Google Distributed Cloud (GDC) air-gapped Managed Harbor Service (MHS) is a fully managed service that lets you store and manage container images, even in air-gapped environments completely isolated from the internet or other networks. Harbor is an open source registry that secures artifacts with policies and role-based access control, ensuring images are scanned, free from vulnerabilities, and images are signed as trusted.
GDC MHS provides control-plane operations, such as creating and deleting Harbor registry instances. It enables GDC MHS data-plane operations like pushing and pulling container images. Pushing your container images to a container registry solution like Harbor provides a centralized, secure, scalable, and efficient way to store, manage, and deploy your Docker images.
Harbor is a Cloud Native Computing Foundation (CNCF) graduated open source project that provides a built-in cloud container registry solution for Kubernetes and Docker. With managed service integration, customers can deploy their own Harbor instance to store and manage their artifacts on GDC MHS offers the following features:
- Harbor instances are automatically provisioned and managed by GDC.
- Harbor is integrated with GDC's IAM and observability systems.
- Harbor instances can be upgraded to the newer stable version.
- Harbor is enhanced to meet GDC's compliance and quality requirements.
Performance
Google has tested and verified MHS to support the limits specified in System limits.
The actual performance limits might be higher.
Garbage collection
When you use MHS to add images to and delete images from the registry, unused data can build up over time. To avoid straining storage resources, MHS automatically performs garbage collection every 12 hours. You don't have to configure garbage collection manually.
What's next
To enable MHS, you must create a Harbor instance in your project.