TencentHub Technical Architecture and DevOps Implementation Overview

This talk introduces TencentHub, a unified storage service that combines Docker images, binary files, and Helm charts, and explains how its architecture leverages Kubernetes to quickly realize a workflow engine for DevOps.

The speaker first defines DevOps as a business‑agile approach that requires tools and culture to enable rapid software delivery. TencentHub is presented as both a multifunctional repository (Docker images, Helm charts, build artifacts) and a DevOps engine that orchestrates workflows using YAML‑defined pipelines.

The overall architecture consists of a Registry layer (managing organizations, teams, permissions, and repositories) and a StorageEngine layer (providing a unified storage backend based on COS). The Registry uses a token‑based authentication flow (OAuth2 password mode or Basic Auth) and issues JWT‑style hub tokens that embed tenant information for stateless authorization.

Image storage follows the OCI Distribution Specification: Docker images are stored as layers, config files, and manifests, enabling content‑addressable storage, improved security, reduced redundancy, and cache‑friendly behavior. TencentHub implements the distribution RESTful API (GET/PUT/DELETE on /v2/.../manifests and blobs) and adds a custom hub‑token mechanism to support multi‑tenant scenarios.

A built‑in static analysis scanner (based on CoreOS Claire) performs vulnerability scanning of uploaded images by comparing package versions against vulnerability databases, reporting results via webhooks.

The workflow engine is designed with a three‑level hierarchy: workflow → stage → job. Stages can be paused to allow manual approvals, and jobs are executed as containerized components. Components receive input via environment variables and emit output through a defined standard‑output format. Cache and artifact mechanisms allow jobs to share data and store build results in TencentHub’s object storage.

Containers are chosen for isolation, reuse, maturity of Docker standards, and ease of migrating existing DevOps tasks (shell scripts, Go binaries) into the platform. The engine runs jobs on TKE (Tencent Kubernetes Engine), benefiting from Kubernetes reliability, auto‑scaling, and flexible resource allocation.

Workflow execution uses a custom CommandWrapper that handles pre‑ and post‑hooks for cache/artifact management and returns the job’s exit code to the engine. Logs are collected directly from the Kubernetes API and stored in COS or streamed to the frontend.

The speaker notes that TencentHub is currently in internal testing on the Tencent Cloud website and invites developers to try the product and provide feedback.