1. Harbor as a Container Registry for AI Model Serving


    Harbor is an open-source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. It facilitates better management and deployment of containers, which is vital for modern cloud-native applications. Pulumi provides resources to manage Harbor, allowing you to define, deploy, and manage Harbor as a container registry through code.

    Below, we'll write a Pulumi program in Python to deploy a Harbor instance that can be used as a Container Registry. We will create a Harbor project, define users, and set replication policies.

    1. Harbor Project: A project in Harbor is a grouping of repositories of container images. We'll start by creating a project that will hold our AI model serving container images.

    2. Harbor User: For managing access, we'll define users that can push or pull images from our Harbor project.

    3. Harbor Replication: Replication policies in Harbor allow the synchronization of images from one Harbor registry to another, enabling image backup or multi-site deployments.

    4. Storage and Security Settings: We will also configure storage quotas and vulnerability scanning for our Harbor project.

    Let's start by writing our Pulumi program:

    import pulumi import pulumi_harbor as harbor # Create a Harbor project for AI model serving images. # A project in Harbor is the organizational unit grouping container repositories. ai_project = harbor.Project("aiModelServing", name="ai-model-serving", # Name of the Harbor project public=True, # Defines whether the project is public storageQuota=-1) # No limit on storage quota, can be set to a specific value in MB. # Create a user in Harbor with access to the project. ai_user = harbor.User("aiUser", username="modeluser", password="VeryS3cr3tP@ssw0rd", # Ideally, use secret management for passwords. email="modeluser@example.com", realname="AI Model User", admin=False) # The user is not an admin. # Set up replication from our Harbor project to another registry (assuming another registry is set up). replication_rule = harbor.Replication("aiModelServingReplication", name="replicate-ai-models", action="push", # Define the replication action, can be "push" or "pull". registryId=1, # ID of the target registry for replication. destNamespace="backup-namespace", # Namespace in the target registry. override=True, # Whether to override the replicate resources if they exist. enabled=True) # Enable the replication rule. # Export the Harbor project and user information, including project ID and user ID. # These outputs can be used for further automation or integration with CI/CD pipelines. pulumi.export("project_id", ai_project.id) pulumi.export("user_id", ai_user.id) pulumi.export("replication_id", replication_rule.id)

    This program uses Pulumi to set up a Harbor container registry with necessary configurations for AI model serving. The pulumi.export statements at the end of the program make it easy to obtain IDs for our project, user, and replication rule, which can be handy for integration.

    Further notes:

    • This example assumes you have your cloud environment and Pulumi set up.
    • Store sensitive information like passwords securely, preferably using Pulumi's secret management or an external secrets provider.
    • The registryId in harbor.Replication refers to another registry we'd replicate to. Update this to match your specific target registry's ID.
    • Ensure to review and adhere to best practices for permissions and user management, especially when handling production environments.
    • The default for public is set to True for demonstration purposes. Adjust this based on your use case, setting it to False for private projects.