Playbooks

Artifact Delivery with Harbor

How Harbor fits into the deployment flow as the reference artifact registry

Agentic Friendly

Harbor is the reference artifact registry for BullSequana AI delivery when a customer needs a dedicated registry under their control.

It is especially relevant in on-premise and sovereign environments where platform images and Helm artifacts need to be staged before Argo CD begins deploying the platform.

Why Harbor Is Used

  • central storage for container images and charts
  • controlled image promotion into the target environment
  • separation between build pipelines and runtime clusters
  • better fit for sovereign and disconnected delivery models
  • enterprise features such as RBAC, scanning, replication, and audit trails

Where Harbor Fits In The Sequence

Harbor is normally prepared before Argo CD, because GitOps deployment depends on a reachable registry that already contains the required platform artifacts.

Typical flow:

  1. stage or replicate platform images into Harbor
  2. confirm registry authentication and project structure
  3. configure pull secrets for the target cluster
  4. let Argo CD deploy manifests that reference those images

Harbor can run in different ways, but the recommended approach is to operate it outside the target Kubernetes cluster.

This reduces the risk of a circular failure where the cluster depends on a registry that is itself degraded by the same platform issue.

What To Prepare

  • registry DNS name
  • TLS certificates
  • storage location and sizing
  • admin credentials and access model
  • project structure for platform images and Helm charts
  • replication path if images are mirrored from another registry

Operational Notes

  • quotas should be defined so projects cannot exhaust storage unexpectedly
  • replication rules are useful when images need to be mirrored from an upstream registry
  • access should be scoped by project rather than shared broadly across teams
  • cluster pull secrets should be validated before the main platform rollout starts

When Harbor May Not Be Needed

Harbor is optional when the customer already operates a compatible enterprise registry and prefers to keep that service as the source of truth.

In that case, the main requirement is not Harbor itself but a reliable registry path for:

  • platform images
  • Helm artifacts
  • registry authentication
  • cluster pull secrets

Learn More

Deployment Sequence

Recommended rollout sequence for a new BullSequana AI deployment

Rook-Ceph RGW S3 access

Validate Rook-Ceph RGW S3 access from a workstation using the static bootstrap credentials.

On this page

Why Harbor Is UsedWhere Harbor Fits In The SequenceRecommended TopologyWhat To PrepareOperational NotesWhen Harbor May Not Be NeededLearn More