►
From YouTube: VMware Enterprise PKS and VMware Harbor
Description
VMware Product Manager Merlin Glynn describes how VMware Enterprise PKS uses VMware Harbor.
Enterprise PKS relies on Harbor, the open source container registry from VMWare, to deliver security and compliance to on-premises container templates and images out of the box.
For more information visit:
https://cloud.vmware.com/pivotal-container-service
For more information about Harbor visit:
https://vmware.github.io/harbor/
A
Hi
I'm
Merlin,
Glenn
I'm,
a
product
manager
here
at
VMware
and
in
this
light
board
we
are
gonna,
be
talking
about.
Pks,
are
pivotal
container
service
and
interaction
with
VMware
Harbor,
which
is
included
as
part
of
PKS.
So
what
is
harbor
first,
let's
talk
about
what
the
developer
needs
to
do
to
actually
push
an
application,
so
we'll
have
a
developer,
and
you
know
we've
got
a
bit
of
code
and
we
typically
want
to
push
that
code
inside
some
sort
of
a
pipeline
and
the
end
goal
of
that
pipeline.
A
In
our
case,
is
we
want
to
get
to
running
application
inside
of
Cades?
That's
our
goal.
So
how
do
we
get
from
here
to
there
with
our
code
that
we're
building
and
committing
and
having
our
pipeline
start
off?
Well
we're
gonna
kind
of
break
this
up
into
three
stages.
You
know.
First
thing
we
want
to
do
is
we're
building
an
image,
so
we
want
to
store
our
image
and
then
we're
going
to
want
to
sign
our
image
to
make
sure
that
our
images
you
know
coming
from
where
it
should
be
coming
from.
A
And
lastly,
we
want
to
take
a
look
at
scanning
that
image.
We
want
to
make
sure
that
there
are
no
CVEs.
We
didn't
build
the
image
with
the
old
software,
something
that's
that's
not
compliant
in
our
environment.
So,
as
this
pipelines
running
you
know,
the
idea
is
to
get
this
agile
pipeline
that
we
could
just
commit
and
iterate
and
run
and
install
our
application
inside
of
kubernetes.
A
A
This
is
Harbor,
so
harbor
harbor
can
divide
tenancy
inside
something
called
projects,
so
projects
are
just
a
collection
of
folder
endpoints.
If
you
will
or
locations
where
we
can
store
our
images
and
act
upon
and
manage.
Our
images
and
harbor
also
has
an
authentication
component,
and
so
harbor
has
to
authenticate
as
well
and
our
thin
occation
component
for
harbor.
We
can
leverage
external
LDAP
or
we
can
leverage
you
a
a
which
will
kind
of
push
out
here.
A
You
AAA
is
user
access
and
authentication,
which
is
the
key
authentication
mechanism
of
PKS,
which
just
happens
to
be
what
our
developer
is
used
to
provision
our
kubernetes
cluster
over
here.
Certain
developer
is
actually
logging
in
or
authenticating
with
PKS,
in
the
same
credentials
that
I
used
of
PKS
is
user,
authentication
and
access
command
section.
Allow
us
to
authenticate
with
harbor
as
well,
so
that
we
can
do
dock
work.
Cli
commands
like
docker
push
and
dr.
A
pol,
and
these
are
also
the
same
credentials
we
can
store
instead
of
our
kubernetes
cluster,
to
do
our
darker
pool
now,
in
addition
to
you
know
giving
things
up
in
projects
well,
harbor
has
to
store
images
right,
so
harbor
provides
registry
all
right.
It's
a
way
that
we
could
store
docker,
and/or,
docker
images
or
other
types
of
artifacts,
with
primarily
docker
images
in
this
case,
so
our
registry
can
actually
do
a
couple
of
cool
things.
A
It
can
actually
link
externally
to
objects
towards
like
s3,
so
we
can
store
our
images
and
a
highly
available
and
highly
scalable
back-end,
or
we
can
store
our
registry
local
and
are
in
there
in
our
internal
harbor,
DB
and
harbor
can
actually
harbor
itself
can
actually
support
the
capability
of
doing
replication.
So
we
can
actually,
you
know,
we'll
just
use
repple
or
our
PL
here
for
replication.
A
We
can
actually
replicate
out
to
another
harbor
instance
externally,
if
we
want
to
make
sure
that
we
have
good
image,
backup
for
our
images
or
good
image,
availability,
not
just
backup
and
availability
in
other
locations.
So
that's
the
first
easy
part,
I
mean
that's,
that's
a
registry!
That's
what
every
registry
does,
but
Harvard
does
another
couple
of
unique
things.
So,
as
our
pipelines
go
on,
we
might
need
the
store,
but
let's
say
we
want
to
sign
to
and
this
this
is
something
you
know.
Maybe
we
don't
store
our
image
immediately
in
our
pipeline.
A
A
And
what
notary
will
allow
us
to
do?
Is
we
were
ready
to
store
and
sign?
We
can
kind
of
do
this
in
one
action
we
can
generate
some
SSA,
not
a
cell,
but
generate
some
certificate
keys
and
sign
this
image
from
a
known,
unknown
entity.
That's
been
registered
with
our
notary
service,
so
via
notary
and
the
registry
back-end.
We
can
actually
get
a
secure,
signed
image.
So
we
know
who
built
the
image
from
our
pipeline
into
harbor
and
harbor
can
do
a
pretty
cool
thing
and
that
we
can,
when
it's
time
to
pull
that
image.
A
So
this
makes
sure
that
we
that
we're
only
allowing
signed
images,
images
that
have
been
signed
by
the
correct
Authority
from
our
pipeline
to
be
pulled
from
our
registry,
but
it's
not
just
about
where
the
image
came
from
that
we
need
to
be
concerned.
It's
also
about
is
the
image
safe.
Has
the
image
been
built
with
any
known
vulnerabilities,
so
another
component,
that's
included
inside
of
harbor,
has
Claire,
which
is
an
open
source.
A
It's
an
open
source
initiative
that
has
multiple
repositories
of
known
CVEs,
known
critical
vulnerabilities,
and
so
we
could
do
as
our
pipeline
is
is
not
only
can
we
sign
and
push
our
image
into
our
repository,
but
we
can
also
initiate
a
scan
with
Claire.
You
know
we
can
come
down
here
and
say
hey.
Let
me
know
what
the
CVE
assessment
is
and
this
image
that
I
just
built
and
another
cool
thing
that
I
can
do
with
Harbor.
A
If
too,
many
sea
bees,
you
know
if
the
image
that
I
built
has
has
old
components
in
it.
If
it
are
safe,
if
they're
not
clean,
I
can
stop
the
poll.
So
what
really?
What
the
integration
with
harbor
and
PK
is
does
for
us
has
allowed
us
to
have
common
our
unified
authentication
mechanism,
so
the
developers
and
development
teams
that
are
building
our
pipelines
can
also
have
access
to
manage
and
push
their
images
and
scan
and
sign
their
images
in
an
enterprise
period
registry
and
that's
how
we
get
Enterprise
kubernetes
at
scale
with
enterprise-grade
registry.