Design And Implementation Of A Docker Registry For National High Performance Computing Environment

The rapid development of cloud-native technologies,represented by Docker and Kubernetes in recent years,has revolutionized traditional applications' development and deployment.In the field of High Performance Computing(HPC),more and more applications are providing software services in the form of container images,lowering the threshold for user usage and application deployment.While container technology brings convenience,it also introduces many new challenges.The containerization process of professional applications faces the problem of version dependency complexity and difficulty in the building.The National High Performance Computing Environment(NHPCE)involves many supercomputing centers,and managing image resources among them is one of the challenges.Ensuring the security of container image resources in the NHPCE is also an urgent issue to be addressed.In order to solve the problem of image management in the NHPCE,analysis and research are conducted on docker registry at home and abroad.We propose an emerging docker registry called CNGrid Hub for NHPCE.CNGrid Hub conducts architectural design from the perspectives of global management of container image resources,image vulnerability scanning,security strategy,and efficient building of professional software.We use the concept of microservice and adopt Docker containers as application deployment carriers.By analyzing and simplifying the image build script,the complexity of container image building is reduced.Adopt OIDC(Open ID Connect)to solve the problem of unified authentication and authorization.Implement a custom security strategy based on Trivy to solve the problem of container image vulnerabilities.Design an image migration mechanism to achieve the rapid sharing of container images across regions.Design a built-in scheduler to solve the problem of multitasking scheduling within the CNGrid Hub.We conducted functional testing and performance testing on the system.The functional testing results show that CNGrid Hub has complete functions,and it is more suitable for the NHPCE than other docker registry.Performance testing results show that in the face of heavy traffic access,the system core interface can respond quickly within the expected time,providing a reliable guarantee for the quality of service and stable support for other services in the NHPCE.