Harbor注册表代理缓存与复制

huangapple go评论130阅读模式
英文:

Harbor registry proxy cache vs replication

问题

我对Harbor注册表还不熟悉。我被要求为我的公司提出Harbor的架构建议。我首先提出使用基于代理缓存的架构。但是,CISO拒绝在未说明原因的情况下在企业中使用代理缓存。我提出了另一种基于复制的架构。我们验证了一些从公共注册表中拉取并推送到我们的Harbor注册表中的基础镜像(一个主动的Harbor从互联网上拉取镜像,另一个被动的Harbor用于高可用性,还有4个其他Harbor位于特殊网络区域,它们从主Harbor获取镜像)。

问题是为什么CISO拒绝使用代理缓存?使用它是否存在任何缺点?使用Harbor代理缓存与复制相比可能出现的安全风险是什么?我在互联网上找不到关于这个问题的明确信息。似乎大多数人都在使用代理缓存。

谢谢!

英文:

I'm new to Harbor registry. I was asked to propose an architecture for harbor in my company. I proposed at first to use an architecture based on proxy cache. But the CISO refused to use proxy cache for the entreprise without saying why. I proposed anoter architecture based on replication. We validate some base images that are pulled from public registries and pushed into our harbor registry ( One active harbor that pulls the images from internet and another passive harbor for high avalibility + 4 other harbors that leaves in special network zones (they get the images form the master harbor)).

The question is why the ciso refused the use of proxy cache ? is there any drawbacks for using it ? what are the security risks that can appear using the harbor proxy cache vs replication ? I cant find in the internet clear informations about this question. It seems that the majority is using proxy cache.

Thank you!

答案1

得分: 0

在这个阶段,只能推测,关于不解释原因以及不提出询问的不专业行为。

关于Harbor代理和复制,两者之间的主要区别在于威胁表面和其控制的不同。

代理

  • 被动,如果本地找不到,会将请求转发到上游。
  • 没有控制,

复制

  • 主动,明确指定要从上游复制的镜像。
  • 全面控制
英文:

At this stage one can only speculate, about the unprofessional behavior of not explaining the reasons and also for not asking.

Regarding Harbor proxy and replication, the main difference between both option is the difference of threat surface and its control.

Proxy

  • Passive, forwards requests upstream if not found locally.
  • No control,

Replication

  • Active, explicitly specify the images you want to copy from upstream
  • Full control

huangapple
  • 本文由 发表于 2023年6月1日 12:32:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/76378684.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定