Image Catalog
Purpose: For operators, provides the complete list of container images with registry, tag, purpose, and update frequency.
Overview
This catalog lists every container image deployed by the openCenter platform. Images are grouped by function. Each entry includes the upstream source, the Harbor project where the image is stored, and the typical update cadence.
Platform Core Services
| Image | Upstream Source | Harbor Project | Purpose | Update Cadence |
|---|---|---|---|---|
fluxcd/flux | ghcr.io/fluxcd | platform-core | GitOps reconciliation controller | Monthly (FluxCD releases) |
fluxcd/helm-controller | ghcr.io/fluxcd | platform-core | Helm release lifecycle | Monthly |
fluxcd/source-controller | ghcr.io/fluxcd | platform-core | Git/Helm/OCI source management | Monthly |
fluxcd/kustomize-controller | ghcr.io/fluxcd | platform-core | Kustomization reconciliation | Monthly |
Security Services
| Image | Upstream Source | Harbor Project | Purpose | Update Cadence |
|---|---|---|---|---|
cert-manager/controller | quay.io/jetstack | platform-security | TLS certificate automation | Quarterly |
cert-manager/webhook | quay.io/jetstack | platform-security | Admission webhook for cert-manager | Quarterly |
cert-manager/cainjector | quay.io/jetstack | platform-security | CA bundle injection | Quarterly |
kyverno/kyverno | ghcr.io/kyverno | platform-security | Policy engine | Quarterly |
keycloak/keycloak | quay.io/keycloak | platform-security | Identity and access management | Quarterly |
Observability Stack
| Image | Upstream Source | Harbor Project | Purpose | Update Cadence |
|---|---|---|---|---|
prometheus/prometheus | docker.io/prom | platform-observability | Metrics collection and alerting | Quarterly |
grafana/grafana | docker.io/grafana | platform-observability | Dashboards and visualization | Quarterly |
grafana/loki | docker.io/grafana | platform-observability | Log aggregation | Quarterly |
grafana/tempo | docker.io/grafana | platform-observability | Distributed tracing | Quarterly |
otel/opentelemetry-collector | docker.io/otel | platform-observability | Telemetry pipeline | Quarterly |
Storage and Networking
| Image | Upstream Source | Harbor Project | Purpose | Update Cadence |
|---|---|---|---|---|
longhornio/longhorn-manager | docker.io/longhornio | platform-infra | Distributed block storage | Quarterly |
longhornio/longhorn-engine | docker.io/longhornio | platform-infra | Storage data plane | Quarterly |
metallb/controller | quay.io/metallb | platform-infra | Load balancer controller | Semi-annual |
metallb/speaker | quay.io/metallb | platform-infra | BGP/L2 announcements | Semi-annual |
calico/node | docker.io/calico | platform-infra | CNI networking | Quarterly |
Registry and Backup
| Image | Upstream Source | Harbor Project | Purpose | Update Cadence |
|---|---|---|---|---|
goharbor/harbor-core | docker.io/goharbor | platform-infra | Container registry core | Semi-annual |
goharbor/trivy-adapter | docker.io/goharbor | platform-infra | Vulnerability scanning adapter | Semi-annual |
velero/velero | docker.io/velero | platform-infra | Cluster backup and restore | Semi-annual |
Image Naming Convention
All images in Harbor follow this pattern:
<harbor-host>/<harbor-project>/<image-name>:<semver>-<git-sha-short>
Example: harbor.opencenter.example.com/platform-security/cert-manager-controller:1.18.2-a1b2c3d
Verifying the Catalog
To list all images currently deployed in a cluster:
kubectl get pods --all-namespaces -o jsonpath='{range .items[*]}{range .spec.containers[*]}{.image}{"\n"}{end}{end}' | sort -u
To check an image's signature:
cosign verify --key cosign.pub harbor.opencenter.example.com/platform-security/kyverno:1.12.0-abc1234
Further Reading
- Lifecycle Management — Retention policies and deprecation process
- Security & SBOM — How images are scanned and signed
- Air-Gap Mirroring — Packaging catalog images for disconnected sites