ποΈ Harbor + Nexus νμ΄λΈλ¦¬λ μν€ν μ²: λ² μ€νΈ νΌν¬λ¨Όμ€
π― μ΅μ μ±λ₯ μν€ν μ² μ€κ³
π μν€ν μ² μμΉ
1. μν λΆλ¦¬ κΈ°λ° μ€κ³
Harbor (Container Specialist):
μν : 컨ν
μ΄λ μ΄λ―Έμ§ μ μ©
λμ: μ΄μ νκ²½, νλ‘λμ
μν¬λ‘λ
μ΅μ ν: 컨ν
μ΄λ νΈμ/ν μ±λ₯
Nexus (Package Repository):
μν : κ°λ° μμ‘΄μ± ν¨ν€μ§
λμ: κ°λ° νκ²½, λΉλ νλ‘μΈμ€
μ΅μ ν: Maven/npm λΉλ μ±λ₯2. λ€νΈμν¬ μ§μμ± μ΅μ ν
λ°°μΉ μ λ΅:
Harbor: Kubernetes ν΄λ¬μ€ν° κ·Όμ
Nexus: κ°λ°ν/CI μλ² κ·Όμ
λͺ©μ : λ€νΈμν¬ λ μ΄ν΄μ μ΅μνποΈ λ² μ€νΈ νΌν¬λ¨Όμ€ μν€ν μ²
Architecture Diagram
graph TB
subgraph "Development Zone"
DEV[κ°λ°μ PC]
IDE[IDE/VSCode]
CI[CI/CD Pipeline]
end
subgraph "Build Zone"
NEXUS[Nexus Repository]
BUILD[Build Servers]
CACHE[Build Cache]
end
subgraph "Container Zone"
HARBOR[Harbor Registry]
SCAN[Security Scanner]
REPLICA[Harbor Replica]
end
subgraph "Runtime Zone"
K8S[Kubernetes Cluster]
PODS[Application Pods]
PROXY[Pull-through Cache]
end
DEV --> IDE
IDE --> NEXUS
CI --> NEXUS
CI --> BUILD
BUILD --> HARBOR
HARBOR --> SCAN
HARBOR --> K8S
HARBOR --> REPLICA
PROXY --> HARBOR
K8S --> PODSπ μ±λ₯ μ΅μ ν μ λ΅
1. Harbor ν΄λ¬μ€ν° μ€κ³
# harbor-performance.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: harbor-performance-config
data:
harbor.yml: |
# μ±λ₯ μ΅μ ν μ€μ
database:
type: postgresql
postgresql:
host: postgres-cluster.db.svc.cluster.local
port: 5432
database: registry
username: harbor
password: ${HARBOR_DB_PASSWORD}
# μ°κ²° ν μ΅μ ν
max_idle_conns: 50
max_open_conns: 1000
conn_max_lifetime: 5m
redis:
# Redis ν΄λ¬μ€ν° μ¬μ©
host: redis-cluster.cache.svc.cluster.local:6379
password: ${REDIS_PASSWORD}
# μ°κ²° ν μ€μ
db: 0
pool:
max_idle: 100
max_active: 1000
idle_timeout: 300s
storage:
# κ³ μ±λ₯ μ€ν λ¦¬μ§ λ°±μλ
s3:
region: us-west-2
bucket: harbor-registry-prod
# λ©ν°ννΈ μ
λ‘λ μ΅μ ν
multipartcopythresholdsize: 32MB
multipartcopymaxconcurrency: 100
# μ²νΉ μ΅μ ν
chunksize: 5MB
# λ‘κ·Έ λ 벨 μ΅μ ν (μ΄μ νκ²½)
log:
level: warn
# μ±λ₯ νλ
core:
# μ컀 νλ‘μΈμ€ μ μ΅μ ν
workers: 16
# μμ² νμμμ
timeout: 300s
registry:
# λ μ§μ€νΈλ¦¬ μ±λ₯ μ€μ
workers: 8
# μ€ν λ¦¬μ§ λλΌμ΄λ² μ΅μ ν
storage_driver_config: |
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false2. Nexus μ±λ₯ μ΅μ ν
# nexus-performance.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nexus-performance-config
data:
nexus.properties: |
# JVM ν λ©λͺ¨λ¦¬ μ΅μ ν
-Xms4G
-Xmx8G
-XX:MaxDirectMemorySize=6G
# GC μ΅μ ν
-XX:+UseG1GC
-XX:MaxGCPauseMillis=200
-XX:G1HeapRegionSize=16m
# μ±λ₯ νλ
-Dnexus.cleanup.retainDays=30
-Dnexus.scripts.allowCreation=false
# λ°μ΄ν°λ² μ΄μ€ μ°κ²° ν
nexus.datastore.connectionPool.maxPoolSize=50
nexus.datastore.connectionPool.minPoolSize=10
# HTTP 컀λ₯ν° μ΅μ ν
nexus.jetty.connector.http.acceptors=4
nexus.jetty.connector.http.selectors=8
cleanup.properties: |
# μ 리 μμ
μ΅μ ν
cleanup.policy.retention.days=30
cleanup.policy.last.downloaded.days=7
cleanup.policy.last.blob.updated.days=33. λ€νΈμν¬ μ΅μ ν
# network-optimization.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: registry-network-optimization
spec:
podSelector:
matchLabels:
app: harbor
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-system
- namespaceSelector:
matchLabels:
name: development
ports:
- protocol: TCP
port: 80
- protocol: TCP
port: 443
---
# μΊμ± λ μ΄μ΄ μΆκ°
apiVersion: v1
kind: Service
metadata:
name: harbor-cache-proxy
annotations:
# μ°κ²° μ μ§ μ΅μ ν
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
# μ€ν°ν€ μΈμ
service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: stickiness.enabled=true
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
name: http
- port: 443
targetPort: 8443
name: https
selector:
app: harbor-proxyπ μν¬νλ‘μ° κΈ°λ° μ΅μ ν
κ°λ° λ¨κ³ (Nexus μ΅μ ν)
# nexus-dev-optimization.yaml
Development Workflow:
Phase 1 - Dependency Resolution:
Tool: Nexus Repository
Optimization:
- Local SSD storage for Maven/.m2 cache
- Nexus proxy repositories for public repos
- Aggressive caching (7 days retention)
- Parallel downloads enabled
Performance Metrics:
- Maven dependency resolution: < 30s
- npm install: < 2 minutes
- Nexus response time: < 100ms
Configuration:
maven:
proxy_repositories:
maven-central:
remote_url: https://repo1.maven.org/maven2/
cache_policy: "cache_for_7_days"
download_policy: "parallel_max_10"
npm:
proxy_repositories:
npmjs:
remote_url: https://registry.npmjs.org/
cache_policy: "cache_for_3_days"
metadata_max_age: 1440 # 24 hoursλΉλ λ¨κ³ (Harbor μ€λΉ)
# build-stage-optimization.yaml
Build Workflow:
Phase 2 - Container Build:
Optimization:
- Multi-stage Docker builds
- Layer caching optimization
- Parallel build stages
- Build cache reuse
Docker Build Config:
DOCKER_BUILDKIT: 1
BUILDKIT_PROGRESS: plain
# λΉλ μΊμ μ΅μ ν
build_args:
- BUILDKIT_INLINE_CACHE=1
- MAX_PARALLEL_DOWNLOADS=10
Performance Targets:
- Docker build time: < 5 minutes
- Layer reuse rate: > 80%
- Cache hit rate: > 70%λ°°ν¬ λ¨κ³ (Harbor μ΅μ ν)
# harbor-deployment-optimization.yaml
Deployment Workflow:
Phase 3 - Container Registry:
Tool: Harbor
Optimization:
- Pull-through cache for base images
- Image layer deduplication
- Parallel layer downloads
- Regional replication
Harbor Performance Config:
registry:
# λ³λ ¬ λ€μ΄λ‘λ μ΅μ ν
maxconcurrentuploads: 10
maxconcurrentdownloads: 10
# μ²ν¬ μ¬μ΄μ¦ μ΅μ ν (λ€νΈμν¬ λμν κΈ°λ°)
# κ³ λμν: 32MB, μΌλ°: 5MB, μ λμν: 1MB
chunksize: 5242880 # 5MB
# νμμμ μ€μ
timeout:
read: 300s
write: 300s
# μ€ν λ¦¬μ§ μ΅μ ν
storage:
cache:
blobdescriptor: redis
# λ©νλ°μ΄ν° μΊμ
layerinfo: redisπ λ©ν° 리μ μ΅μ ν
μ§μλ³ λ°°μΉ μ λ΅
# multi-region-architecture.yaml
Regional Distribution:
Primary Region (US-West):
Harbor Primary:
role: master
storage: AWS S3 (us-west-2)
capacity: 10TB
performance: High IOPS SSD
Nexus Primary:
role: master
storage: EBS GP3 (10,000 IOPS)
capacity: 5TB
Secondary Region (US-East):
Harbor Replica:
role: read-replica
replication: real-time
storage: AWS S3 (us-east-1)
Nexus Cache:
role: proxy-cache
cache_size: 1TB
cache_policy: "most_accessed_artifacts"
Asian Region (AP-Northeast):
Harbor Replica:
role: read-replica
replication: scheduled (every 4 hours)
storage: AWS S3 (ap-northeast-1)
Nexus Proxy:
role: proxy-only
cache_size: 500GBλ€νΈμν¬ μ΅μ ν
# network-performance.yaml
Network Optimization:
CDN Integration:
Harbor:
- CloudFlare for image layers
- Edge caching for frequently accessed images
- Automatic cache invalidation
Nexus:
- Regional proxy servers
- Smart routing based on client location
Bandwidth Management:
Upload:
- Compression enabled
- Delta sync for image layers
- Resumable uploads
Download:
- Parallel connections (max 8)
- Connection pooling
- Keep-alive connections
Monitoring:
Metrics:
- Network latency per region
- Bandwidth utilization
- Cache hit rates
- Error ratesβ‘ μ±λ₯ λͺ¨λν°λ§ λ° μ΅μ ν
μ±λ₯ λ©νΈλ¦ μμ§
# monitoring-setup.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: performance-monitoring
data:
prometheus.yml: |
global:
scrape_interval: 15s
scrape_configs:
# Harbor λ©νΈλ¦
- job_name: 'harbor'
static_configs:
- targets: ['harbor:8080']
metrics_path: /api/v2.0/metrics
# Nexus λ©νΈλ¦
- job_name: 'nexus'
static_configs:
- targets: ['nexus:8081']
metrics_path: /service/metrics/prometheus
# μ±λ₯ μκ³κ° μλ¦Ό
rule_files:
- "performance_alerts.yml"
performance_alerts.yml: |
groups:
- name: registry_performance
rules:
# Harbor μ±λ₯ μλ¦Ό
- alert: HarborHighLatency
expr: harbor_http_request_duration_seconds{quantile="0.95"} > 2
for: 5m
labels:
severity: warning
annotations:
summary: "Harbor high latency detected"
# Nexus μ±λ₯ μλ¦Ό
- alert: NexusHighMemoryUsage
expr: nexus_jvm_memory_used_bytes / nexus_jvm_memory_max_bytes > 0.85
for: 5m
labels:
severity: warning
annotations:
summary: "Nexus high memory usage"μλ μ€μΌμΌλ§
# auto-scaling.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: harbor-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: harbor-core
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
# 컀μ€ν
λ©νΈλ¦ κΈ°λ° μ€μΌμΌλ§
- type: Object
object:
metric:
name: harbor_concurrent_requests
target:
type: Value
value: "100"
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nexus-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nexus
minReplicas: 1
maxReplicas: 3
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 75π§ CI/CD νμ΄νλΌμΈ μ΅μ ν
νμ΄νλΌμΈ λ¨κ³λ³ μ΅μ ν
# optimized-pipeline.yaml
Pipeline Stages:
Stage 1 - Build Dependencies (Nexus):
optimization:
- Cache Maven/npm dependencies locally
- Use Nexus proxy for faster downloads
- Parallel dependency resolution
implementation:
cache_strategy: "aggressive"
parallel_downloads: true
local_cache_size: "10GB"
Stage 2 - Application Build:
optimization:
- Use cached dependencies
- Multi-stage Docker builds
- Build cache reuse
implementation:
docker_buildkit: true
cache_from:
- "harbor.company.com/cache/app-base:latest"
build_args:
- BUILDKIT_INLINE_CACHE=1
Stage 3 - Security Scan (Harbor):
optimization:
- Scan only new layers
- Parallel vulnerability scanning
- Cache scan results
implementation:
scan_policy: "incremental"
parallel_scanners: 4
cache_scan_results: "7_days"
Stage 4 - Deploy (Harbor):
optimization:
- Pre-pull images to nodes
- Use image pull secrets
- Optimize image pull policy
implementation:
image_pull_policy: "IfNotPresent"
image_pull_secrets: ["harbor-registry-secret"]
pre_pull_images: trueπ μ±λ₯ λ²€μΉλ§ν¬ λ° λͺ©ν
μ±λ₯ KPI
Performance Targets:
Harbor (Container Registry):
Image Push:
- Small images (< 100MB): < 30 seconds
- Medium images (100MB-1GB): < 2 minutes
- Large images (> 1GB): < 5 minutes
Image Pull:
- First pull: < 1 minute per GB
- Cached pull: < 10 seconds
- Parallel pulls: 10+ concurrent
API Response:
- Catalog API: < 200ms
- Manifest API: < 100ms
- Blob API: < 50ms
Nexus (Package Repository):
Maven Dependencies:
- Initial build: < 5 minutes
- Incremental build: < 30 seconds
- Dependency resolution: < 100ms per artifact
npm Packages:
- npm install: < 2 minutes
- npm ci: < 1 minute
- Package search: < 500ms
Storage Performance:
- Read IOPS: > 10,000
- Write IOPS: > 5,000
- Throughput: > 1GB/sπ μ΅μ’ κΆμ₯ μν€ν μ²
Production-Ready Architecture
Recommended Setup:
Infrastructure:
Harbor Cluster:
- 3 nodes (master-master-master)
- 16 CPU, 32GB RAM per node
- 1TB NVMe SSD per node
- S3 backend storage (multi-region)
Nexus Cluster:
- 2 nodes (active-passive)
- 8 CPU, 16GB RAM per node
- 500GB NVMe SSD per node
- PostgreSQL backend
Network:
- 10Gbps internal network
- CDN for global distribution
- Load balancers with health checks
Deployment Strategy:
Phase 1: Infrastructure Setup (Week 1-2)
Phase 2: Harbor Production Deployment (Week 3)
Phase 3: Nexus Migration/Setup (Week 4)
Phase 4: CI/CD Integration (Week 5-6)
Phase 5: Performance Tuning (Week 7-8)
Monitoring:
- Prometheus + Grafana dashboards
- Custom performance metrics
- Automated alerting
- Capacity planning reportsμ΄ μν€ν μ²λ κ° λꡬμ κ°μ μ μ΅λννλ©΄μ μ±λ₯ μ€λ²ν€λλ₯Ό μ΅μννλ μ€κ³μ λλ€! π―
bytebliss