWR:

  1. Harbor accesses SWR through a public network. For details, see Accessing SWR Through a Public Network.
  2. Harbor accesses SWR through a VPC endpoint by using a private line. For details, see Accessing SWR Through a VPC Endpoint by Using a Private Line.

Background

Harbor is an open source enterprise-class Docker Registry server developed by VMware. It extends the Docker Distribution by adding the functionalities such as role-based access control (RBAC), image scanning, and image replication. Harbor has been widely used to store and distribute container images.

Accessing SWR Through a Public Network

  1. Configure a registry endpoint on Harbor.

    Huawei Cloud SWR has integrated with Harbor 1.10.5 and later versions. You only need to set Provider to Huawei SWR when configuring your endpoint. This document uses Harbor 2.4.1 as an example.

    1. Add an endpoint.

    2. Configure the following parameters.

      • Provider: Select Huawei SWR.
      • Name: Enter a customized name.
      • Endpoint URL: Enter the public network domain name of SWR in the format of https://{SWR image repository address}. To obtain the image repository address, log in to the SWR console, choose My Images, and click Upload Through Client. You can view the image repository address of the current region on the page that is displayed.

      • Access ID: Enter an access ID in the format of Regional project name@[AK].
      • Access Secret: Enter an AK/SK. To obtain an AK/SK, see Obtaining a Long-Term Valid Login Command.
      • Verify Remote Cert: Deselect the option (recommended).

  2. Configure a replication rule.

    1. Create a replication rule.

    2. Configure the following parameters.

      • Name: Enter a customized name.
      • Replication mode: Select Push-based, indicating that images are pushed from the local Harbor to the remote repository.
      • Source resource filter: Filters images on Harbor based on the configured rules.
      • Destination registry: Select the endpoint created in 1.
      • Destination

        Namespace: Enter the organization name on SWR.

        Flattening: Select Flatten All Levels, indicating that the hierarchy of the registry is reduced when replicating images. If the directory of Harbor registry is library/nginx and the directory of the endpoint namespace is dev-container, after you flatten all levels, the directory of the endpoint namespace is library/nginx -> dev-container/nginx.

      • Trigger Mode: Select Manual.
      • Bandwidth: Set the maximum network bandwidth when executing the replication rule. The value –1 indicates no limitation.

  3. After creating the replication rule, select it and click REPLICATE to complete the replication.

Accessing SWR Through a VPC Endpoint by Using a Private Line

  1. Configure a VPC endpoint.

  2. Obtain the private network IP address and domain name of the VPC. (By default, the domain name resolution rule is automatically added to Huawei Cloud VPCs, so you only need to configure hosts for non-Huawei Cloud endpoints.) You can query the IP address and domain name in Private Domain Name on the VPC endpoint details page.

  3. Configure a registry endpoint on Harbor.

    Huawei Cloud SWR has integrated with Harbor 1.10.5 and later versions. You only need to set Provider to Huawei SWR when configuring your endpoint. This document uses Harbor 2.4.1 as an example.

    1. Add an endpoint.

    2. Configure the following parameters.

      • Provider: Select Huawei SWR.
      • Name: Enter a customized name.
      • Endpoint URL: Enter the private network domain name of the VPC endpoint, which must start with https. In addition, the domain name mapping must be configured in the container where Harbor is located.
      • Access ID: Enter an access ID in the format of Regional project name@[AK].
      • Access Secret: Enter an AK/SK. To obtain an AK/SK, see Obtaining a Long-Term Valid Login Command.
      • Verify Remote Cert: Deselect the option.

  4. Configure a replication rule.

    1. Create a replication rule.

    2. Configure the following parameters.

      • Name: Enter a customized name.
      • Replication mode: Select Push-based, indicating that images are pushed from the local Harbor to the remote repository.
      • Source resource filter: Filters images on Harbor based on the configured rules.
      • Destination registry: Select the endpoint created in 3.
      • Destination

        Namespace: Enter the organization name on SWR.

        Flattening: Select Flatten All Levels, indicating that the hierarchy of the registry is reduced when replicating images. If the directory of Harbor registry is library/nginx and the directory of the endpoint namespace is dev-container, after you flatten all levels, the directory of the endpoint namespace is library/nginx -> dev-container/nginx.

      • Trigger Mode: Select Manual.
      • Bandwidth: Set the maximum network bandwidth when executing the replication rule. The value –1 indicates no limitation.

  5. After creating the replication rule, select it and click REPLICATE to complete the replication.