Enabling Container Image Replication in a Harbor Registry

Harbor registry is a OCI compliant open source container image registry that provides a rich set of features like scanning container images for vulnerabilities, sign images, replicate images across different container registries etc.

In this blog post, I will help you with step by step instructions on configuring different types of container images replications. In my view, this is one of the important features that many clients would look for.

Let’s understand a bit more about container image replication first:

Container image replication helps you to replicate images from one registry to another. There are two types of supported replication in a Harbor registry:

  • Pull Based : You want to replicate container images from another registry to Harbor registry
  • Push Based : You want to replicate from a Harbor registry to another registry.

Note: You can configure replication between two Harbor registries as well.

When will you need this feature?

There are several use cases where you might need a container image replication solution. Imagine a scenario where an organization decides to have a master container registry in an on-prem environment and other registries can pull the image from master. 

Another use case for Edge solution where you would like to keep a container image registry at every edge site and a master container registry in an on-prem datacenter or on a public cloud environment. Then configure the replication between master container registry and every edge sites container registry for faster access of application images.

One other scenario (in case you are using VMware Tanzu Advanced), You would like to replicate Tanzu Application Catalog (TAC) now VMware Application Catalog (VAC) provided images from VAC provided registry to a Harbor registry running in an on-prem environment and provide faster access of images during deployment.

There can be many other scenarios where this feature may come handy. 

Now, let’s go straight and look at the required steps to configure image replication in a Harbor registry. 

Configuring Image Replication

In this example, I have the Harbor registry deployed using the tanzu package on a Tanzu Kubernetes Grid cluster running on a vSphere 6.7 u3 environment. I also have my dockerhub registry where few images are kept for replication.

You can have another container image registry than dockerhub, see the list of supported registries on the below screenshot.

Follow the below steps to configure image replication. This is a three step process :

  • Create a registry endpoint
  • Configure a replication rule
  • Trigger the replication rule

Configure a Registry Endpoint 

  • Login to Harbor UI using administrative credentials. 
  • Click on “Registries” option under “Administration” from the navigation pane
  • Click on the
  • Fill the required details and click on “Test Connection” option to validate the connection.
  • Click OK to save the registry details. You will see the below message.
  • Validate the newly created endpoint status, It should show Healthy.

Now, we are done with the first step. 

Configure a replication rule

In this section, we will configure a replication rule to replicate a container image stored in the dockerhub account to the Harbor registry.

  • Click on “Replications” under “Administration” option from left navigation pane
  • Click on the “New Replication Rule” button and fill in the required details.

Note: In the above detail, as you can see that the replication mode is selected as Pull-based. That means, images from the dockerhub registry will be pulled in and pushed to the Harbor registry.

  • In the above picture, it’s very important that you put the correct source resource filter. It does support a regex pattern and you can refer to the Harbor official documentation for that. Here, I am using a full image name without creating any pattern. Also, the destination namespace parameter, In case you are leaving it blank, namespace with the same name as source registry will be created. However, in this example, I created the Harbor registry project and specified during replication rule creation.
  • You can select a trigger mode based on your need. In this example, I will go ahead with Manual.
  • Now, you can verify the newly created replications rule. It should be “Enabled”
  • If you just select the created replication rule, you will notice that there is no execution data yet. This is because we have not ran this rule.

Now, let’s move to the last step. Triggering the replication rule.

Trigger the replication rule

  • Select the replication rule that you just now created in above steps.
  • Click on the “Replicate” button
  • You will be asked to run the replication or cancel it. Click on the “Replicate” button again.
  • Notice the result, It is showing the status of success with other details like time etc.
  • Click on the execution ID to see more details like below.
  • To see more detail, click on the “Logs” option as shown below
  • You can review the logs displayed in simple format as shown below.
  • Validate the replicated image in the Harbor registry.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s