Managed OCI artifact Registry Product Reversibility Policy

Objective

This document describes the reversibility policy of the Managed OCI artifact Registry product covering the following OVHcloud service: Managed Private Registry

This policy aims to implement the general reversibility principles and our compliance with the SWIPO IAAS Code of Conduct for cloud providers.

Feature List

The product features are divided into three categories:

Main features for which we guarantee migration capacity.
OVHcloud implementations that require adaptation to a new migration environment.
Specific features that cannot be guaranteed for migration as they are related to the OVHcloud environment or involve custom developments.

#Main features

Functionality	Description	Formats	Migration model	Documentation available
OCI API and compatibility	Native OCI (Open Container Initiative) support for artifacts, images, Helm charts, Cosign signatures, and more.	OCI, Helm, Cosign (signatures), JSON	Inbound: Direct push of artifacts via standard tools (docker, helm, oras, cosign, etc.) or OCI API. Outbound: Pull/export of artifacts via the same tools or API to any other OCI/Harbor/Artifact Registry compatible registry.	Migrate Helm Chart from Chartmuseum to OCI
Import/Export Artifacts	Upload and download artifacts (push/pull) via CLI/API standard Harbor/OCI	OCI, Helm, JSON	Inbound:Import via docker push, helm push, oras push, etc. Outbound: Export via docker pull, helm pull, oras pull, then push to the target.	Artifact Import/Export
Signature and verification Cosign	Signature and verification of artifacts via Cosign (Sigstore), Harbor v2.5+ native support	Cosign (OCI signature)	Inbound: Import of Cosign signed artifacts. Outbound: Export of Cosign artifacts and their signatures, reimport possible on any Cosign/OCI compatible registry.	Sign OCI artifacts with Cosign on OVHcloud Managed Private Registry
Replication Harbor	Automatic synchronization/replication between Harbor/OCI registries (push/pull or bidirectional)	OCI, Helm, JSON	Inbound: Configuring replication from a source registry (Harbor/OCI) to OVHcloud. Outbound: Configuring replication to another Harbor/OCI-compatible registry.	Replication Configuration

OVHcloud implementation

Functionality	Description	Formats	Migration model	Documentation available
RBAC and rights management	Manage access rights by project, user, robot account, RBAC Harbor	JSON (policies), interne Harbor	Incoming: Permissions are adjusted manually during import. Outgoing: Artifacts are exported, then permissions are reconfigured on the target (RBAC format not always compatible between solutions).	Managing users and projects
Audit logs and logs	Automatic access logging and operations (Harbor/OVHcloud logs)	JSON, internal logs	Incoming: Not applicable for import. Outgoing: Manually export logs if required, adaptation required depending on the target (format/non-standardized logs).	Access and Search Project Logs
CI/CD Automation	Integration with CI/CD pipelines via Harbor/OCI API, robot tokens, OIDC	JSON, YAML (pipelines)	Incoming: Adapting scripts/pipelines to point to the OVHcloud registry. Outgoing: Reconfiguring pipelines to point to the new target, potential tokens adaptation and permissions.	Harbor API
Vulnerability Scans	Automatic image analysis via an integrated Harbor scanner (Trivy, Clair, etc.)	JSON CSV Reports	Inbound: Not applicable for import. Outbound: Reports can be exported, but the target may need to be adapted if it has another scanner.	Clair project

Specific features

Functionality	Description	Formats	Migration model	Documentation available
Managed via the OVHcloud Control Panel	OVHcloud-specific graphical interface and API for service management	N/A	Inbound: N/A Outbound: Scripts/API to rewrite for the target, manual management required.	OVHcloud API
Infrastructure as Code	Automated deployment via Terraform modules specific to OVHcloud	N/A	Inbound: Scripts must be adapted for other providers. Outbound: Terraform configurations need to be rewritten.	Terraform

List of architectures

The OVHcloud Managed Private Registry service (based on Harbor) supports a multi-project, multi-namespace, multi-user architecture with logical isolation. It enables automatic replication between registries (Harbor/OCI), fine-grained rights management (RBAC), OIDC authentication, artifact signing and verification (Cosign), vulnerability scanning, and CI/CD integration via API or robot tokens. The service is highly available and can be integrated into the OVHcloud vRack private network for secure usage.

Partner Services

OVHcloud partners are listed under the keyword Migrate to the cloud in the Dedicated Partner Directory.

OVHcloud also offers a dedicated service: OVHcloud Professional Services.

Cost and fees

Billing is based on a pay-per-use basis, with no commitment. No specific cancellation fees apply: deleting the service will stop the billing immediately. Any associated OVHcloud credits cannot be transferred. It is the customer's responsibility to export their artifacts before deletion, as deleting them is irreversible.

Data Retention after termination of the contract

After deletion of the service or termination of the contract, OVHcloud permanently deletes all artifacts, images, signatures and metadata stored in the registry. Logs and access histories are also deleted. It is therefore imperative to export all necessary data before deletion, as no restoration is possible after the cancellation.

War diese Seite hilfreich?