Harbor Container Registry¶

AKKO ships 14 custom Docker images. Harbor provides a private registry at harbor.<domain> for distributing them to clients and deployment targets.

Architecture¶

graph LR
    Dev[Developer] -->|docker build| Local[Local Images]
    Local -->|docker push| Harbor[harbor.akko-ai.com]
    Harbor -->|docker pull| K8s[k3s / EKS / GKE]
    Harbor -->|docker pull| Client[Client Cluster]

Access¶

URL	Credentials	Usage
`https://harbor.<domain>/`	Web UI (basic auth)	Browse images, tags, digests
`https://harbor.<domain>/v2/`	Docker API (basic auth)	`docker pull/push`

Default demo credentials¶

User	Password	Scope
`akko-client`	`AkkoDemo2026!`	Read-only (client demos)
`admin`	`AkkoAdmin2026!`	Read-write (push images)

Production: replace these with strong passwords via infrastructure/harbor/htpasswd.

Images (14)¶

Image	Tag	Description
`akko-cockpit`	2026.04	Portal UI (nginx)
`akko-aden`	2026.04	NL→SQL engine (FastAPI)
`akko-ai-service`	2026.04	AI gateway (FastAPI)
`akko-trino`	2026.04	Trino + 17 AI functions plugin
`akko-spark`	2026.04	Spark + Iceberg + PostgreSQL JDBC
`akko-notebook`	2026.04	JupyterHub user image (Python/R/Julia/Scala)
`akko-postgres`	2026.04	PostgreSQL + PostGIS + pgvector
`akko-mlflow`	2026.04	MLflow tracking server
`akko-airflow`	2026.04	Airflow + trino/mlflow/boto3
`akko-dbt`	2026.04	dbt Core + dbt-trino
`akko-docs`	2026.04	MkDocs Material site
`akko-streamlit`	2026.04	ADEN dashboard runtime
`akko-mcp-trino`	2026.04	MCP Server Trino
`akko-mcp-openmetadata`	2026.04	MCP Server OpenMetadata

Workflow: Build → Push → Deploy¶

1. Build all images¶

bash helm/scripts/build-images.sh

2. Push to Harbor¶

# Login
docker login harbor.akko-ai.com -u admin -p 'AkkoAdmin2026!'

# Tag + push all
for img in akko-cockpit:2026.04 akko-aden:2026.04 akko-trino:2026.04 \
           akko-spark:2026.04 akko-notebook:2026.04 akko-postgres:2026.04 \
           akko-mlflow:2026.04 akko-airflow:2026.04 akko-dbt:2026.04 \
           akko-docs:2026.04 akko-streamlit:2026.04 akko-ai-service:2026.04 \
           akko-mcp-trino:2026.04 akko-mcp-openmetadata:2026.04; do
  docker tag $img harbor.akko-ai.com/$img
  docker push harbor.akko-ai.com/$img
done

3. Deploy from Harbor¶

# Generate domain values
bash helm/scripts/generate-domain-values.sh <your-domain>

# Install with Harbor registry
helm install akko helm/akko/ -n akko --create-namespace \
  --set global.image.registry=harbor.akko-ai.com \
  -f helm/examples/values-dev.yaml \
  -f helm/examples/values-domain.yaml \
  -f helm/examples/values-dev-secrets.yaml \
  --set-file akko-keycloak.realm.data=helm/examples/realm-domain.json

4. Client pull (demo)¶

docker login harbor.akko-ai.com -u akko-client -p 'AkkoDemo2026!'
docker pull harbor.akko-ai.com/akko-cockpit:2026.04

Infrastructure¶

Harbor runs as Docker containers on the same server as AKKO:

infrastructure/harbor/docker-compose.yml — registry + UI
infrastructure/caddy/Caddyfile — TLS + basic auth reverse proxy

Troubleshooting¶

Issue	Fix
`unauthorized` on push	`docker login harbor.akko-ai.com -u admin`
Mixed content in UI	Ensure `REGISTRY_URL` is unset, only `NGINX_PROXY_PASS_URL`
502 on harbor subdomain	Check Caddy logs + registry container running
Image not found after push	Check tag matches: `docker images \\| grep akko`