POC: Try to replace the distribution registry with the harbor project

[pPrecel]

Description:

Prototype migration from the self-crafted registry chart to the harbor project. The harbor project provides a fully supported and documented helm chart that uses the same registry core as our one (distribution/distribution).

This article made a comparison between the distribution registry and the harbor.

Reason:

The harbor project does a great job of making use of the distribution registry. It contains a lot of well-documented features that may be useful for us and our clients, like:

• Web UI
• HTTPS protocol support
• High Availability
• Logging compatible with external systems
• High integration with k8s and many tutorials about
• Security scanning
• Image signing
• many, many more...

Hints:

The very first goal should be to configure harbor to deploy the same registry configuration as ours (without any new features and without breaking changes).

The migration should not be hard because we are using the same distribution image as harbor.

The harbor's chart is well documented and configuration-open so maybe it's even possible to use its chart without any changes and just configure it through the values.yaml file.

[pbochynski]

Please bear in mind that HA setup for Harbor requires PostgreSQL and Redis:
https://goharbor.io/docs/2.10.0/install-config/harbor-ha-helm/#architecture
I agree that Harbor has more features, but consider the context we are talking about. We are not going to provide full multitenant docker registry for all our customers. We need a solution for single cluster and limited scale, that has low footprint and is easy to maintain.

If you are just looking for charts you can have a look at https://github.com/twuni/docker-registry.helm

In our use case, I would rather stay with a simple registry plus S3 as a backend. This way you have a simple stateless service in the cluster that you can easily make HA.