Seamlessly Migrate Harbor Registry Storage to MinIO: Step‑by‑Step Guide
This tutorial explains how to switch Harbor's default storage to MinIO by setting Harbor to read‑only, transferring images with rclone, configuring Harbor to use MinIO as its backend, re‑enabling writes, and verifying the new setup, providing all necessary commands and tips.
In the fast‑evolving cloud‑native era, containerized applications and micro‑service architectures are becoming mainstream. Harbor, a widely used private registry, ensures secure storage and efficient distribution of container images. When business scale grows, the default storage may no longer meet performance and scalability requirements, making MinIO an ideal high‑performance object storage alternative.
Migration Steps
Set Harbor to read‑only (requires Harbor 2.1+). This mode allows only image pulls and prevents pushes.
Migrate Harbor images to MinIO using
rcloneto sync data.
Configure Harbor to use MinIO storage by updating the
harbor-value.ymlfile.
Cancel Harbor read‑only mode after migration.
Validate the service by pushing an image.
Set Harbor Read‑Only (Page Method)
Navigate to System Settings → Configuration Management → System Settings, check "Repository read‑only" and save.
Set Harbor Read‑Only (API Method)
<code>$ curl -X PUT -k -u admin https://172.139.20.100/api/v2.0/configurations \
-H "Host: core.jiaxzeng.com" \
-H "Content-Type: application/json" \
-d '{"read_only": true}'
Enter host password for user 'admin':</code>Transfer Images with rclone
Download and install rclone:
<code>$ wget https://downloads.rclone.org/v1.68.2/rclone-v1.68.2-linux-amd64.zip
$ unzip rclone-v1.68.2-linux-amd64.zip</code>Configure rclone to connect to MinIO:
<code>$ cat ~/.config/rclone/rclone.conf
[minio]
type = s3
provider = Minio
access_key_id = 4oMdyyLC88OkxfMtIJ2S
secret_access_key = y0f7toxKPoAV6LanDawXGcQwkoiA8yvyI56mUQXw
endpoint = https://s3.jiaxzeng.com
acl = private
upload_cutoff = 5Gi</code>Verify the connection:
<code>$ ./rclone tree minio:/test --no-check-certificate
/</code>Sync data from Harbor to MinIO:
<code>$ ./rclone sync /data/harbor minio:/test --no-check-certificate
Transferred: 5.031 GiB / 5.031 GiB, 100%</code>Configure Harbor to Use MinIO
<code>$ cat /etc/kubernetes/addons/harbor-value.yml
persistence:
imageChartStorage:
type: s3
disableredirect: true
s3:
bucket: harbor
accesskey: ahnGo5qpakYnMXIq5zjf
secretkey: LulZqwHbtFS7UIF55F77w9R1lwetaYK5HnXT6gIC
regionendpoint: http://minio.kube-system.svc:9000</code>Upgrade Harbor with the new configuration:
<code>$ helm -n harbor upgrade harbor -f /etc/kubernetes/addons/harbor-value.yml /etc/kubernetes/addons/harbor
Release "harbor" has been upgraded. Happy Helming!</code>Cancel Read‑Only Mode
<code>$ curl -X PUT -k -u admin https://172.139.20.100/api/v2.0/configurations \
-H "Host: core.jiaxzeng.com" \
-H "Content-Type: application/json" \
-d '{"read_only": false}'
Enter host password for user 'admin':</code>Validate the Service
<code>$ sudo docker push core.jiaxzeng.com/library/tools:v1.1
The push refers to repository [core.jiaxzeng.com/library/tools]
... digest: sha256:fde527bff0c89d6cefbf8fac19e7c6e8266766641f4a8610e4f7c2154ca86252 size: 741</code>By switching Harbor's backend storage to MinIO, you gain better performance, scalability, and simplified management, enhancing the flexibility of your IT architecture to meet evolving business demands.
Linux Ops Smart Journey
The operations journey never stops—pursuing excellence endlessly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.