Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-17 07:45:24 +01:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fix/gitlab

Browse Source
This commit is contained in:
lxShaDoWxl 2020-05-06 13:26:18 +06:00
commit 47a57b80d7
2782 changed files with 199182 additions and 87702 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/stale.yml vendored
View File

@ -9,9 +9,17 @@ exemptLabels:
- need-triage
- kind/requirement
- king/bug
- Epic
- target/1.7.5
- target/1.8.0
- Epic
- target/1.9.5
- target/1.10.2
- target/2.0.0
- target/2.0.1
- target/2.1.0
- candidate/1.9.5
- candidate/1.10.2
- candidate/2.0.0
- candidate/2.0.1
- candidate/2.1.0
# Label to use when marking an issue as stale
staleLabel: staled
# Comment to post when marking an issue as stale. Set to `false` to disable

144
.github/workflows/CI.yml vendored
View File

@ -5,7 +5,6 @@ env:
POSTGRESQL_USR: postgres
POSTGRESQL_PWD: root123
POSTGRESQL_DATABASE: registry
ADMINSERVER_URL: http://127.0.0.1:8888
DOCKER_COMPOSE_VERSION: 1.23.0
HARBOR_ADMIN: admin
HARBOR_ADMIN_PASSWD: Harbor12345
@ -15,43 +14,46 @@ env:
REG_VERSION: v2.7.1-patch-2819-2553
UI_BUILDER_VERSION: 1.6.0
on:
on:
pull_request:
push:
paths-ignore:
- 'docs/**'
jobs:
UTTEST:
env:
UTTEST: true
runs-on:
runs-on:
#- self-hosted
- ubuntu-latest
steps:
- name: Set up Go 1.13
uses: actions/setup-go@v1
with:
go-version: 1.13.4
go-version: 1.13.8
id: go
- name: setup Docker
uses: docker-practice/actions-setup-docker@0.0.1
with:
docker_version: 18.09
docker_channel: stable
- uses: actions/checkout@v1
- uses: actions/checkout@v2
with:
fetch-depth: 2
path: src/github.com/goharbor/harbor
- name: setup env
run: |
cd src/github.com/goharbor/harbor
pwd
go env
echo "::set-env name=GOPATH::$(go env GOPATH):$RUNNER_WORKSPACE"
echo "::set-env name=GOPATH::$(go env GOPATH):$GITHUB_WORKSPACE"
echo "::add-path::$(go env GOPATH)/bin"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/tests/private_key.pem"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/src/github.com/goharbor/harbor/tests/private_key.pem"
shell: bash
- name: before_install
run: |
set -x
cd src/github.com/goharbor/harbor
pwd
env
#sudo apt install -y xvfb
@ -67,15 +69,23 @@ jobs:
sudo service docker restart
- name: install
run: |
cd src/github.com/goharbor/harbor
env
bash ./tests/showtime.sh ./tests/travis/ut_install.sh
df -h
bash ./tests/showtime.sh ./tests/ci/ut_install.sh
- name: script
env:
COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo IP: $IP
bash ./tests/showtime.sh ./tests/travis/ut_run.sh $IP
df -h
cd src/github.com/goharbor/harbor
bash ./tests/showtime.sh ./tests/ci/ut_run.sh $IP
df -h
- name: Codecov For BackEnd
uses: codecov/codecov-action@v1
with:
file: ./src/github.com/goharbor/harbor/profile.cov
flags: unittests
APITEST_DB:
env:
APITEST_DB: true
@ -86,30 +96,34 @@ jobs:
- name: Set up Go 1.13
uses: actions/setup-go@v1
with:
go-version: 1.13.4
go-version: 1.13.8
id: go
- name: setup Docker
uses: docker-practice/actions-setup-docker@0.0.1
with:
docker_version: 18.09
docker_channel: stable
- uses: actions/checkout@v1
- uses: actions/checkout@v2
with:
fetch-depth: 2
path: src/github.com/goharbor/harbor
- name: setup env
run: |
cd src/github.com/goharbor/harbor
pwd
go env
echo "::set-env name=GOPATH::$(go env GOPATH):$RUNNER_WORKSPACE"
echo "::set-env name=CNAB_PATH::$(go env GOPATH)/src/github.com/docker"
echo "::set-env name=GITHUB_TOKEN::${{ secrets.GITHUB_TOKEN }}"
echo "::set-env name=GOPATH::$(go env GOPATH):$GITHUB_WORKSPACE"
echo "::add-path::$(go env GOPATH)/bin"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/tests/private_key.pem"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/src/github.com/goharbor/harbor/tests/private_key.pem"
shell: bash
- name: before_install
run: |
set -x
cd src/github.com/goharbor/harbor
pwd
env
df -h
#sudo apt install -y xvfb
#xvfb-run ls
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
@ -121,15 +135,28 @@ jobs:
sudo cp ./tests/harbor_ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo service docker restart
wget https://get.helm.sh/helm-v3.1.1-linux-386.tar.gz && tar zxvf helm-v3.1.1-linux-386.tar.gz
sudo mv linux-386/helm /usr/local/bin/helm3
helm3 plugin install https://github.com/chartmuseum/helm-push
mkdir -p $CNAB_PATH && cd $CNAB_PATH && git clone https://github.com/cnabio/cnab-to-oci.git
cd cnab-to-oci && git checkout v0.3.0-beta4
go list
make build
sudo mv bin/cnab-to-oci /usr/local/bin
- name: install
run: |
cd src/github.com/goharbor/harbor
env
bash ./tests/showtime.sh ./tests/travis/api_common_install.sh $IP DB
df -h
bash ./tests/showtime.sh ./tests/ci/api_common_install.sh $IP DB
- name: script
run: |
cd src/github.com/goharbor/harbor
echo IP: $IP
bash ./tests/showtime.sh ./tests/travis/api_run.sh DB $IP
df -h
bash ./tests/showtime.sh ./tests/ci/api_run.sh DB $IP
df -h
APITEST_LDAP:
env:
APITEST_LDAP: true
@ -140,30 +167,32 @@ jobs:
- name: Set up Go 1.13
uses: actions/setup-go@v1
with:
go-version: 1.13.4
go-version: 1.13.8
id: go
- name: setup Docker
uses: docker-practice/actions-setup-docker@0.0.1
with:
docker_version: 18.09
docker_channel: stable
- uses: actions/checkout@v1
- uses: actions/checkout@v2
with:
fetch-depth: 2
path: src/github.com/goharbor/harbor
- name: setup env
run: |
cd src/github.com/goharbor/harbor
pwd
go env
echo "::set-env name=GOPATH::$(go env GOPATH):$RUNNER_WORKSPACE"
echo "::set-env name=GOPATH::$(go env GOPATH):$GITHUB_WORKSPACE"
echo "::add-path::$(go env GOPATH)/bin"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/tests/private_key.pem"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/src/github.com/goharbor/harbor/tests/private_key.pem"
shell: bash
- name: before_install
run: |
set -x
cd src/github.com/goharbor/harbor
pwd
env
df -h
#sudo apt install -y xvfb
#xvfb-run ls
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
@ -177,12 +206,17 @@ jobs:
sudo service docker restart
- name: install
run: |
cd src/github.com/goharbor/harbor
env
bash ./tests/showtime.sh ./tests/travis/api_common_install.sh $IP LDAP
df -h
bash ./tests/showtime.sh ./tests/ci/api_common_install.sh $IP LDAP
- name: script
run: |
echo IP: $IP
bash ./tests/showtime.sh ./tests/travis/api_run.sh LDAP $IP
df -h
cd src/github.com/goharbor/harbor
bash ./tests/showtime.sh ./tests/ci/api_run.sh LDAP $IP
df -h
OFFLINE:
env:
@ -194,31 +228,33 @@ jobs:
- name: Set up Go 1.13
uses: actions/setup-go@v1
with:
go-version: 1.13.4
go-version: 1.13.8
id: go
- name: setup Docker
uses: docker-practice/actions-setup-docker@0.0.1
with:
docker_version: 18.09
docker_channel: stable
- uses: actions/checkout@v1
- uses: actions/checkout@v2
with:
fetch-depth: 2
path: src/github.com/goharbor/harbor
- name: setup env
run: |
cd src/github.com/goharbor/harbor
pwd
docker version
go env
echo "::set-env name=GOPATH::$(go env GOPATH):$RUNNER_WORKSPACE"
echo "::set-env name=GOPATH::$(go env GOPATH):$GITHUB_WORKSPACE"
echo "::add-path::$(go env GOPATH)/bin"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/tests/private_key.pem"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/src/github.com/goharbor/harbor/tests/private_key.pem"
shell: bash
- name: before_install
run: |
set -x
cd src/github.com/goharbor/harbor
pwd
env
df -h
#sudo apt install -y xvfb
#xvfb-run ls
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
@ -233,7 +269,10 @@ jobs:
- name: script
run: |
echo IP: $IP
bash ./tests/showtime.sh ./tests/travis/distro_installer.sh
df -h
cd src/github.com/goharbor/harbor
bash ./tests/showtime.sh ./tests/ci/distro_installer.sh
df -h
UI_UT:
env:
@ -245,35 +284,18 @@ jobs:
- uses: actions/setup-node@v1
with:
node-version: '10.16.2'
- uses: actions/checkout@v1
- uses: actions/checkout@v2
with:
fetch-depth: 2
path: src/github.com/goharbor/harbor
- name: setup env
run: |
pwd
go env
echo "::set-env name=GOPATH::$(go env GOPATH):$RUNNER_WORKSPACE"
echo "::add-path::$(go env GOPATH)/bin"
echo "::set-env name=TOKEN_PRIVATE_KEY_PATH::${GITHUB_WORKSPACE}/tests/private_key.pem"
shell: bash
- name: before_install
run: |
set -x
pwd
env
#sudo apt install -y xvfb
#xvfb-run ls
#curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
#chmod +x docker-compose
#sudo mv docker-compose /usr/local/bin
IP=`hostname -I | awk '{print $1}'`
#echo '{"insecure-registries" : ["'$IP':5000"]}' | sudo tee /etc/docker/daemon.json
echo "::set-env name=IP::$IP"
sudo cp ./tests/harbor_ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
#sudo service docker restart
- name: script
run: |
echo IP: $IP
bash ./tests/showtime.sh ./tests/travis/ui_ut_run.sh
df -h
cd src/github.com/goharbor/harbor
bash ./tests/showtime.sh ./tests/ci/ui_ut_run.sh
df -h
- name: Codecov For UI
uses: codecov/codecov-action@v1
with:
file: ./src/github.com/goharbor/harbor/src/portal/coverage/lcov.info
flags: unittests

75
.github/workflows/conformance_test.yml vendored Normal file
View File

@ -0,0 +1,75 @@
name: CONFORMANCE_TEST
env:
DOCKER_COMPOSE_VERSION: 1.23.0
on:
repository_dispatch:
types:
- manual-trigger-conformance
schedule:
- cron: '0 6 * * *'
jobs:
CONFORMANCE_TEST:
env:
CONFORMANCE_TEST: true
runs-on:
#- self-hosted
- ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
with:
version: '285.0.0'
project_id: ${{ secrets.GCP_PROJECT_ID }}
service_account_email: ${{ secrets.GCP_SA_EMAIL }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- run: gcloud info
- name: Set up Go 1.13
uses: actions/setup-go@v1
with:
go-version: 1.13.8
id: go
- name: setup Docker
uses: docker-practice/actions-setup-docker@0.0.1
with:
docker_version: 18.09
docker_channel: stable
- uses: actions/checkout@v2
with:
path: src/github.com/goharbor/harbor
- name: before_install
run: |
set -x
cd src/github.com/goharbor/harbor
pwd
env
df -h
curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
chmod +x docker-compose
sudo mv docker-compose /usr/local/bin
IP=`hostname -I | awk '{print $1}'`
echo '{"insecure-registries" : ["'$IP':5000"]}' | sudo tee /etc/docker/daemon.json
echo "::set-env name=IP::$IP"
sudo cp ./tests/harbor_ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo service docker restart
- name: install
run: |
cd src/github.com/goharbor/harbor
env
df -h
bash ./tests/showtime.sh ./tests/ci/api_common_install.sh $IP DB
- name: script
run: |
echo IP: $IP
df -h
cd src/github.com/goharbor/harbor
bash ./tests/showtime.sh ./tests/ci/conformance_test.sh $IP
df -h
- name: upload test result to gs
run: |
gsutil cp report.html gs://harbor-conformance-test/report.html
gsutil acl ch -u AllUsers:R gs://harbor-conformance-test/report.html
if: always()

13
.github/workflows/netlify.yml vendored Normal file
View File

@ -0,0 +1,13 @@
name: Build and Deploy to Netlify
on:
push:
paths:
- 'docs/**'
branches:
- master
jobs:
build:
runs-on: ubuntu-18.04
steps:
- name: Deploy new-site to Netlify
run: curl -X POST -d {} ${{ secrets.NETLIFY_BUILD_HOOK }}

1
.gitignore vendored
View File

@ -7,6 +7,7 @@ make/dev/adminserver/harbor_adminserver
make/dev/core/harbor_core
make/dev/jobservice/harbor_jobservice
make/photon/*/binary/
make/photon/prepare/versions
src/adminserver/adminserver
src/core/core

73
.travis.yml
View File

@ -1,73 +0,0 @@
sudo: true
language: go
go:
- 1.13.4
go_import_path: github.com/goharbor/harbor
services:
- docker
dist: trusty
matrix:
include:
- go: 1.13.4
env:
- UTTEST=true
- go: 1.13.4
env:
- APITEST_DB=true
- go: 1.13.4
env:
- APITEST_LDAP=true
- go: 1.13.4
env:
- OFFLINE=true
- language: node_js
node_js: 10.16.2
env:
- UI_UT=true
env:
global:
- POSTGRESQL_HOST: localhost
- POSTGRESQL_PORT: 5432
- POSTGRESQL_USR: postgres
- POSTGRESQL_PWD: root123
- POSTGRESQL_DATABASE: registry
- ADMINSERVER_URL: http://127.0.0.1:8888
- DOCKER_COMPOSE_VERSION: 1.23.0
- HARBOR_ADMIN: admin
- HARBOR_ADMIN_PASSWD: Harbor12345
- CORE_SECRET: tempString
- KEY_PATH: "/data/secret/keys/secretkey"
- REDIS_HOST: localhost
- REG_VERSION: v2.7.1-patch-2819-2553
- UI_BUILDER_VERSION: 1.6.0
- TOKEN_PRIVATE_KEY_PATH: "/home/travis/gopath/src/github.com/goharbor/harbor/tests/private_key.pem"
addons:
apt:
sources:
- google-chrome
packages:
- google-chrome-stable
- google-chrome-beta
before_install:
- curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname
-s`-`uname -m` > docker-compose
- chmod +x docker-compose
- sudo mv docker-compose /usr/local/bin
- IP=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
- sudo sed -i '$a DOCKER_OPTS=\"--insecure-registry '$IP':5000\"' /etc/default/docker
- export IP=$IP
- sudo cp ./tests/harbor_ca.crt /usr/local/share/ca-certificates/
- sudo update-ca-certificates
- sudo service docker restart
install:
- if [ "$UTTEST" == true ]; then bash ./tests/showtime.sh ./tests/travis/ut_install.sh ; fi
- if [ "$APITEST_DB" == true ]; then bash ./tests/showtime.sh ./tests/travis/api_common_install.sh $IP
DB; fi
- if [ "$APITEST_LDAP" == true ]; then bash ./tests/showtime.sh ./tests/travis/api_common_install.sh $IP
LDAP; fi
script:
- if [ "$UTTEST" == true ]; then bash ./tests/showtime.sh ./tests/travis/ut_run.sh $IP; fi
- if [ "$APITEST_DB" == true ]; then bash ./tests/showtime.sh ./tests/travis/api_run.sh DB $IP; fi
- if [ "$APITEST_LDAP" == true ]; then bash ./tests/showtime.sh ./tests/travis/api_run.sh LDAP $IP; fi
- if [ "$OFFLINE" == true ]; then bash ./tests/showtime.sh ./tests/travis/distro_installer.sh; fi
- if [ "$UI_UT" == true ]; then bash ./tests/showtime.sh ./tests/travis/ui_ut_run.sh ; fi

52
ADOPTERS.md
View File

@ -8,32 +8,32 @@ publicly at this time.
There are many additional adopters of Harbor in the evaluating phase that will
be added to this list as they transition to production deployments.
<a href="https://www.jd.com" border="0" target="_blank"><img alt="JD.com" src="docs/img/jd.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.trendmicro.com" border="0" target="_blank"><img alt="trendmicro" src="docs/img/trendmicro.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.datayes.com" border="0" target="_blank"><img alt="DataYes" src="docs/img/datayes.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.axatp.com" border="0" target="_blank"><img alt="axatp" src="docs/img/axatp.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="https://www.360totalsecurity.com/en/" target="_blank" border="0"><img alt="360 Total Security" src="docs/img/360.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.talkingdata.com" border="0" target="_blank"><img alt="talkingdata" src="docs/img/talkingdata.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.boericasa.com/index.html" border="0" target="_blank"><img alt="BoerSmart" src="docs/img/boer.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.open.com.cn" border="0" target="_blank"><img alt="OpenEdutainment" src="docs/img/openedutainment.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.ifre.com.cn" border="0" target="_blank"><img alt="iFRE" src="docs/img/ifre.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="http://www.boco.com.cn:8080/bocoit/" border="0" target="_blank"><img alt="BOCOIT" src="docs/img/bocoit.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.wise2c.com/" border="0" target="_blank"><img alt="wise2c" src="docs/img/wise2c.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.hydsoft.com/" border="0" target="_blank"><img alt="HYDSoft" src="docs/img/hydsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloud-star.com.cn/" border="0" target="_blank"><img alt="CloudStar" src="docs/img/cloudstar.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.beyondsoft.com/" border="0" target="_blank"><img alt="BeyondSoft" src="docs/img/beyondsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.chinamobileltd.com/" border="0" target="_blank"><img alt="ChinaMobile" src="docs/img/china-mobile.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.caicloud.io" target="_blank" border="0"><img alt="CaiCloud" src="docs/img/caicloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://rancher.com/" target="_blank" border="0"><img alt="Rancher" src="docs/img/rancher.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.tenxcloud.com/" target="_blank" border="0"><img alt="TenxCloud" src="docs/img/tenxcloud.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.bingocc.com/" target="_blank" border="0"><img alt="BingoCloud" src="docs/img/bingocloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.jd.com" border="0" target="_blank"><img alt="JD.com" src="docs/adopters/jd.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.trendmicro.com" border="0" target="_blank"><img alt="trendmicro" src="docs/adopters/trendmicro.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.datayes.com" border="0" target="_blank"><img alt="DataYes" src="docs/adopters/datayes.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.axatp.com" border="0" target="_blank"><img alt="axatp" src="docs/adopters/axatp.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="https://www.360totalsecurity.com/en/" target="_blank" border="0"><img alt="360 Total Security" src="docs/adopters/360.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.talkingdata.com" border="0" target="_blank"><img alt="talkingdata" src="docs/adopters/talkingdata.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.boericasa.com/index.html" border="0" target="_blank"><img alt="BoerSmart" src="docs/adopters/boer.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.open.com.cn" border="0" target="_blank"><img alt="OpenEdutainment" src="docs/adopters/openedutainment.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.ifre.com.cn" border="0" target="_blank"><img alt="iFRE" src="docs/adopters/ifre.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="http://www.boco.com.cn:8080/bocoit/" border="0" target="_blank"><img alt="BOCOIT" src="docs/adopters/bocoit.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.wise2c.com/" border="0" target="_blank"><img alt="wise2c" src="docs/adopters/wise2c.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.hydsoft.com/" border="0" target="_blank"><img alt="HYDSoft" src="docs/adopters/hydsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloud-star.com.cn/" border="0" target="_blank"><img alt="CloudStar" src="docs/adopters/cloudstar.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.beyondsoft.com/" border="0" target="_blank"><img alt="BeyondSoft" src="docs/adopters/beyondsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.chinamobileltd.com/" border="0" target="_blank"><img alt="ChinaMobile" src="docs/adopters/china-mobile.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.caicloud.io" target="_blank" border="0"><img alt="CaiCloud" src="docs/adopters/caicloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://rancher.com/" target="_blank" border="0"><img alt="Rancher" src="docs/adopters/rancher.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.tenxcloud.com/" target="_blank" border="0"><img alt="TenxCloud" src="docs/adopters/tenxcloud.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.bingocc.com/" target="_blank" border="0"><img alt="BingoCloud" src="docs/adopters/bingocloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<br/><br/>
<a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamtec.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloudchef.io/" target="_blank" border="0"><img alt="CloudChef" src="docs/img/cloudchef.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://pivotal.io/" target="_blank" border="0"><img alt="Pivotal" src="docs/img/pivotal.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.163yun.com" target="_blank" border="0"><img alt="Netease Cloud" src="docs/img/wangyi.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.yanrongyun.com" target="_blank" border="0"><img alt="Yanrongyun" src="docs/img/Yanrong.jpg" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://anchore.com" target="_blank" border="0"><img alt="Anchore" src="docs/img/anchore_logo.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/adopters/slamtec.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloudchef.io/" target="_blank" border="0"><img alt="CloudChef" src="docs/adopters/cloudchef.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://pivotal.io/" target="_blank" border="0"><img alt="Pivotal" src="docs/adopters/pivotal.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.163yun.com" target="_blank" border="0"><img alt="Netease Cloud" src="docs/adopters/wangyi.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.yanrongyun.com" target="_blank" border="0"><img alt="Yanrongyun" src="docs/adopters/Yanrong.jpg" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://anchore.com" target="_blank" border="0"><img alt="Anchore" src="docs/adopters/anchore_logo.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
## Success Stories
**JD.com:** Harbor is the registry service of JD.coms JDOS
@ -83,4 +83,4 @@ and scan customized container images for different business applications, like
ELK stack, as part of their CI/CD pipeline.
# Adding a logo
If you would like to add your logo to the `Users and Partners of Harbor` section of the website, add a PNG version of your logo to the docs/img directory in this repo and submit a pull request with your change. Name the image file something that reflects your company (e.g., if your company is called Acme, name the image acme.png). We will follow up and make the change in the goharbor.io website as well.
If you would like to add your logo to the `Users and Partners of Harbor` section of the website, add a PNG version of your logo to the docs/adopters directory in this repo and submit a pull request with your change. Name the image file something that reflects your company (e.g., if your company is called Acme, name the image acme.png). We will follow up and make the change in the goharbor.io website as well.

2
CONTRIBUTING.md
View File

@ -129,7 +129,7 @@ Harbor backend is written in [Go](http://golang.org/). If you don't have a Harbo
| 1.8 | 1.11.2 |
| 1.9 | 1.12.12 |
| 1.10 | 1.12.12 |
| 1.11 | 1.13.4 |
| 1.11 | 1.13.8 |
Ensure your GOPATH and PATH have been configured in accordance with the Go environment instructions.

114
Makefile
View File

@ -9,7 +9,7 @@
# compile_golangimage:
# compile from golang image
# for example: make compile_golangimage -e GOBUILDIMAGE= \
# golang:1.13.4
# golang:1.13.8
# compile_core, compile_jobservice: compile specific binary
#
# build: build Harbor docker images from photon baseimage
@ -77,19 +77,21 @@ REGISTRYPROJECTNAME=goharbor
DEVFLAG=true
NOTARYFLAG=false
CLAIRFLAG=false
TRIVYFLAG=false
HTTPPROXY=
BUILDBIN=false
MIGRATORFLAG=false
NPM_REGISTRY=https://registry.npmjs.org
# enable/disable chart repo supporting
CHARTFLAG=false
BUILDTARGET=build
GEN_TLS=
# version prepare
# for docker image tag
VERSIONTAG=dev
# for base docker image tag
BASEIMAGETAG=dev
BASEIMAGENAMESPACE=goharbor
# for harbor package name
PKGVERSIONTAG=dev
@ -97,13 +99,12 @@ PREPARE_VERSION_NAME=versions
#versions
REGISTRYVERSION=v2.7.1-patch-2819-2553
NGINXVERSION=$(VERSIONTAG)
NOTARYVERSION=v0.6.1
CLAIRVERSION=v2.1.1
MIGRATORVERSION=$(VERSIONTAG)
REDISVERSION=$(VERSIONTAG)
CLAIRVERSION=v2.1.2
NOTARYMIGRATEVERSION=v3.5.4
CLAIRADAPTERVERSION=v1.0.1
CLAIRADAPTERVERSION=v1.0.2
TRIVYVERSION=v0.6.0
TRIVYADAPTERVERSION=v0.9.0
# version of chartmuseum
CHARTMUSEUMVERSION=v0.9.0
@ -111,12 +112,23 @@ CHARTMUSEUMVERSION=v0.9.0
# version of registry for pulling the source code
REGISTRY_SRC_TAG=v2.7.1
# dependency binaries
CLAIRURL=https://storage.googleapis.com/harbor-builds/bin/clair/release2.0-${CLAIRVERSION}/clair
CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm
NORARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz
REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry
CLAIR_ADAPTER_DOWNLOAD_URL=https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz
TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
define VERSIONS_FOR_PREPARE
VERSION_TAG: $(VERSIONTAG)
REGISTRY_VERSION: $(REGISTRYVERSION)
NOTARY_VERSION: $(NOTARYVERSION)
CLAIR_VERSION: $(CLAIRVERSION)
CLAIR_ADAPTER_VERSION: $(CLAIRADAPTERVERSION)
TRIVY_VERSION: $(TRIVYVERSION)
TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION)
CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION)
endef
@ -138,7 +150,7 @@ GOINSTALL=$(GOCMD) install
GOTEST=$(GOCMD) test
GODEP=$(GOTEST) -i
GOFMT=gofmt -w
GOBUILDIMAGE=golang:1.13.4
GOBUILDIMAGE=golang:1.13.8
GOBUILDPATHINCONTAINER=/harbor
# go build
@ -193,6 +205,9 @@ endif
ifeq ($(CLAIRFLAG), true)
PREPARECMD_PARA+= --with-clair
endif
ifeq ($(TRIVYFLAG), true)
PREPARECMD_PARA+= --with-trivy
endif
# append chartmuseum parameters if set
ifeq ($(CHARTFLAG), true)
PREPARECMD_PARA+= --with-chartmuseum
@ -226,6 +241,10 @@ DOCKERCOMPOSECHARTMUSEUMTPLFILENAME=docker-compose.chartmuseum.tpl
DOCKERCOMPOSECHARTMUSEUMFILENAME=docker-compose.chartmuseum.yml
SEDCMD=$(shell which sed)
SEDCMDI=$(SEDCMD) -i
ifeq ($(shell uname),Darwin)
SEDCMDI=$(SEDCMD) -i ''
endif
# package
TARCMD=$(shell which tar)
@ -247,8 +266,9 @@ DOCKERSAVE_PARA=$(DOCKER_IMAGE_NAME_PREPARE):$(VERSIONTAG) \
$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
$(DOCKERIMAGENAME_REGCTL):$(VERSIONTAG) \
goharbor/redis-photon:$(REDISVERSION) \
goharbor/nginx-photon:$(NGINXVERSION) goharbor/registry-photon:$(REGISTRYVERSION)-$(VERSIONTAG)
goharbor/redis-photon:$(VERSIONTAG) \
goharbor/nginx-photon:$(VERSIONTAG) \
goharbor/registry-photon:$(VERSIONTAG)
PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \
$(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
@ -267,28 +287,28 @@ PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \
DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
ifeq ($(NOTARYFLAG), true)
DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(NOTARYVERSION)-$(VERSIONTAG) goharbor/notary-signer-photon:$(NOTARYVERSION)-$(VERSIONTAG)
DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(VERSIONTAG) goharbor/notary-signer-photon:$(VERSIONTAG)
endif
ifeq ($(CLAIRFLAG), true)
DOCKERSAVE_PARA+= goharbor/clair-photon:$(CLAIRVERSION)-$(VERSIONTAG) goharbor/clair-adapter-photon:$(CLAIRADAPTERVERSION)-$(VERSIONTAG)
DOCKERSAVE_PARA+= goharbor/clair-photon:$(VERSIONTAG) goharbor/clair-adapter-photon:$(VERSIONTAG)
endif
ifeq ($(MIGRATORFLAG), true)
DOCKERSAVE_PARA+= goharbor/harbor-migrator:$(MIGRATORVERSION)
ifeq ($(TRIVYFLAG), true)
DOCKERSAVE_PARA+= goharbor/trivy-adapter-photon:$(VERSIONTAG)
endif
# append chartmuseum parameters if set
ifeq ($(CHARTFLAG), true)
DOCKERSAVE_PARA+= $(DOCKERIMAGENAME_CHART_SERVER):$(CHARTMUSEUMVERSION)-$(VERSIONTAG)
DOCKERSAVE_PARA+= $(DOCKERIMAGENAME_CHART_SERVER):$(VERSIONTAG)
endif
SWAGGER_IMAGENAME=goharbor/swagger
SWAGGER_VERSION=v0.21.0
SWAGGER=$(DOCKERCMD) run --rm -u $(shell id -u):$(shell id -g) -v $(BUILDPATH):$(BUILDPATH) -w $(BUILDPATH) ${SWAGGER_IMAGENAME}:${SWAGGER_VERSION}
SWAGGER_GENERATE_SERVER=${SWAGGER} generate server --template-dir=$(TOOLSPATH)/swagger/templates --exclude-main
SWAAGER_IMAGE_BUILD_CMD=${DOCKERBUILD} -f ${TOOLSPATH}/swagger/Dockerfile --build-arg SWAGGER_VERSION=${SWAGGER_VERSION} -t ${SWAGGER_IMAGENAME}:$(SWAGGER_VERSION) .
SWAGGER_IMAGENAME:
@if [ "$(shell ${DOCKERIMASES} -q ${SWAGGER_IMAGENAME}:$(SWAGGER_VERSION) 2> /dev/null)" == "" ]; then \
${DOCKERBUILD} -f ${TOOLSPATH}/swagger/Dockerfile --build-arg SWAGGER_VERSION=${SWAGGER_VERSION} -t ${SWAGGER_IMAGENAME}:$(SWAGGER_VERSION) . ; \
echo "build swagger image done"; \
${SWAAGER_IMAGE_BUILD_CMD} && echo "build swagger image successfully" || (echo "build swagger image failed" && exit 1) ; \
fi
# $1 the path of swagger spec
@ -334,32 +354,52 @@ compile_notary_migrate_patch:
compile: check_environment versions_prepare compile_core compile_jobservice compile_registryctl compile_notary_migrate_patch
prepare:
update_prepare_version:
@echo "substitute the prepare version tag in prepare file..."
@$(SEDCMDI) -e 's/goharbor\/prepare:.*[[:space:]]\+/goharbor\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ;
gen_tls:
@$(DOCKERCMD) run --rm -v /:/hostfs:z goharbor/prepare:$(VERSIONTAG) gencert -p /etc/harbor/tls/internal
prepare: update_prepare_version
@echo "preparing..."
@if [ -n "$(GEN_TLS)" ] ; then \
$(DOCKERCMD) run --rm -v /:/hostfs:z goharbor/prepare:$(VERSIONTAG) gencert -p /etc/harbor/tls/internal; \
fi
@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
build:
make -f $(MAKEFILEPATH_PHOTON)/Makefile $(BUILDTARGET) -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
-e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) -e NGINXVERSION=$(NGINXVERSION) -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
-e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
-e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
-e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
-e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e VERSIONTAG=$(VERSIONTAG) \
-e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \
-e BUILDBIN=$(BUILDBIN) \
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \
-e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG)
-e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
-e CLAIRURL=$(CLAIRURL) -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) -e CLAIR_ADAPTER_DOWNLOAD_URL=$(CLAIR_ADAPTER_DOWNLOAD_URL) \
-e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL)
build_base_docker:
@for name in chartserver clair clair-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
@for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
echo $$name ; \
$(DOCKERBUILD) --pull -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t goharbor/harbor-$$name-base:$(BASEIMAGETAG) . ; \
$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) goharbor/harbor-$$name-base:$(BASEIMAGETAG) $(REGISTRYUSER) $(REGISTRYPASSWORD) ; \
$(DOCKERBUILD) --pull -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . && \
$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) $(REGISTRYUSER) $(REGISTRYPASSWORD) || exit 1; \
done
pull_base_docker:
@for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
echo $$name ; \
$(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \
done
install: compile build prepare start
package_online:
package_online: update_prepare_version
@echo "packing online package ..."
@cp -r make $(HARBORPKG)
@if [ -n "$(REGISTRYSERVER)" ] ; then \
$(SEDCMD) -i -e 's/image\: goharbor/image\: $(REGISTRYSERVER)\/$(REGISTRYPROJECTNAME)/' \
$(SEDCMDI) -e 's/image\: goharbor/image\: $(REGISTRYSERVER)\/$(REGISTRYPROJECTNAME)/' \
$(HARBORPKG)/docker-compose.yml ; \
fi
@cp LICENSE $(HARBORPKG)/LICENSE
@ -368,7 +408,7 @@ package_online:
@rm -rf $(HARBORPKG)
@echo "Done."
package_offline: compile build
package_offline: update_prepare_version compile build
@echo "packing offline package ..."
@cp -r make $(HARBORPKG)
@ -392,7 +432,7 @@ gosec:
$(GOPATH)/bin/gosec -fmt=json -out=harbor_gas_output.json -quiet ./... | true ; \
fi
go_check: gen_apis misspell golint govet gofmt commentfmt
go_check: gen_apis misspell gofmt commentfmt golint govet
gofmt:
@echo checking gofmt...
@ -405,7 +445,7 @@ gofmt:
commentfmt:
@echo checking comment format...
@res=$$(find . -type d \( -path ./src/vendor -o -path ./tests \) -prune -o -name '*.go' -print | xargs egrep '(^|\s)\/\/(\S)'); \
@res=$$(find . -type d \( -path ./src/vendor -o -path ./tests \) -prune -o -name '*.go' -print | xargs egrep '(^|\s)\/\/(\S)'|grep -v '//go:generate'); \
if [ -n "$${res}" ]; then \
echo checking comment format fail.. ; \
echo missing whitespace between // and comment body;\
@ -419,11 +459,11 @@ misspell:
golint:
@echo checking golint...
@go list ./... | grep -v -E 'vendor|test' | xargs -L1 fgt golint
@go list ./... | grep -v -E 'vendor|test' | xargs fgt golint
govet:
@echo checking govet...
@go list ./... | grep -v -E 'vendor|test' | xargs -L1 go vet
@cd src;go list ./... | grep -v -E 'vendor|test' | xargs go vet
pushimage:
@echo "pushing harbor images ..."
@ -475,9 +515,15 @@ swagger_client:
@echo "Generate swagger client"
wget -q https://repo1.maven.org/maven2/io/swagger/swagger-codegen-cli/2.3.1/swagger-codegen-cli-2.3.1.jar -O swagger-codegen-cli.jar
rm -rf harborclient
mkdir harborclient
java -jar swagger-codegen-cli.jar generate -i api/harbor/swagger.yaml -l python -o harborclient
cd harborclient; python ./setup.py install
mkdir -p harborclient/harbor_client
mkdir -p harborclient/harbor_swagger_client
mkdir -p harborclient/harbor_v2_swagger_client
java -jar swagger-codegen-cli.jar generate -i api/swagger.yaml -l python -o harborclient/harbor_client -DpackageName=client
java -jar swagger-codegen-cli.jar generate -i api/v2.0/legacy_swagger.yaml -l python -o harborclient/harbor_swagger_client -DpackageName=swagger_client
java -jar swagger-codegen-cli.jar generate -i api/v2.0/swagger.yaml -l python -o harborclient/harbor_v2_swagger_client -DpackageName=v2_swagger_client
cd harborclient/harbor_client; python ./setup.py install
cd harborclient/harbor_swagger_client; python ./setup.py install
cd harborclient/harbor_v2_swagger_client; python ./setup.py install
pip install docker -q
pip freeze

26
README.md
View File

@ -1,12 +1,12 @@
# Harbor
[![Build Status](https://travis-ci.org/goharbor/harbor.svg?branch=master)](https://travis-ci.org/goharbor/harbor)
[![Coverage Status](https://coveralls.io/repos/github/goharbor/harbor/badge.svg?branch=master)](https://coveralls.io/github/goharbor/harbor?branch=master)
[![CI](https://github.com/goharbor/harbor/workflows/CI/badge.svg?branch=master&event=push)](https://github.com/goharbor/harbor/actions?query=event%3Apush+branch%3Amaster+workflow%3ACI+)
[![Coverage Status](https://codecov.io/gh/goharbor/harbor/branch/master/graph/badge.svg)](https://codecov.io/gh/goharbor/harbor)
[![Go Report Card](https://goreportcard.com/badge/github.com/goharbor/harbor)](https://goreportcard.com/report/github.com/goharbor/harbor)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2095/badge)](https://bestpractices.coreinfrastructure.org/projects/2095)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/c8d726c9cfd047ffaf681449d673f246)](https://www.codacy.com/app/goharbor/harbor?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=goharbor/harbor&amp;utm_campaign=Badge_Grade)
[![Nightly Status](https://us-central1-eminent-nation-87317.cloudfunctions.net/harbor-nightly-result)](https://www.googleapis.com/storage/v1/b/harbor-nightly/o)
[![Conformance Status](https://github.com/goharbor/harbor/workflows/conformance_test/badge.svg)](https://github.com/goharbor/harbor/actions?query=workflow%3Aconformance_test)
</br>
|![notification](docs/img/bell-outline-badged.svg)Community Meeting|
@ -28,21 +28,21 @@ Harbor is hosted by the [Cloud Native Computing Foundation](https://cncf.io) (CN
## Features
* **Cloud native registry**: With support for both container images and [Helm](https://helm.sh) charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
* **Role based access control**: Users and repositories are organized via 'projects' and a user can have different permission for images or Helm charts under a project.
* **Policy based replication**: Images and charts can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor automatically retries a replication if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.
* **Vulnerability Scanning**: Harbor scans images regularly and warns users of vulnerabilities.
* **LDAP/AD support**: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.
* **Role based access control**: Users access different repositories through 'projects' and a user can have different permission for images or Helm charts under a project.
* **Policy based replication**: Images and charts can be replicated (synchronized) between multiple registry instances based on policies with using filters (repository, tag and label). Harbor automatically retries a replication if it encounters any errors. This can be used to assist loadbalancing, achieve high availabiliy, and faciliate multi-datacenter deployments in hybrid and multi-cloud scenarios.
* **Vulnerability Scanning**: Harbor scans images regularly for vulnerabilities and has policy checks to prevent vulnerable images from being deployed.
* **LDAP/AD support**: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor that can then be given permissions to specific projects.
* **OIDC support**: Harbor leverages OpenID Connect (OIDC) to verify the identity of users authenticated by an external authorization server or identity provider. Single sign-on can be enabled to log into the Harbor portal.
* **Image deletion & garbage collection**: Images can be deleted and their space can be recycled.
* **Notary**: Image authenticity can be ensured.
* **Image deletion & garbage collection**: System admin can run garbage collection jobs so that images(dangling manifests and unreferenced blobs) can be deleted and their space can be freed up periodically.
* **Notary**: Support signing container images using Docker Content Trust (leveraing Notary) for guaranteeing authenticity and provenance. In additon, policies that prevent unsigned images from being deployed can also be activated.
* **Graphical user portal**: User can easily browse, search repositories and manage projects.
* **Auditing**: All the operations to the repositories are tracked.
* **RESTful API**: RESTful APIs for most administrative operations, easy to integrate with external systems. An embedded Swagger UI is available for exploring and testing the API.
* **Easy deployment**: Provide both an online and offline installer. In addition, a Helm Chart can be used to deploy Harbor on Kubernetes.
* **Auditing**: All the operations to the repositories are tracked through logs.
* **RESTful API**: RESTful APIs are provided to facilitate administrative operations, and are easy to use for integration with external systems. An embedded Swagger UI is available for exploring and testing the API.
* **Easy deployment**: Harbor can be deployed via Docker compose as well Helm Chart. A Harbor Operator was added recently as well - https://goharbor.io/docs/1.10/build-customize-contribute/e2e_api_python_based_scripting_guide/
## API
* [Harbor RESTful API](https://editor.swagger.io/?url=https://raw.githubusercontent.com/goharbor/harbor/master/api/harbor/swagger.yaml): The APIs for most administrative operations of Harbor and can be used to perform integrations with Harbor programmatically.
* [Harbor RESTful API](https://editor.swagger.io/?url=https://raw.githubusercontent.com/goharbor/harbor/master/api/v2.0/swagger.yaml): The APIs for most administrative operations of Harbor and can be used to perform integrations with Harbor programmatically.
- Spec validation status: <img src="http://validator.swagger.io/validator?url=https://raw.githubusercontent.com/goharbor/harbor/master/api/harbor/swagger.yaml">
## Compatibility

2
RELEASES.md
View File

@ -16,9 +16,9 @@ Patch releases are based on the major/minor release branch, the release cadency
### Minor Release Support Matrix
| Version | Supported |
| ------- | ------------------ |
| Harbor v1.7.x | :white_check_mark: |
| Harbor v1.8.x | :white_check_mark: |
| Harbor v1.9.x | :white_check_mark: |
| Harbor v1.10.x | :white_check_mark: |
### Upgrade path and support policy
The upgrade path for Harbor is (1) 1.0.x patch releases are always compatible with its major and minor version. For example, previous released 1.8.x can be upgraded to most recent 1.8.4 release. (2) Harbor only supports two previous minor releases to upgrade to current minor release. For example, 1.9.0 will only support 1.7.0 and 1.8.0 to upgrade from, 1.6.0 to 1.9.0 is not supported. One should upgrade to 1.8.0 first, then to 1.9.0.

2
VERSION
View File

@ -1 +1 @@
v1.11.0
v2.0.0

532
api/swagger.yaml Normal file
View File

@ -0,0 +1,532 @@
swagger: '2.0'
info:
title: Harbor API
description: These APIs provide services for manipulating Harbor project.
version: ''
host: localhost
schemes:
- http
- https
basePath: /api/
produces:
- application/json
consumes:
- application/json
securityDefinitions:
basicAuth:
type: basic
security:
- basicAuth: []
paths:
/version:
get:
summary: Get API version
description: Get the version of API that supported by the Harbor instance.
tags:
- Version
responses:
'200':
description: The supported API version
schema:
type: object
properties:
version:
type: string
/chartrepo/health:
get:
summary: Check the health of chart repository service.
description: Check the health of chart repository service.
tags:
- Chart Repository
responses:
'200':
description: Health status of chart repository service is returned.
schema:
type: object
properties:
healthy:
type: boolean
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
/chartrepo/{repo}/charts:
get:
summary: Get all the charts under the specified project
description: Get all the charts under the specified project
tags:
- Chart Repository
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
responses:
'200':
description: Searched for charts of project in Harbor successfully.
schema:
type: array
items:
$ref: '#/definitions/ChartInfoEntry'
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
post:
summary: Upload a chart file to the specified project.
description: 'Upload a chart file to the specified project. With this API, the corresponding provance file can be uploaded together with chart file at once.'
tags:
- Chart Repository
consumes:
- multipart/form-data
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: chart
in: formData
type: file
required: true
description: The chart file
- name: prov
in: formData
type: file
required: false
description: The provance file
responses:
'201':
description: The specified chart is successfully uploaded.
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
'507':
$ref: '#/definitions/InsufficientStorageChartAPIError'
/chartrepo/{repo}/charts/{name}:
get:
summary: Get all the versions of the specified chart
description: Get all the versions of the specified chart
tags:
- Chart Repository
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
responses:
'200':
description: Retrieved all versions of the specified chart
schema:
$ref: '#/definitions/ChartVersions'
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'404':
$ref: '#/definitions/NotFoundChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
delete:
summary: Delete all the versions of the specified chart
description: Delete all the versions of the specified chart
tags:
- Chart Repository
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
responses:
'200':
description: The specified chart entry is successfully deleted.
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
/chartrepo/{repo}/charts/{name}/{version}:
get:
summary: Get the specified chart version
description: Get the specified chart version
tags:
- Chart Repository
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
- name: version
in: path
type: string
required: true
description: The chart version
responses:
'200':
description: Successfully retrieved the chart version
schema:
$ref: '#/definitions/ChartVersionDetails'
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'404':
$ref: '#/definitions/NotFoundChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
delete:
summary: Delete the specified chart version
description: Delete the specified chart version
tags:
- Chart Repository
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: name
in: path
type: string
required: true
description: The chart name
- name: version
in: path
type: string
required: true
description: The chart version
responses:
'200':
description: The specified chart entry is successfully deleted.
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'404':
$ref: '#/definitions/NotFoundChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
/chartrepo/{repo}/prov:
post:
summary: Upload a provance file to the specified project.
description: Upload a provance file to the specified project. The provance file should be targeted for an existing chart file.
tags:
- Chart Repository
consumes:
- multipart/form-data
parameters:
- name: repo
in: path
type: string
required: true
description: The project name
- name: prov
in: formData
type: file
required: true
description: The provance file
responses:
'201':
description: The provance file is successfully uploaded.
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
'507':
$ref: '#/definitions/InsufficientStorageChartAPIError'
/chartrepo/charts:
post:
summary: Upload a chart file to the defult 'library' project.
description: Upload a chart file to the default 'library' project. Uploading together with the prov file at the same time is also supported.
tags:
- Chart Repository
consumes:
- multipart/form-data
parameters:
- name: chart
in: formData
type: file
required: true
description: The chart file
- name: prov
in: formData
type: file
required: false
description: The provance file
responses:
'201':
description: The specified chart is successfully uploaded.
'401':
$ref: '#/definitions/UnauthorizedChartAPIError'
'403':
$ref: '#/definitions/ForbiddenChartAPIError'
'500':
$ref: '#/definitions/InternalChartAPIError'
'507':
$ref: '#/definitions/InsufficientStorageChartAPIError'
definitions:
ChartAPIError:
description: The error object returned by chart repository API
type: object
required:
- error
properties:
error:
type: string
description: The error message returned by the chart API
UnauthorizedChartAPIError:
description: Unauthorized
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
ForbiddenChartAPIError:
description: Operation is forbidden or quota exceeded
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
InternalChartAPIError:
description: Internal server error occurred
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
NotFoundChartAPIError:
description: Not found
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
InsufficientStorageChartAPIError:
description: Insufficient storage
type: object
allOf:
- $ref: '#/definitions/ChartAPIError'
ChartInfoEntry:
type: object
description: The object contains basic chart information
required:
- name
- total_versions
- created
properties:
name:
type: string
description: Name of chart
total_versions:
type: integer
description: Total count of chart versions
latest_version:
type: string
description: latest version of chart
created:
type: string
description: The created time of chart
updated:
type: string
description: The created time of chart
icon:
type: string
description: The icon path of chart
home:
type: string
description: The home website of chart
deprecated:
type: boolean
description: Flag to indicate if the chart is deprecated
ChartInfoList:
type: array
description: The chart list under the project
items:
$ref: '#/definitions/ChartInfoEntry'
ChartVersion:
type: object
description: A specified chart entry
allOf:
- $ref: '#/definitions/ChartMetadata'
- type: object
properties:
created:
type: string
description: The created time of the chart entry
removed:
type: boolean
description: A flag to indicate if the chart entry is removed
digest:
type: string
description: The digest value of the chart entry
urls:
type: array
description: The urls of the chart entry
items:
type: string
properties:
labels:
$ref: '#/definitions/Labels'
ChartVersions:
type: array
description: A list of chart entry
items:
$ref: '#/definitions/ChartVersion'
ChartVersionDetails:
type: object
description: The detailed information of the chart entry
properties:
metadata:
$ref: '#/definitions/ChartVersion'
security:
$ref: '#/definitions/SecurityReport'
dependencies:
type: array
items:
$ref: '#/definitions/Dependency'
values:
type: object
additionalProperties:
type: object
files:
type: object
additionalProperties:
type: string
labels:
$ref: '#/definitions/Labels'
ChartMetadata:
type: object
description: The metadata of chart version
required:
- name
- version
- engine
- icon
- apiVersion
- appVersion
properties:
name:
type: string
description: The name of the chart
home:
type: string
description: The URL to the relevant project page
sources:
type: array
description: The URL to the source code of chart
items:
type: string
version:
type: string
description: A SemVer 2 version of chart
description:
type: string
description: A one-sentence description of chart
keywords:
type: array
description: A list of string keywords
items:
type: string
engine:
type: string
description: The name of template engine
icon:
type: string
description: The URL to an icon file
apiVersion:
type: string
description: The API version of this chart
appVersion:
type: string
description: The version of the application enclosed in the chart
deprecated:
type: boolean
description: Whether or not this chart is deprecated
Labels:
type: array
description: A list of label
items:
$ref: '#/definitions/Label'
Label:
type: object
properties:
id:
type: integer
description: The ID of label.
name:
type: string
description: The name of label.
description:
type: string
description: The description of label.
color:
type: string
description: The color of label.
scope:
type: string
description: 'The scope of label, g for global labels and p for project labels.'
project_id:
type: integer
description: The project ID if the label is a project label.
creation_time:
type: string
description: The creation time of label.
update_time:
type: string
description: The update time of label.
deleted:
type: boolean
description: The label is deleted or not.
SecurityReport:
type: object
description: The security information of the chart
properties:
signature:
$ref: '#/definitions/DigitalSignature'
Dependency:
type: object
description: Another chart the chart depends on
required:
- name
- version
properties:
name:
type: string
description: The name of the chart denpendency
version:
type: string
description: The version of the chart dependency
repository:
type: string
description: The URL to the repository
DigitalSignature:
type: object
description: The signature of the chart
properties:
signed:
type: boolean
description: A flag to indicate if the chart is signed
prov_file:
type: string
description: The URL of the provance file

0
api/harbor/README.md → api/v2.0/README.md
View File

1569
api/harbor/swagger.yaml → api/v2.0/legacy_swagger.yaml
View File

File diff suppressed because it is too large Load Diff

852
api/v2.0/swagger.yaml
View File

File diff suppressed because it is too large Load Diff

27
codecov.yml Normal file
View File

@ -0,0 +1,27 @@
codecov:
require_ci_to_pass: no
bot: steven-zou
token: 7ec086ae-1431-4be8-af00-b95206144799
coverage:
precision: 2
round: down
range: "50...100"
status:
project: yes
patch: yes
changes: no
parsers:
gcov:
branch_detection:
conditional: yes
loop: yes
method: no
macro: no
comment:
layout: "reach,diff,flags,tree"
behavior: default
require_changes: no

3
docs/1.10/README.md
View File

@ -1,3 +0,0 @@
# Harbor Documentation
You access the Harbor documentation from the [Table of Contents](index.md).

26
docs/1.10/administration/managing_users/create_users_db.md
View File

@ -1,26 +0,0 @@
[Back to table of contents](../../index.md)
----------
# Create User Accounts in Database Mode
In database authentication mode, the Harbor system administrator creates user accounts manually.
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Users**.
![Create user account](../../img/create_user.png)
1. Click **New User**.
1. Enter information about the new user.
![Provide user information](../../img/new_user.png)
- The username must be unique in the Harbor system
- The email address is used for password recovery
- The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
If users forget their password, there is a **Forgot Password** in the Harbor log in page. To use this feature, you must [configure an email server](../general_settings.md).
----------
[Back to table of contents](../../index.md)

57
docs/1.10/administration/vulnerability_scanning/scan_individual_image.md
View File

@ -1,57 +0,0 @@
[Back to table of contents](../../index.md)
----------
# Scan Individual Images
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
1. Go to **Projects** and select a project.
1. Select the **Scanner** tab.
The **Scanner** tab shows the details of the scanner that is currently set as the scanner to use for this project.
![Project scanner tab](../../img/project-scanners.png)
1. Click **Edit** to select a different scanner from the list of scanners that are connected to this Harbor instance, and click **OK**.
![Project scanner tab](../../img/select-scanner.png)
**NOTE**: If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
1. Select the **Repositories** tab and select a repository.
For each tag in the repository, the **Vulnerabilities** column displays the vulnerability scanning status and related information.
![Tag vulnerability status](../../img/tag-vulnerability-status.png)
1. Select a tag, or use the check box at the top to select all tags in the repository, and click the **Scan** button to run the vulnerability scan on this image.
![Scan an image](../../img/scan_image.png)
**NOTE**: You can start a scan at any time, unless the status is **Queued** or **Scanning**. If the database has not been fully populated, you should not run a scan. The following statuses are displayed in the **Vulnerabilities** column:
* **Not Scanned:** The tag has never been scanned.
* **Queued:** The scanning task is scheduled but has not run yet.
* **Scanning:** The scanning task is in progress and a progress bar is displayed.
* **View log:** The scanning task failed to complete. Click **View Log** link to view the related logs.
* **Complete:** The scanning task completed successfully.
If the process completes successfully, the result indicates the overall severity level, with the total number of vulnerabilities found for each severity level, and the number of fixable vulnerabilities.
![Scan result](../../img/scan-result.png)
* **Red:** At least one critical vulnerability found
* **Orange:** At least one high level vulnerability found
* **Yellow:** At least one medium level vulnerability found
* **Blue:** At least one low level vulnerability found
* **Green:** No vulnerabilities found
* **Grey:** Unknown vulnerabilities
1. Hover over the number of fixable vulnerabilities to see a summary of the vulnerability report.
![Vulnerability summary](../../img/vulnerability-summary.png)
1. Click on the tag name to see a detailed vulnerability report.
![Vulnerability report](../../img/tag_detail.png)
In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag.
----------
[Back to table of contents](../../index.md)

80
docs/1.10/build_customize_contribute/configure_swagger.md
View File

@ -1,80 +0,0 @@
[Back to table of contents](../index.md)
----------
# View and test Harbor REST API via Swagger
A Swagger file is provided for viewing and testing Harbor REST API.
## Viewing Harbor REST API
* Open the file **swagger.yaml** under the _docs_ directory in Harbor project;
* Paste all its content into the online Swagger Editor at http://editor.swagger.io. The descriptions of Harbor API will be shown on the right pane of the page.
![Swagger Editor](img/swaggerEditor.png)
## Testing Harbor REST API
From time to time, you may need to mannually test Harbor REST API. You can deploy the Swagger file into Harbor's service node. Suppose you install Harbor through online or offline installer, you should have a Harbor directory after you un-tar the installer, such as **~/harbor**.
**Caution:** When using Swagger to send REST requests to Harbor, you may alter the data of Harbor accidentally. For this reason, it is NOT recommended using Swagger against a production Harbor instance.
* Download _prepare-swagger.sh_ and _swagger.yaml_ under the _docs_ directory to your local Harbor directory, e.g. **~/harbor**.
```sh
wget https://raw.githubusercontent.com/goharbor/harbor/master/docs/prepare-swagger.sh https://raw.githubusercontent.com/goharbor/harbor/master/docs/swagger.yaml
```
* Edit the script file _prepare-swagger.sh_.
```sh
vi prepare-swagger.sh
```
* Change the SCHEME to the protocol scheme of your Harbor server.
```sh
SCHEME=<HARBOR_SERVER_SCHEME>
```
* Change the SERVER_IP to the IP address of your Harbor server.
```sh
SERVER_IP=<HARBOR_SERVER_DOMAIN>
```
* Change the file mode.
```sh
chmod +x prepare-swagger.sh
````
* Run the shell script. It downloads a Swagger package and extracts files into the _../static_ directory.
```sh
./prepare-swagger.sh
```
* Edit the _docker-compose.yml_ file under your local Harbor directory.
```sh
vi docker-compose.yml
```
* Add two lines to the file _docker-compose.yml_ under the section _ui.volumes_.
```docker
...
ui:
...
volumes:
- ./common/config/ui/app.conf:/etc/core/app.conf:z
- ./common/config/ui/private_key.pem:/etc/core/private_key.pem:z
- /data/secretkey:/etc/core/key:z
- /data/ca_download/:/etc/core/ca/:z
## add two lines as below ##
- ../src/ui/static/vendors/swagger-ui-2.1.4/dist:/harbor/static/vendors/swagger
- ../src/ui/static/resources/yaml/swagger.yaml:/harbor/static/resources/yaml/swagger.yaml
...
```
* Recreate Harbor containers
```docker
docker-compose down -v && docker-compose up -d
```
* Because a session ID is usually required by Harbor API, **you should log in first from a browser.**
* Open another tab in the same browser so that the session is shared between tabs.
* Enter the URL of the Swagger page in Harbor as below. The ```<HARBOR_SERVER>``` should be replaced by the IP address or the hostname of the Harbor server.
```
http://<HARBOR_SERVER>/static/vendors/swagger/index.html
```
* You should see a Swagger UI page with Harbor API _swagger.yaml_ file loaded in the same domain, **be aware that your REST request submitted by Swagger may change the data of Harbor**.
![Harbor API](img/renderedSwagger.png)
----------
[Back to table of contents](../index.md)

67
docs/1.10/build_customize_contribute/developer_guide_i18n.md
View File

@ -1,67 +0,0 @@
[Back to table of contents](../index.md)
----------
# Developing for Internationalization
*NOTE: All the files you created should use UTF-8 encoding.*
Steps to localize the UI in your language
1. In the folder `src/portal/src/i18n/lang`, copy json file `en-us-lang.json` to a new file and rename it to `<language>-<locale>-lang.json` .
The file contains a JSON object including all the key-value pairs of UI strings:
```
{
"APP_TITLE": {
"VMW_HARBOR": "Harbor",
"HARBOR": "Harbor",
...
},
...
}
```
In the file `<language>-<locale>-lang.json`, translate all the values into your language. Do not change any keys.
2. After creating your language file, you should add it to the language supporting list.
Locate the file `src/portal/src/app/shared/shared.const.ts`.
Append `<language>-<locale>` to the language supporting list:
```
export const supportedLangs = ['en-us', 'zh-cn', '<language>-<locale>'];
```
Define the language display name and append it to the name list:
```
export const languageNames = {
"en-us": "English",
"zh-cn": "中文简体",
"<language>-<locale>": "<DISPLAY_NAME>"
};
```
**NOTE: Don't miss the comma before the new key-value item you've added.**
3. Enable the new language in the view.
Locate the file `src/portal/src/app/base/navigator/navigator.component.html` and then find the following code piece:
```
<div class="dropdown-menu">
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("en-us")' [class.lang-selected]='matchLang("en-us")'>English</a>
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("zh-cn")' [class.lang-selected]='matchLang("zh-cn")'>中文简体</a>
</div>
```
Add new menu item for your language:
```
<div class="dropdown-menu">
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("en-us")' [class.lang-selected]='matchLang("en-us")'>English</a>
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("zh-cn")' [class.lang-selected]='matchLang("zh-cn")'>中文简体</a>
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("<language>-<locale>")' [class.lang-selected]='matchLang("<language>-<locale>")'>DISPLAY_NAME</a>
</div>
```
4. Next, please refer [compile guideline](compile_guide.md) to rebuild and restart Harbor.
----------
[Back to table of contents](../index.md)

BIN
docs/1.10/img/OIDC/auth0.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.5 KiB

BIN
docs/1.10/img/OIDC/dex.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.4 KiB

BIN
docs/1.10/img/OIDC/keycloak.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
docs/1.10/img/OIDC/ping.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.5 KiB

BIN
docs/1.10/img/add-immutability-rule.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
docs/1.10/img/add-scanner.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/1.10/img/authorize.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

BIN
docs/1.10/img/cve-whitelist1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 55 KiB

BIN
docs/1.10/img/cve-whitelist2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 24 KiB

BIN
docs/1.10/img/cve-whitelist3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 10 KiB

BIN
docs/1.10/img/cve-whitelist4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.8 KiB

BIN
docs/1.10/img/cve-whitelist5.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 82 KiB

BIN
docs/1.10/img/cve-whitelist6.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/1.10/img/edit-tag-immutability.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

BIN
docs/1.10/img/garbage-collection.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

BIN
docs/1.10/img/interrogation-services.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 53 KiB

BIN
docs/1.10/img/project-quota1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 55 KiB

BIN
docs/1.10/img/project-quota2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.9 KiB

BIN
docs/1.10/img/project-quota3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
docs/1.10/img/project-quota4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.7 KiB

BIN
docs/1.10/img/project-quota5.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.9 KiB

BIN
docs/1.10/img/project-scanners.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/1.10/img/rbac.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 189 KiB

BIN
docs/1.10/img/replication-endpoint1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 39 KiB

BIN
docs/1.10/img/replication-endpoint2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 33 KiB

BIN
docs/1.10/img/replication-rule1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

BIN
docs/1.10/img/replication-rule2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

BIN
docs/1.10/img/replication-rule3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
docs/1.10/img/replication-rule4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.4 KiB

BIN
docs/1.10/img/replication-rule5.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

BIN
docs/1.10/img/replication-rule6.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
docs/1.10/img/scan-result.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 10 KiB

BIN
docs/1.10/img/scanner-auth.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.5 KiB

BIN
docs/1.10/img/scanners/anchore.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.3 KiB

BIN
docs/1.10/img/scanners/aqua.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.2 KiB

BIN
docs/1.10/img/scanners/clair.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.7 KiB

BIN
docs/1.10/img/scanners/dosec.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.9 KiB

BIN
docs/1.10/img/scanners/trivy.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 7.1 KiB

BIN
docs/1.10/img/select-scanner.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/1.10/img/self-registration-login.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

BIN
docs/1.10/img/tag-immutability.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/1.10/img/tag-retention1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
docs/1.10/img/tag-retention2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 38 KiB

BIN
docs/1.10/img/tag-retention3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 39 KiB

BIN
docs/1.10/img/tag-retention4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.7 KiB

BIN
docs/1.10/img/tag-retention5.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 17 KiB

BIN
docs/1.10/img/tag-vulnerability-status.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/1.10/img/test-scanner-connection.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/1.10/img/vulnerability-summary.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/1.10/img/webhooks1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

BIN
docs/1.10/img/webhooks2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

BIN
docs/1.10/img/webhooks3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
docs/1.10/img/webhooks4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.9 KiB

88
docs/1.10/index.md
View File

@ -1,88 +0,0 @@
# Harbor 1.10 Documentation
This is the main table of contents for the Harbor 1.10.x documentation.
## Harbor Installation and Configuration
This section describes how to install Harbor and perform the required initial configurations. These day 1 operations are performed by the Harbor Administrator.
- [Introduction](install_config/README.md)
- [Test Harbor with the Demo Server](install_config/demo_server.md)
- [Harbor Compatibility List](install_config/harbor_compatibility_list.md)
- [Harbor Installation Prerequisites](install_config/installation_prereqs.md)
- [Download the Harbor Installer](install_config/download_installer.md)
- [Configure HTTPS Access to Harbor](install_config/configure_https.md)
- [Configure the Harbor YML File](install_config/configure_yml_file.md)
- [Run the Installer Script](install_config/run_installer_script.md)
- [Deploying Harbor with High Availability via Helm](install_config/harbor_ha_helm.md)
- [Deploy Harbor with the Quick Installation Script](install_config/quick_install_script.md)
- [Troubleshooting Harbor Installation](install_config/troubleshoot_installation.md)
- [Reconfigure Harbor and Manage the Harbor Lifecycle](install_config/reconfigure_manage_lifecycle.md)
- [Customize the Harbor Token Service](install_config/customize_token_service.md)
- [Configure Harbor User Settings at the Command Line](install_config/configure_user_settings_cli.md)
## Harbor Administration
This section describes how to use and maintain Harbor after deployment. These day 2 operations are performed by the Harbor Administrator.
- [Introduction](administration/README.md)
- [Configuring Authentication](administration/configure_authentication/configure_authentication.md)
- [Configure Database Authentication](administration/configure_authentication/db_auth.md)
- [Configure LDAP/Active Directory Authentication](administration/configure_authentication/ldap_auth.md)
- [Configure OIDC Provider Authentication](administration/configure_authentication/oidc_auth.md)
- [Role Based Access Control](administration/managing_users/rbac.md)
- [User Permissions By Role](administration/managing_users/user_permissions_by_role.md)
- [Create User Accounts in Database Mode](administration/managing_users/create_users_db.md)
- [Configure Global Settings](administration/general_settings.md)
- [Configure Project Quotas](administration/configure_project_quotas.md)
- [Configuring Replication](administration/configuring_replication/configuring_replication.md)
- [Create Replication Endpoints](administration/configuring_replication/create_replication_endpoints.md)
- [Create Replication Rules](administration/configuring_replication/create_replication_rules.md)
- [Manage Replications](administration/configuring_replication/manage_replications.md)
- [Vulnerability Scanning](administration/vulnerability_scanning/vulnerability_scanning.md)
- [Connect Harbor to Additional Vulnerability Scanners](administration/vulnerability_scanning/pluggable_scanners.md)
- [Scan Individual Images](administration/vulnerability_scanning/scan_individual_image.md)
- [Scan All Images](administration/vulnerability_scanning/scan_all_images.md)
- [Schedule Scans](administration/vulnerability_scanning/schedule_scans.md)
- [Import Vulnerability Data to an Offline Harbor instance](administration/vulnerability_scanning/import_vulnerability_data.md)
- [Configure System-Wide CVE Whitelists](administration/vulnerability_scanning/configure_system_whitelist.md)
- [Garbage Collection](administration/garbage_collection.md)
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade_migrate_data.md)
- [Upgrading Harbor Deployed with Helm](administration/upgrade/helm_upgrade.md)
- [Roll Back an Upgrade](administration/upgrade/roll_back_upgrade.md)
- [Test Harbor Upgrade](administration/upgrade/upgradetest.md)
## Working with Harbor Projects
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects.
- [Introduction](working_with_projects/README.md)
- [Create Projects](working_with_projects/create_projects.md)
- [Assign Users to a Project](working_with_projects/add_users.md)
- [Project Configuration](working_with_projects/project_configuration.md)
- [Access and Search Project Logs](working_with_projects/access_project_logs.md)
- [Create Robot Accounts](working_with_projects/create_robot_accounts.md)
- [Configure Webhook Notifications](working_with_projects/configure_webhooks.md)
- [Configure a Per-Project CVE Whitelist](working_with_projects/configure_project_whitelist.md)
- [Implementing Content Trust](working_with_projects/implementing_content_trust.md)
- [Working with Images, Tags, and Helm Charts](working_with_projects/working_with_images.md)
- [Pulling and Pushing Images](working_with_projects/pulling_pushing_images.md)
- [Create Labels](working_with_projects/create_labels.md)
- [Retag Images](working_with_projects/retagging_images.md)
- [Create Tag Retention Rules](working_with_projects/create_tag_retention_rules.md)
- [Create Tag Immutability Rules](working_with_projects/create_tag_immutability_rules.md)
- [Manage Kubernetes Packages with Helm Charts](working_with_projects/managing_helm_charts.md)
## Build, Customize, and Contribute to Harbor
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project.
- [Build Harbor from Source Code](build_customize_contribute/compile_guide.md)
- [Developing the Harbor Frontend](build_customize_contribute/ui_contribution_get_started.md)
- [Customize the Harbor Look & Feel ](build_customize_contribute/customize_look_feel.md)
- [Developing for Internationalization](build_customize_contribute/developer_guide_i18n.md)
- [Using Make](build_customize_contribute/use_make.md)
- [View and test Harbor REST API via Swagger](build_customize_contribute/configure_swagger.md)
- [Registry Landscape](build_customize_contribute/registry_landscape.md)
See also the list of [Articles from the Harbor Community](https://github.com/goharbor/harbor/blob/master/docs/README.md#articles-from-the-community).

60
docs/1.10/install_config/README.md
View File

@ -1,60 +0,0 @@
[Back to table of contents](../index.md)
----------
# Harbor Installation and Configuration
This section describes how to perform a new installation of Harbor.
If you are upgrading from a previous version of Harbor, you might need to update the configuration file and migrate your data to fit the database schema of the later version. For information about upgrading, see [Upgrading Harbor](../../administration/upgrade/upgrade_migrate_data.md).
Before you install Harbor, you can test its functionality on a demo server that the Harbor team has made available. For information, see [Test Harbor with the Demo Server](demo_server.md).
You can use Harbor with different 3rd party replication adapters, OIDC adapters, and scanner adapters. For information about the supported adapters, see the [Harbor Compatibility List](harbor_compatibility_list.md).
## Installation Process
The standard Harbor installation process involves the following stages:
1. Make sure that your target host meets the [Harbor Installation Prerequisites](installation_prereqs.md).
1. [Download the Harbor Installer](download_installer.md)
1. [Configure HTTPS Access to Harbor](configure_https.md)
1. [Configure the Harbor YML File](configure_yml_file.md)
1. [Run the Installer Script](run_installer_script.md)
If installation fails, see [Troubleshooting Harbor Installation](troubleshoot_installation.md).
## Quick Installation
You can run a script that deploys Harbor to Ubuntu 18.04 with a single command. For information, see [Deploy Harbor with the Quick Installation Script](quick_install_script.md).
## Deploy Harbor on Kubernetes
You can also use Helm to install Harbor on a Kubernetes cluster, to make it highly available. For information about installing Harbor with Helm on a Kubernetes cluster, see [Deploying Harbor with High Availability via Helm](harbor_ha_helm.md).
## Post-Installation Configuration
For information about how manage your deployed Harbor instance, see [Reconfigure Harbor and Manage the Harbor Lifecycle](reconfigure_manage_lifecycle.md).
By default, Harbor uses its own private key and certificate to authenticate with Docker. For information about how to optionally customize your configuration to use your own key and certificate, see [Customize the Harbor Token Service](customize_token_service.md).
After installation, you perform configuration operations in the Harbor interface. However, Harbor also provides a command line interface (CLI) that allows yoy to [Configure Harbor User Settings at the Command Line](configure_user_settings_cli.md).
## Harbor Components
The table below lists the components that are deployed when you deploy Harbor.
|Component|Version|
|---|---|
|Postgresql|9.6.10-1.ph2|
|Redis|4.0.10-1.ph2|
|Clair|2.0.8|
|Beego|1.9.0|
|Chartmuseum|0.9.0|
|Docker/distribution|2.7.1|
|Docker/notary|0.6.1|
|Helm|2.9.1|
|Swagger-ui|3.22.1|
----------
[Back to table of contents](../index.md)

11
docs/1.10/working_with_projects/README.md
View File

@ -1,11 +0,0 @@
# Working with Projects
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects. The Harbor administrator can also perform all of these tasks.
- [Create Projects](create_projects.md)
- [Project Configuration](project_configuration.md)
- [Working with Images, Tags, and Helm Charts](working_with_images.md)
----------
[Back to table of contents](../index.md)

25
docs/1.10/working_with_projects/implementing_content_trust.md
View File

@ -1,25 +0,0 @@
[Back to table of contents](../index.md)
----------
# Implementing Content Trust
**NOTE: Notary is an optional component, please make sure you have already installed it in your Harbor instance before you go through this section.**
If you want to enable content trust to ensure that images are signed, please set two environment variables in the command line before pushing or pulling any image:
```sh
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://10.117.169.182:4443
```
If you push the image for the first time, You will be asked to enter the root key passphrase. This will be needed every time you push a new image while the ``DOCKER_CONTENT_TRUST`` flag is set.
The root key is generated at: ``/root/.docker/trust/private/root_keys``
You will also be asked to enter a new passphrase for the image. This is generated at ``/root/.docker/trust/private/tuf_keys/[registry name] /[imagepath]``.
If you are using a self-signed cert, make sure to copy the CA cert into ```/etc/docker/certs.d/10.117.169.182``` and ```$HOME/.docker/tls/10.117.169.182:4443/```. When an image is signed, it is indicated in the Web UI.
**Note: Replace "10.117.169.182" with the IP address or domain name of your Harbor node. In order to use content trust, HTTPS must be enabled in Harbor.**
When an image is signed, it has a tick shown in UI; otherwise, a cross sign(X) is displayed instead.
![browse project](../img/content_trust.png)
----------
[Back to table of contents](../index.md)

19
docs/1.10/working_with_projects/using_api_explorer.md
View File

@ -1,19 +0,0 @@
[Back to table of contents](../index.md)
----------
# Using the API Explorer
Harbor integrated swagger UI from 1.8. That means all apis can be invoked through UI. Normally, user have 2 ways to navigate to API Explorer.
1. User can login harbor, and click the "API EXPLORER" button.All apis will be invoked with current user authorization.
![navigation bar](../img/api_explorer_btn.png)
2. User can navigate to swagger page by ip address by router "devcenter". For example: https://10.192.111.118/devcenter. After go to the page, need to click "authorize" button to give basic authentication to all apis. All apis will be invoked with the authorized user authorization.
![authentication](../img/authorize.png)
----------
[Back to table of contents](../index.md)

15
docs/1.10/working_with_projects/working_with_images.md
View File

@ -1,15 +0,0 @@
# Working with Images and Tags
This section describes how to work with images and tags in Harbor.
- [Pulling and Pushing Images](pulling_pushing_images.md)
- [Create Labels](create_labels.md)
- [Retag Images](retagging_images.md)
- [Create Tag Retention Rules](create_tag_retention_rules.md)
- [Create Tag Immutability Rules](create_tag_immutability_rules.md)
- [Manage Kubernetes Packages with Helm Charts](managing_helm_charts.md)
----------
[Back to table of contents](../index.md)

111
docs/README.md
View File

@ -1,47 +1,90 @@
# User and Developer Documentation
Harbor Documentation
For the Harbor 1.10 docs, please go to https://github.com/goharbor/harbor/blob/master/docs/1.10/index.md.
This is the main table of contents for the Harbor 1.10.x documentation.
For older versions of the docs, please select the appropriate `release-1.xx.x` branch and go to the `docs` folder.
## Harbor Installation and Configuration
See also the [Harbor Architecture Overview](https://github.com/vmware/harbor/wiki/Architecture-Overview-of-Harbor).
This section describes how to install Harbor and perform the required initial configurations. These day 1 operations are performed by the Harbor Administrator.
# Articles from the Harbor Community
- [Introduction](install-config/_index.md)
- [Test Harbor with the Demo Server](install-config/demo-server.md)
- [Harbor Compatibility List](install-config/harbor-compatibility-list.md)
- [Harbor Installation Prerequisites](install-config/installation-prereqs.md)
- [Download the Harbor Installer](install-config/download-installer.md)
- [Configure HTTPS Access to Harbor](install-config/configure-https.md)
- [Configure the Harbor YML File](install-config/configure-yml-file.md)
- [Run the Installer Script](install-config/run-installer-script.md)
- [Deploying Harbor with High Availability via Helm](install-config/harbor-ha-helm.md)
- [Deploy Harbor with the Quick Installation Script](install-config/quick-install-script.md)
- [Troubleshooting Harbor Installation](install-config/troubleshoot-installation.md)
- [Reconfigure Harbor and Manage the Harbor Lifecycle](install-config/reconfigure-manage-lifecycle.md)
- [Customize the Harbor Token Service](install-config/customize-token-service.md)
- [Configure Harbor User Settings at the Command Line](install-config/configure-user-settings-cli.md)
## Harbor Administration
[Python SDK](../contrib/registryapi)
This section describes how to use and maintain Harbor after deployment. These day 2 operations are performed by the Harbor Administrator.
[Harbor CLI](https://github.com/int32bit/harborclient)
- [Introduction](administration/_index.md)
- [Configuring Authentication](administration/configure-authentication/_index.md)
- [Configure Database Authentication](administration/configure-authentication/db-auth.md)
- [Configure LDAP/Active Directory Authentication](administration/configure-authentication/ldap-auth.md)
- [Configure OIDC Provider Authentication](administration/configure-authentication/oidc-auth.md)
- [Managing Users](administration/managing-users/_index.md)
- [User Permissions By Role](administration/managing-users/user-permissions-by-role.md)
- [Create User Accounts in Database Mode](administration/managing-users/create-users-db.md)
- [Configure Global Settings](administration/general-settings/_index.md)
- [Configure Project Quotas](administration/configure-project-quotas/_index.md)
- [Configuring Replication](administration/configuring-replication/_index.md)
- [Create Replication Endpoints](administration/configuring-replication/create-replication-endpoints.md)
- [Create Replication Rules](administration/configuring-replication/create-replication-rules.md)
- [Manage Replications](administration/configuring-replication/manage-replications.md)
- [Vulnerability Scanning](administration/vulnerability-scanning/_index.md)
- [Connect Harbor to Additional Vulnerability Scanners](administration/vulnerability-scanning/pluggable-scanners.md)
- [Scan Individual Images](administration/vulnerability-scanning/scan-individual-image.md)
- [Scan All Images](administration/vulnerability-scanning/scan-all-images.md)
- [Schedule Scans](administration/vulnerability-scanning/schedule-scans.md)
- [Import Vulnerability Data to an Offline Harbor instance](administration/vulnerability-scanning/import-vulnerability-data.md)
- [Configure System-Wide CVE Whitelists](administration/vulnerability-scanning/configure-system-whitelist.md)
- [Garbage Collection](administration/garbage-collection/_index.md)
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade-migrate-data.md)
- [Upgrading Harbor Deployed with Helm](administration/upgrade/helm-upgrade.md)
- [Roll Back an Upgrade](administration/upgrade/roll-back-upgrade.md)
- [Test Harbor Upgrade](administration/upgrade/upgrade-test.md)
[Deploy Harbor using Docker Machine](../contrib/deploying_using_docker_machine.md)
## Working with Harbor Projects
[Configuring Harbor as a local registry mirror](../contrib/Configure_mirror.md)
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects.
[Remote site replicated Docker Registries with VMware Harbor](http://www.vmtocloud.com/remote-site-replicated-docker-registries-with-vmware-harbor/)
- [Introduction](working-with-projects/_index.md)
- [Create Projects](working-with-projects/create-projects/_index.md)
- [Assign Users to a Project](working-with-projects/add-users.md)
- [Project Configuration](working-with-projects/project-configuration/_index.md)
- [Access and Search Project Logs](working-with-projects/access-project-logs.md)
- [Create Robot Accounts](working-with-projects/create-robot-accounts.md)
- [Configure Webhook Notifications](working-with-projects/configure-webhooks.md)
- [Configure a Per-Project CVE Whitelist](working-with-projects/configure-project-whitelist.md)
- [Implementing Content Trust](working-with-projects/implementing-content-trust.md)
- [Working with Images, Tags, and Helm Charts](working-with-projects/working-with-images.md)
- [Pulling and Pushing Images](working-with-projects/pulling-pushing-images.md)
- [Create Labels](working-with-projects/create-labels.md)
- [Retag Images](working-with-projects/retagging-images.md)
- [Create Tag Retention Rules](working-with-projects/create-tag-retention-rules.md)
- [Create Tag Immutability Rules](working-with-projects/create-tag-immutability-rules.md)
- [Manage Kubernetes Packages with Helm Charts](working-with-projects/managing-helm-charts.md)
- [Using API Explorer](working-with-projects/using-api-explorer/_index.md)
[Hybrid cloud Docker Registry with VMware Harbor](http://www.vmtocloud.com/hybrid-cloud-docker-registry-with-vmware-harbor/)
## Build, Customize, and Contribute to Harbor
[Harbor Registry Blueprint for vRA](http://www.vmtocloud.com/harbor-registry-blueprint-is-here/)
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project.
[Architecture of Harbor: An Open Source Enterprise-class Registry Server](http://www.think-foundry.com/architecture-of-harbor-an-open-source-enterprise-class-registry-server/)
- [Build Harbor from Source Code](build-customize-contribute/compile-guide.md)
- [Developing the Harbor Frontend](build-customize-contribute/ui-contribution-get-started.md)
- [Customize the Harbor Look & Feel ](build-customize-contribute/customize-look-feel.md)
- [Developing for Internationalization](build-customize-contribute/developer-guide-i18n.md)
- [Using Make](build-customize-contribute/use-make.md)
- [View and test Harbor REST API via Swagger](build-customize-contribute/configure-swagger.md)
- [Registry Landscape](build-customize-contribute/registry-landscape.md)
- [E2E Test Scripting Guide](build-customize-contribute/e2e_api_python_based_scripting_guide.md)
[Private Harbor Registry Achieves High Availability based on Virtual SAN](http://www.think-foundry.com/private-docker-registry-harbor-achieves-ha-based-on-virtual-san/)
[Working with Harbor Registry REST API via Swagger](http://www.think-foundry.com/working-with-harbor-registry-rest-api-via-swagger/)
[How to use Harbor with Minio](https://blog.minio.io/how-to-use-vmware-harbor-with-minio-c07a5c4ae31b)
[Harbor, an enterprise class registry server](https://vorcunus.blog/2017/03/11/harbor-an-enterprise-class-registry-server/)
[Hybrid Container Management for vCloud Director with Harbor](https://blogs.vmware.com/vcat/2017/03/hybrid-container-management-vcloud-director-vmware-harbor.html)
[Project Harbor Reached Milestone of 2000 Stars](http://www.think-foundry.com/project-harbor-reaches-milestone-2000-stars-github/)
[Project Harbor in action](http://cormachogan.com/2016/08/05/project-harbor-action/)
[Using vSphere docker volume driver to run Project Harbor on VSAN](http://cormachogan.com/2016/07/29/using-vsphere-docker-volume-driver-run-project-harbor-vsan/)
[Overall Architecture of Harbor Registry](http://www.compare-review-information.com/overall-architecture-of-harbor-registry/)
[Making a Private Secured Docker Registry in 15 Minutes](http://alexanderzeitler.com/articles/deploying-a-private-secured-docker-registry-within-15-minutes/)
[Docker Private Registry Using Harbor](https://blog.imaginea.com/docker-private-registry-using-harbor-2/)
See also the list of [Articles from the Harbor Community](https://github.com/goharbor/harbor/blob/master/docs/README.md#articles-from-the-community).

27
docs/_index.md Normal file
View File

@ -0,0 +1,27 @@
---
title: Harbor 1.10 Documentation
---
Welcome to the Harbor 1.10.x documentation. This documentation includes all of the information that you need to install, configure, and use Harbor.
## Harbor Installation and Configuration
This section describes how to install Harbor and perform the required initial configuration. These day 1 operations are performed by the Harbor Administrator. [Read more](install-config/_index.md)
## Harbor Administration
This section describes how to use and maintain your Harbor registry instance after deployment. These day 2 operations are performed by the Harbor Administrator. [Read more](administration/_index.md)
## Working with Harbor Projects
This section describes how users with the developer, master, and project administrator roles manage users, and create, configure, and participate in Harbor projects. [Read more](working-with-projects/_index.md)
## Building, Customizing, and Contributing to Harbor
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project. [Read more](build-customize-contribute/_index.md)
## Access the Documentation Source Files
The source files for this documentation set are located in the [Harbor repository on Github](https://github.com/goharbor/harbor/blob/master/docs/1.10/).
For versions of the docs before 1.10.x, go to the [`docs` folder in the Github repository](https://github.com/goharbor/harbor/tree/master/docs) and select the appropriate `release-1.xx.x` branch.

25
docs/1.10/administration/README.md → docs/administration/_index.md
View File

@ -1,18 +1,17 @@
# Harbor Administration
---
title: Harbor Administration
weight: 10
---
This section describes how to configure and maintain Harbor after deployment. These operations are performed by the Harbor system administrator. The Harbor system administrator performs global configuration operations that apply to the whole Harbor instance.
The operations that are performed by the Harbor system administrator are the following.
- Select database, LDAP/Active Directory, or OIDC based authentication. For information, see [Configuring Authentication](configure_authentication/configure_authentication.md).
- Add users in database authentication mode and assign the system administrator role to other users. For information, see [Role Based Access Control](managing_users/rbac.md).
- Configure global settings, such as configuring an email server, setting the registry to read-only mode, and restriction who can create projects. For information, see [Configure Global Settings](general_settings.md).
- Apply resource quotas to projects. For information, see [Configure Project Quotas](configure_project_quotas.md).
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](configuring_replication/configuring_replication.md).
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](vulnerability_scanning/vulnerability_scanning.md).
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](garbage_collection.md).
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade_migrate_data.md).
----------
[Back to table of contents](../index.md)
- Select database, LDAP/Active Directory, or OIDC based authentication. For information, see [Configuring Authentication](configure-authentication).
- Add users in database authentication mode and assign the system administrator role to other users. For information, see [Managing Users](managing-users).
- Configure global settings, such as configuring an email server, setting the registry to read-only mode, and restriction who can create projects. For information, see [Configure Global Settings](general-settings).
- Apply resource quotas to projects. For information, see [Configure Project Quotas](configure-project-quotas).
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](configuring-replication).
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](vulnerability-scanning).
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](garbage-collection).
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade-migrate-data.md).

22
docs/1.10/administration/configure_authentication/configure_authentication.md → docs/administration/configure-authentication/_index.md
View File

@ -1,16 +1,16 @@
# Configuring Authentication
---
title: Configuring Authentication
weight: 10
---
Harbor supports different modes for authenticating users and managing user accounts. You should select an authentication mode as soon as you deploy Harbor.
Harbor supports different modes for authenticating users and managing user accounts. You should select an authentication mode as soon as you deploy Harbor.
**IMPORTANT**: If you create user accounts in the Harbor database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
{{< important >}}
If you create user accounts in the Harbor database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
{{< /important >}}
- [Database Authentication](db_auth.md): You create and manage user accounts directly in Harbor. The user accounts are stored in the Harbor database.
- [LDAP/Active Directory Authentication](ldap_auth.md): You connect Harbor to an external LDAP/Active Directory server. The user accounts are created and managed by your LDAP/AD provider.
- [OIDC Provider Authentication](oidc_auth.md): You connect Harbor to an external OIDC provider. The user accounts are created and managed by your ODIC provider.
- [Database Authentication](db-auth.md): You create and manage user accounts directly in Harbor. The user accounts are stored in the Harbor database.
- [LDAP/Active Directory Authentication](ldap-auth.md): You connect Harbor to an external LDAP/Active Directory server. The user accounts are created and managed by your LDAP/AD provider.
- [OIDC Provider Authentication](oidc-auth.md): You connect Harbor to an external OIDC provider. The user accounts are created and managed by your ODIC provider.
The Harbor interface offers an option to configure UAA authentication. This authentication mode is not recommended and is not documented in this guide.
----------
[Back to table of contents](../../index.md)

25
docs/1.10/administration/configure_authentication/db_auth.md → docs/administration/configure-authentication/db-auth.md
View File

@ -1,31 +1,28 @@
[Back to table of contents](../../index.md)
----------
# Configure Database Authentication
---
title: Configure Database Authentication
weight: 15
---
In database authentication mode, user accounts are stored in the local database. By default, only the Harbor system administrator can create user accounts to add users to Harbor. You can optionally configure Harbor to allow self-registration.
**IMPORTANT**: If you create users in the database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
{{< important >}}
If you create users in the database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
{{< /important >}}
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
1. Leave **Auth Mode** set to the default **Database** option.
![Database authentication](../../img/db_auth.png)
![Database authentication](../../../img/db-auth.png)
1. Optionally select the **Allow Self-Registration** check box.
![Enable self-registration](../../img/new_self_reg.png)
![Enable self-registration](../../../img/new-self-reg.png)
If you enable the self registration option, users can register themselves in Harbor. Self-registration is disabled by default. If you enable self-registration, unregistered users can sign up for a Harbor account by clicking **Sign up for an account** in the Harbor log in page.
![Enable self-registration](../../img/self-registration-login.png)
![Enable self-registration](../../../img/self-registration-login.png)
## What to Do Next
For information about how to create users in database authentication mode, see [Create User Accounts in Database Mode](../managing_users/create_users_db.md).
----------
[Back to table of contents](../../index.md)
For information about how to create users in database authentication mode, see [Create User Accounts in Database Mode](../managing-users/create-users-db.md).

27
docs/1.10/administration/configure_authentication/ldap_auth.md → docs/administration/configure-authentication/ldap-auth.md
View File

@ -1,22 +1,23 @@
[Back to table of contents](../../index.md)
----------
# Configure LDAP/Active Directory Authentication
---
title: Configure LDAP/Active Directory Authentication
weight: 20
---
If you select LDAP/AD authentication, users whose credentials are stored in an external LDAP or AD server can log in to Harbor directly. In this case, you do not create user accounts in Harbor.
**IMPORTANT**: You can change the authentication mode from database to LDAP only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
{{< important >}}
You can change the authentication mode from database to LDAP only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
{{< /important >}}
Because the users are managed by LDAP or AD, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in LDAP/AD authentication mode.
If you want to manage user authentication by using LDAP groups, you must enable the `memberof` feature on the LDAP/AD server. With the `memberof` feature, the LDAP/AD user entity's `memberof` attribute is updated when the group entity's `member` attribute is updated, for example by adding or removing an LDAP/AD user from the LDAP/AD group. This feature is enabled by default in Active Directory. For information about how to enable and verify `memberof` overlay in OpenLDAP, see [this technical note]( https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay/).
If you want to manage user authentication by using LDAP groups, you must enable the `memberof` feature on the LDAP/AD server. With the `memberof` feature, the LDAP/AD user entity's `memberof` attribute is updated when the group entity's `member` attribute is updated, for example by adding or removing an LDAP/AD user from the LDAP/AD group. This feature is enabled by default in Active Directory. For information about how to enable and verify `memberof` overlay in OpenLDAP, see [this technical note](https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay).
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
1. Use the **Auth Mode** drop-down menu to select **LDAP**.
![LDAP authentication](../../img/select_ldap_auth.png)
![LDAP authentication](../../../img/select-ldap-auth.png)
1. Enter the address of your LDAP server, for example `ldaps://10.162.16.194`.
1. Enter information about your LDAP server.
@ -26,7 +27,7 @@ If you want to manage user authentication by using LDAP groups, you must enable
- **LDAP UID**: An attribute, for example `uid`, or `cn`, that is used to match a user with the username. If a match is found, the user's password is verified by a bind request to the LDAP/AD server.
- **LDAP Scope**: The scope to search for LDAP/AD users. Select from **Subtree**, **Base**, and **OneLevel**.
![Basic LDAP configuration](../../img/ldap_auth.png)
![Basic LDAP configuration](../../../img/ldap-auth.png)
1. If you want to manage user authentication with LDAP groups, configure the group settings.
- **LDAP Group Base DN**: The base DN from which to lookup a group in LDAP/AD. For example, `ou=groups,dc=example,dc=com`.
- **LDAP Group Filter**: The filter to search for LDAP/AD groups. For example, `objectclass=groupOfNames`.
@ -35,13 +36,9 @@ If you want to manage user authentication by using LDAP groups, you must enable
- **LDAP Group Membership**: The user attribute usd to identify a user as a member of a group. By default this is `memberof`.
- **LDAP Scope**: The scope to search for LDAP/AD groups. Select from **Subtree**, **Base**, and **OneLevel**.
![LDAP group configuration](../../img/ldap_groups.png)
![LDAP group configuration](../../../img/ldap-groups.png)
1. Uncheck **LDAP Verify Cert** if the LDAP/AD server uses a self-signed or untrusted certificate.
![LDAP certificate verification](../../img/ldap_cert_test.png)
![LDAP certificate verification](../../../img/ldap-cert-test.png)
1. Click **Test LDAP Server** to make sure that your configuration is correct.
1. Click **Save** to complete the configuration.
----------
[Back to table of contents](../../index.md)

43
docs/1.10/administration/configure_authentication/oidc_auth.md → docs/administration/configure-authentication/oidc-auth.md
View File

@ -1,14 +1,15 @@
[Back to table of contents](../../index.md)
----------
# Configure OIDC Provider Authentication
---
title: Configure OIDC Provider Authentication
weight: 25
---
If you select OpenID Connect (OIDC) authentication, users log in to the Harbor interface via an OIDC single sign-on (SSO) provider, such as Okta, KeyCloak, or dex. In this case, you do not create user accounts in Harbor.
**IMPORTANT**: You can change the authentication mode from database to OIDC only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
{{< important >}}
You can change the authentication mode from database to OIDC only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
{{< /important >}}
Because the users are managed by the OIDC provider, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in OIDC authentication mode.
Because the users are managed by the OIDC provider, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in OIDC authentication mode.
### Configure Your OIDC Provider
@ -27,7 +28,7 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
1. Use the **Auth Mode** drop-down menu to select **OIDC**.
![LDAP authentication](../../img/select_oidc_auth.png)
![LDAP authentication](../../../img/select-oidc-auth.png)
1. Enter information about your OIDC provider.
- **OIDC Provider Name**: The name of the OIDC provider.
@ -39,11 +40,11 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
The OIDC scope must contain `openid` and usually also contains `profile` and `email`. To obtain refresh tokens it should also contain `offline_access`. If you are using OIDC groups, a scope must identify the group claim. Check with your OIDC provider administrator for precise details of how to identify the group claim scope, as this differs from vendor to vendor.
![OIDC settings](../../img/oidc_auth_setting.png)
![OIDC settings](../../../img/oidc-auth-setting.png)
1. Uncheck **Verify Certificate** if the OIDC Provider uses a self-signed or untrusted certificate.
1. Verify that the Redirect URI that you configured in your OIDC provider is the same as the one displayed at the bottom of the page.
![OIDC certificate verification, URI, and test ](../../img/oidc_cert_verification.png)
![OIDC certificate verification, URI, and test ](../../../img/oidc-cert-verification.png)
1. Click **Test OIDC Server** to make sure that your configuration is correct.
1. Click **Save** to complete the configuration.
@ -51,7 +52,7 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
When the Harbor system administrator has configured Harbor to authenticate via OIDC a **Login via OIDC Provider** button appears on the Harbor login page.
![oidc_login](../../img/oidc_login.png)
![oidc_login](../../../img/oidc-login.png)
**NOTE:** When Harbor is configured authentication via OIDC, the **Username** and **Password** fields are reserved for the local Harbor system administrator to log in.
@ -60,7 +61,7 @@ When the Harbor system administrator has configured Harbor to authenticate via O
This redirects you to the OIDC Provider for authentication.
1. If this is the first time that you are logging in to Harbor with OIDC, specify a user name for Harbor to associate with your OIDC username.
![Specify Harbor username for OIDC](../../img/oidc_onboard_dlg.png)
![Specify Harbor username for OIDC](../../../img/oidc-onboard-dlg.png)
This is the user name by which you are identified in Harbor, which is used when adding you to projects, assigning roles, and so on. If the username is already taken, you are prompted to choose another one.
1. After the OIDC provider has authenticated you, you are redirected back to Harbor.
@ -74,13 +75,13 @@ The Docker and Helm CLIs cannot handle redirection for OIDC, so Harbor provides
1. Log in to Harbor with an OIDC user account.
1. Click your username at the top of the screen and select **User Profile**.
![Access user profile](../../img/user_profile.png)
![Access user profile](../../../img/user-profile.png)
1. Click the clipboard icon to copy the CLI secret associated with your account.
![Copy CLI secret](../../img/profile_dlg.png)
![Copy CLI secret](../../../img/profile-dlg.png)
1. Optionally click the **...** icon in your user profile to display buttons for automatically generating or manually creating a new CLI secret.
![Copy CLI secret](../../img/generate_create_new_secret.png)
![Copy CLI secret](../../../img/generate-create-new-secret.png)
A user can only have one CLI secret, so when a new secret is generated or create, the old one becomes invalid.
1. If you generated a new CLI secret, click the clipboard icon to copy it.
@ -88,11 +89,9 @@ The Docker and Helm CLIs cannot handle redirection for OIDC, so Harbor provides
You can now use your CLI secret as the password when logging in to Harbor from the Docker or Helm CLI.
<pre>
sh docker login -u testuser -p <i>cli_secret</i> jt-test.local.goharbor.io
</pre>
docker login -u testuser -p <i>cli_secret</i> jt-test.local.goharbor.io
</pre>
**NOTE**: The CLI secret is associated with the OIDC ID token. Harbor will try to refresh the token, so the CLI secret will be valid after the ID token expires. However, if the OIDC Provider does not provide a refresh token or the refresh fails, the CLI secret becomes invalid. In this case, log out and log back in to Harbor via your OIDC provider so that Harbor can get a new ID token. The CLI secret will then work again.
----------
[Back to table of contents](../../index.md)
{{< note >}}
The CLI secret is associated with the OIDC ID token. Harbor will try to refresh the token, so the CLI secret will be valid after the ID token expires. However, if the OIDC Provider does not provide a refresh token or the refresh fails, the CLI secret becomes invalid. In this case, log out and log back in to Harbor via your OIDC provider so that Harbor can get a new ID token. The CLI secret will then work again.
{{< /note >}}

42
docs/1.10/administration/configure_project_quotas.md → docs/administration/configure-project-quotas/_index.md
View File

@ -1,30 +1,34 @@
[Back to table of contents](../index.md)
----------
# Configure Project Quotas
---
title: Configure Project Quotas
weight: 25
---
To exercise control over resource use, as a Harbor system administrator you can set quotas on projects. You can limit the number of tags that a project can contain and limit the amount of storage capacity that a project can consume. You can set default quotas that apply to all projects globally.
**NOTE**: Default quotas apply to projects that are created after you set or change the default quota. The default quota is not applied to projects that already existed before you set it.
{{< note >}}
Default quotas apply to projects that are created after you set or change the default quota. The default quota is not applied to projects that already existed before you set it.
{{< /note >}}
You can also set quotas on individual projects. If you set a global default quota and you set different quotas on individual projects, the per-project quotas are applied.
By default, all projects have unlimited quotas for both tags and storage use.
1. Select the **Project Quotas** view.
![Project quotas](../../img/project-quota1.png)
![Project quotas](../../img/project-quota1.png)
1. To set global default quotas on all projects, click **Edit**.
![Project quotas](../../img/project-quota2.png)
1. For **Default artifact count**, enter the maximum number of tags that any project can contain at a given time, or enter `-1` to set the default to unlimited.
1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.
![Project quotas](../../img/project-quota3.png)
1. Click **OK**.
![Project quotas](../../img/project-quota2.png)
1. For **Default artifact count**, enter the maximum number of tags that any project can contain at a given time, or enter `-1` to set the default to unlimited.
1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.
![Project quotas](../../img/project-quota3.png)
1. Click **OK**.
1. To set quotas on an individual project, click the 3 vertical dots next to a project and select **Edit**.
![Project quotas](../../img/project-quota4.png)
1. For **Default artifact count**, enter the maximum number of tags that this individual project can contain, or enter `-1` to set the default to unlimited.
1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
![Project quotas](../../img/project-quota4.png)
1. For **Default artifact count**, enter the maximum number of tags that this individual project can contain, or enter `-1` to set the default to unlimited.
1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
After you set quotas, you can see how much of their quotas each project has consumed.
@ -37,7 +41,9 @@ When setting project quotas, it is useful to know how Harbor calculates tag numb
- Harbor computes image size when blobs and manifests are pushed from the Docker client.
- Harbor computes tag counts when manifests are pushed from the Docker client.
**NOTE**: When users push an image, the manifest is pushed last, after all of the associated blobs have been pushed successfully to the registry. If several images are pushed concurrently and if there is an insufficient number of tags left in the quota for all of them, images are accepted in the order that their manifests arrive. Consequently, an attempt to push an image might not be immediately rejected for exceeding the quota. This is because there was availability in the tag quota when the push was initiated, but by the time the manifest arrived the quota had been exhausted.
{{< note >}}
When users push an image, the manifest is pushed last, after all of the associated blobs have been pushed successfully to the registry. If several images are pushed concurrently and if there is an insufficient number of tags left in the quota for all of them, images are accepted in the order that their manifests arrive. Consequently, an attempt to push an image might not be immediately rejected for exceeding the quota. This is because there was availability in the tag quota when the push was initiated, but by the time the manifest arrived the quota had been exhausted.
{{< /note >}}
- Shared blobs are only computed once per project. In Docker, blob sharing is defined globally. In Harbor, blob sharing is defined at the project level. As a consequence, overall storage usage can be greater than the actual disk capacity.
- Retagging images reserves and releases resources:
- If you retag an image within a project, the tag count increases by one, but storage usage does not change because there are no new blobs or manifests.
@ -45,7 +51,3 @@ When setting project quotas, it is useful to know how Harbor calculates tag numb
- During garbage collection, Harbor frees the storage used by untagged blobs in the project.
- If the tag count reaches the limit, image blobs can be pushed into a project and storage usage is updated accordingly. You can consider these blobs to be untagged blobs. They can be removed by garbage collection, and the storage that they consume is returned after garbage colletion.
- Helm chart size is not calculated. Only tag counts are calculated.
----------
[Back to table of contents](../index.md)

18
docs/1.10/administration/configuring_replication/configuring_replication.md → docs/administration/configuring-replication/_index.md
View File

@ -1,4 +1,7 @@
# Configuring Replication
---
title: Configuring Replication
weight: 30
---
Replication allows users to replicate resources, namely images and charts, between Harbor and non-Harbor registries, in both pull or push mode.
@ -6,13 +9,6 @@ When the Harbor system administrator has set a replication rule, all resources t
There might be some delay during replication based on the condition of the network. If a replication task fails, it is re-scheduled for a few minutes later and retried several times.
**NOTE:** Due to API changes, replication between different versions of Harbor is not supported.
- [Create Replication Endpoints](create_replication_endpoints.md)
- [Create Replication Rules](create_replication_rules.md)
- [Running Replication Manually](manage_replications.md)
----------
[Back to table of contents](../../index.md)
{{< note >}}
Due to API changes, replication between different versions of Harbor is not supported.
{{< /note >}}

39
docs/1.10/administration/configuring_replication/create_replication_endpoints.md → docs/administration/configuring-replication/create-replication-endpoints.md
View File

@ -1,14 +1,14 @@
[Back to table of contents](../../index.md)
----------
# Creating Replication Endpoints
---
title: Creating Replication Endpoints
weight: 20
---
To replicate image repositories from one instance of Harbor to another Harbor or non-Harbor registry, you first create replication endpoints.
1. Go to **Registries** and click the **+ New Endpoint** button.
![New replication endpoint](../../img/replication-endpoint1.png)
![New replication endpoint](../../../img/replication-endpoint1.png)
1. For **Provider**, use the drop-down menu to select the type of registry to set up as a replication endpoint.
The endpoint can be another Harbor instance, or a non-Harbor registry. Currently, the following non-Harbor registries are supported:
@ -25,32 +25,35 @@ To replicate image repositories from one instance of Harbor to another Harbor or
- Quay.io
- Jfrog Artifactory
![Replication providers](../../img/replication-endpoint2.png)
![Replication providers](../../../img/replication-endpoint2.png)
1. Enter a suitable name and description for the new replication endpoint.
1. Enter the full URL of the registry to set up as a replication endpoint.
For example, to replicate to another Harbor instance, enter https://harbor_instance_address:443. The registry must exist and be running before you create the endpoint.
1. Enter the Access ID and Access Secret for the endpoint registry instance.
Use an account that has the appropriate privileges on that registry, or an account that has write permission on the corresponding project in a Harbor registry.
**NOTES**:
- AWS ECR adapters should use access keys, not a username and password. The access key should have sufficient permissions, such as storage permission.
- Google GCR adapters should use the entire JSON key generated in the service account. The namespace should start with the project ID.
Use an account that has the appropriate privileges on that registry, or an account that has write permission on the corresponding project in a Harbor registry.
{{< note >}}
- AWS ECR adapters should use access keys, not a username and password. The access key should have sufficient permissions, such as storage permission.
- Google GCR adapters should use the entire JSON key generated in the service account. The namespace should start with the project ID.
{{< /note >}}
1. Optionally, select the **Verify Remote Cert** check box.
Deselect the check box if the remote registry uses a self-signed or untrusted certificate.
Deselect the check box if the remote registry uses a self-signed or untrusted certificate.
1. Click **Test Connection**.
1. When you have successfully tested the connection, click **OK**.
## Managing Registries
You can list, add, edit and delete registries under `Administration->Registries`. Only registries which are not referenced by any rules can be deleted.
![browse project](../../img/manage_registry.png)
You can list, add, edit and delete registries under **Administration** -> **Registries**. Only registries which are not referenced by any rules can be deleted.
![browse project](../../../img/manage-registry.png)
----------
## What to Do Next
[Back to table of contents](../../index.md)
After you configure replication endpoints, see [Creating a Replication Rule](create-replication-rules.md).

40
docs/1.10/administration/configuring_replication/create_replication_rules.md → docs/administration/configuring-replication/create-replication-rules.md
View File

@ -1,31 +1,30 @@
[Back to table of contents](../../index.md)
---
title: Creating a Replication Rule
weight: 25
---
----------
# Creating a Replication Rule
A replication endpoint must exist before you create a replication rule. To create an endpoint, follow the instructions in [Creating Replication Endpoints](create_replication_endpoints.md).
A replication endpoint must exist before you create a replication rule. To create an endpoint, follow the instructions in [Creating Replication Endpoints](create-replication-endpoints.md).
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Expand **Administration**, and select **Replications**.
![Add a replication rule](../../img/replication-rule1.png)
![Add a replication rule](../../../img/replication-rule1.png)
1. Click **New Replication Rule**.
1. Provide a name and description for the replication rule.
1. Select **Push-based** or **Pull-based** replication, depending on whether you want to replicate images to or from the remote registry.
![Replication mode](../../img/replication-rule2.png)
![Replication mode](../../../img/replication-rule2.png)
1. For **Source resource filter**, identify the images to replicate.
![Replication filters](../../img/replication-rule3.png)
![Replication filters](../../../img/replication-rule3.png)
* **Name**: Replicate resources with a given name by entering an image name or fragment.
* **Tag**: Replicate resources with a given tag by entering a tag name or fragment.
* **Label**: Replicate resources with a given label by using the drop-down menu to select from the available labels.
* **Resource**: Replicate images, charts, or both.
The name filter and tag filters support the following patterns:
* **\***: Matches any sequence of non-separator characters `/`.
* **\*\***: Matches any sequence of characters, including path separators `/`.
* **?**: Matches any single non-separator character `/`.
@ -34,9 +33,9 @@ A replication endpoint must exist before you create a replication rule. To creat
* **\*\***: Matches any sequence of characters, including path separators `/`.
* **?**: Matches any single non-separator character `/`.
* **{alt1,...}**: Matches a sequence of characters if one of the comma-separated alternatives matches.
**NOTE:** You must add `library` if you want to replicate the official images of Docker Hub. For example, `library/hello-world` matches the official hello-world images.
Pattern | String(Match or not)
---------- | -------
`library/*` | `library/hello-world`(Y)<br> `library/my/hello-world`(N)
@ -48,20 +47,21 @@ A replication endpoint must exist before you create a replication rule. To creat
If you do not enter a namespace, resources are placed in the same namespace as in the source registry.
![Destination and namespaces](../../img/replication-rule4.png)
![Destination and namespaces](../../../img/replication-rule4.png)
1. Use the Trigger Mode drop-down menu to select how and when to run the rule.
* **Manual**: Replicate the resources manually when needed. **Note**: Deletion operations are not replicated.
* **Scheduled**: Replicate the resources periodically by defining a cron job. **Note**: Deletion operations are not replicated.
* **Event Based**: When a new resource is pushed to the project, or an image is retagged, it is replicated to the remote registry immediately. If you select the `Delete remote resources when locally deleted`, if you delete an image, it is automatically deleted from the replication target.
* **Event Based**: When a new resource is pushed to the project, or an image is retagged, it is replicated to the remote registry immediately. If you select the **Delete remote resources when locally deleted**, if you delete an image, it is automatically deleted from the replication target.
**NOTE**: You can filter images for replication based on the labels that are applied to the images. However, changing a label on an image does not trigger replication. Event-based replication is limited to pushing, retagging, and deleting images.
{{< note >}}
You can filter images for replication based on the labels that are applied to the images. However, changing a label on an image does not trigger replication. Event-based replication is limited to pushing, retagging, and deleting images.
{{< /note >}}
![Trigger mode](../../img/replication-rule5.png)
![Trigger mode](../../../img/replication-rule5.png)
1. Optionally select the Override checkbox to force replicated resources to replace resources at the destination with the same name.
1. Click **Save** to create the replication rule.
## What to Do Next
----------
[Back to table of contents](../../index.md)
After you create a replication rule, see [Running Replication Manually](manage-replications.md).

22
docs/1.10/administration/configuring_replication/manage_replications.md → docs/administration/configuring-replication/manage-replications.md
View File

@ -1,28 +1,22 @@
[Back to table of contents](../../index.md)
----------
# Running Replication Manually
---
title: Running Replication Manually
weight: 30
---
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Expand **Administration**, and select **Replications**.
1. Select a replication rule and click **Replicate**.
![Add a replication rule](../../img/replication-rule6.png)
![Add a replication rule](../../../img/replication-rule6.png)
The resources to which the rule is applied start to replicate from the source registry to the destination immediately.
The resources to which the rule is applied start to replicate from the source registry to the destination immediately.
1. Click the rule to see its execution status.
1. Click the **ID** of the execution to see the details of the replication and the task list. The count of `IN PROGRESS` status in the summary includes both `Pending` and `In Progress` tasks.
1. Optionally click **STOP** to stop the replication.
1. Click the log icon to see detailed information about the replication task.
![View replication task](../../img/list_tasks.png)
![View replication task](../../../img/list-tasks.png)
To edit or delete a replication rule, select the replication rule in the **Replications** view and click **Edit** or **Delete**. Only rules which have no executions in progress can be edited deleted.
![Delete or edit rule](../../img/replication-rule6.png)
----------
[Back to table of contents](../../index.md)
![Delete or edit rule](../../../img/replication-rule6.png)

35
docs/1.10/administration/garbage_collection.md → docs/administration/garbage-collection/_index.md
View File

@ -1,8 +1,7 @@
[Back to table of contents](../index.md)
----------
# Garbage Collection
---
title: Garbage Collection
weight: 40
---
When you delete images from Harbor, space is not automatically freed up. You must run garbage collection to free up space by removing blobs that are no longer referenced by a manifest from the file system.
@ -11,7 +10,9 @@ When you delete images from Harbor, space is not automatically freed up. You mus
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Expand **Administration**, and select **Garbage Collection**.
1. Select the **'Garbage Collection'** tab.
![Garbage collection](../../img/garbage-collection.png)
![Garbage collection](../../img/garbage-collection.png)
1. To run garbage collection immediately, click **GC Now**.
When you run garbage collection, Harbor goes into read-only mode. All modifications to the registry are prohibited.
@ -23,17 +24,17 @@ To avoid triggering the garbage collection process too frequently, the availabil
1. Expand **Administration**, and select **Garbage Collection**.
1. Select the **'Garbage Collection'** tab.
1. Use the drop down-menu to select how often to run garbage collection.
![Schedule garbage collection](../../img/gc_policy.png)
* **None**: No garbage collection is scheduled.
* **Hourly**: Run garbage collection at the beginning of every hour.
* **Daily**: Run garbage collection at midnight every day.
* **Weekly**: Run garbage collection at midnight every Saturday.
* **Custom**: Run garbage collection according to a `cron` job.
![Schedule garbage collection](../../img/gc-policy.png)
* **None**: No garbage collection is scheduled.
* **Hourly**: Run garbage collection at the beginning of every hour.
* **Daily**: Run garbage collection at midnight every day.
* **Weekly**: Run garbage collection at midnight every Saturday.
* **Custom**: Run garbage collection according to a `cron` job.
1. Click **Save**.
1. Select the **History** tab to view records of the 10 most recent garbage collection runs.
![Garbage collection history](../../img/gc_history.png)
![Garbage collection history](../../img/gc-history.png)
1. Click on the **Logs** link to view the related logs.
----------
[Back to table of contents](../index.md)

31
docs/1.10/administration/general_settings.md → docs/administration/general-settings/_index.md
View File

@ -1,40 +1,35 @@
[Back to table of contents](../index.md)
----------
# Configure Global Settings
---
title: Configure Global Settings
weight: 20
---
You can configure Harbor to connect to an email server, set the registry in read-only mode, and configure Harbor so that only system administrators can create projects.
## Configure an Email Server
You can configure Harbor to connect to an email server. The email server is only used to send out responses to users who request to reset their password.
You can configure Harbor to connect to an email server. The email server is only used to send out responses to users who request to reset their password.
![browse project](../../img//new_config_email.png)
![browse project](../../img/new-config-email.png)
## Make the Registry Read Only
You can set Harbor to read-only mode. In read-only mode, Harbor allows `docker pull` but prevents `docker push` and the deletion of repositories and tags.
![Read-only mode](../../img//read_only.png)
![Read-only mode](../../img/read-only.png)
If it set to true, deleting repositories, tags and pushing images are not permitted.
![browse project](../../img//read_only_enable.png)
![browse project](../../img/read-only-enable.png)
```
$ docker push 10.117.169.182/demo/ubuntu:14.04
```sh
docker push 10.117.169.182/demo/ubuntu:14.04
The push refers to a repository [10.117.169.182/demo/ubuntu]
0271b8eebde3: Preparing
denied: The system is in read only mode. Any modification is prohibited.
denied: The system is in read only mode. Any modification is prohibited.
```
## Set Who Can Create Projects
Use the **Project Creation** drop-down menu to set which users can create projects. Select **Everyone** to allow all users to create projects. Select **Admin Only** to allow only users with the Harbor system administrator role to create projects.
![browse project](../../img/new_proj_create.png)
Use the **Project Creation** drop-down menu to set which users can create projects. Select **Everyone** to allow all users to create projects. Select **Admin Only** to allow only users with the Harbor system administrator role to create projects.
----------
[Back to table of contents](../index.md)
![browse project](../../img/new-proj-create.png)

35
docs/1.10/administration/managing_users/rbac.md → docs/administration/managing-users/_index.md
View File

@ -1,38 +1,33 @@
[Back to table of contents](../../index.md)
---
title: Managing Users
weight: 15
---
----------
Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them.
# Harbor Role Based Access Control (RBAC)
Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them.
![rbac](../../img/rbac.png)
![RBAC](../../img/rbac.png)
* **Limited Guest**: A Limited Guest does not have full read privileges for a project. They can pull images but cannot push, and they cannot see logs or the other members of a project. For example, you can create limited guests for users from different organizations who share access to a project.
* **Guest**: Guest has read-only privilege for a specified project. They can pull and retag images, but cannot push.
* **Developer**: Developer has read and write privileges for a project.
* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts.
* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts.
* **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan.
Besides the above roles, there are two system-level roles:
Besides the above roles, there are two system-level roles:
* **Harbor system administrator**: "Harbor system administrator" has the most privileges. In addition to the privileges mentioned above, "Harbor system administrator" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
* **Harbor system administrator**: "Harbor system administrator" has the most privileges. In addition to the privileges mentioned above, "Harbor system administrator" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md).
For full details of the permissions of the different roles, see [User Permissions By Role](user-permissions-by-role.md).
If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](create_users_db.md).
If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](create-users-db.md).
If you run Harbor in LDAP/AD or OIDC authentication mode, you create and manage user accounts in your LDAP/AD or OIDC provider. Harbor obtains the users from the LDAP/AD or OIDC server and displays them in the **Users** tab of the Harbor interface.
## Assigning the Harbor System Administrator Role
Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking **Set as Administrator** in the **Users** tab.
Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking **Set as Administrator** in the **Users** tab.
![browse project](../../img/new_set_admin_remove_user.png)
![browse project](../../img/new-set-admin-remove-user.png)
To delete users, select a user and click `DELETE`. Deleting user is only supported under database authentication mode.
----------
[Back to table of contents](../../index.md)
To delete users, select a user and click `DELETE`. Deleting users is only supported under database authentication mode.

21
docs/administration/managing-users/create-users-db.md Normal file
View File

@ -0,0 +1,21 @@
---
title: Create User Accounts in Database Mode
weight: 25
---
In database authentication mode, the Harbor system administrator creates user accounts manually.
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Users**.
![Create user account](../../../img/create-user.png)
1. Click **New User**.
1. Enter information about the new user.
![Provide user information](../../../img/new-user.png)
- The username must be unique in the Harbor system
- The email address is used for password recovery
- The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
If users forget their password, there is a **Forgot Password** in the Harbor log in page. To use this feature, you must [configure an email server](../general-settings/_index.md).

23
docs/1.10/administration/managing_users/user_permissions_by_role.md → docs/administration/managing-users/user-permissions-by-role.md
View File

@ -1,8 +1,7 @@
[Back to table of contents](../../index.md)
----------
# User Permissions By Role
---
title: User Permissions By Role
weight: 20
---
Users have different abilities depending on the role they in a project.
@ -33,8 +32,8 @@ The following table depicts the various user permission levels in a project.
| Pull image | ✓ | ✓ | ✓ | ✓ | ✓ |
| Push image | | | ✓ | ✓ | ✓ |
| Scan/delete image | | | | ✓ | ✓ |
| Add scanners to Harbor | | | | | |
| Edit scanners in projects | | | | | ✓ |
| Add scanners to Harbor | | | | | |
| Edit scanners in projects | | | | | ✓ |
| See a list of image vulnerabilities | ✓ | ✓ | ✓ | ✓ | ✓ |
| See image build history | ✓ | ✓ | ✓ | ✓ | ✓ |
| Add/Remove labels of image | | | ✓ | ✓ | ✓ |
@ -54,13 +53,9 @@ The following table depicts the various user permission levels in a project.
| Enable/disable webhooks | | | ✓ | ✓ | ✓ |
| Create/delete tag retention rules | | | ✓ | ✓ | ✓ |
| Enable/disable tag retention rules | | | ✓ | ✓ | ✓ |
| Create/delete tag immutability rules | | | | | ✓ |
| Enable/disable tag immutability rules | | | | | ✓ |
| Create/delete tag immutability rules | | | | | ✓ |
| Enable/disable tag immutability rules | | | | | ✓ |
| See project quotas | ✓ | ✓ | ✓ | ✓ | ✓ |
| Edit project quotas * | | | | | |
| Edit project quotas * | | | | | |
&ast; Only the Harbor system administrator can edit project quotas and add new scanners.
----------
[Back to table of contents](../../index.md)

21
docs/1.10/administration/upgrade/upgrade_migrate_data.md → docs/administration/upgrade/_index.md
View File

@ -1,15 +1,16 @@
[Back to table of contents](../../index.md)
----------
# Upgrade Harbor and Migrate Data
---
title: Upgrade Harbor and Migrate Data
weight: 45
---
This guide covers upgrade and migration to version 1.10.0. This guide only covers migration from v1.8.x and later to the current version. If you are upgrading from an earlier version, refer to the migration guide in the `release-1.8.0` branch to upgrade to v1.8.x first, then follow this guide to perform the migration to this version.
If you are upgrading a Harbor instance that you deployed with Helm, see [Upgrading Harbor Deployed with Helm](helm-upgrade.md).
When upgrading an existing Harbor instance to a newer version, you might need to migrate the data in your database and the settings in `harbor.cfg`.
Since the migration might alter the database schema and the settings of `harbor.cfg`, you should **always** back up your data before any migration.
**NOTES:**
## Notes
- Again, you must back up your data before any data migration.
- In version 1.9.0, some containers are started by `non-root`. This does not pose problems if you are upgrading an officially released version of Harbor, but if you have deployed a customized instance of Harbor, you might encounter permission issues.
@ -64,10 +65,6 @@ Since the migration might alter the database schema and the settings of `harbor.
1. In the `./harbor` directory, run the `./install.sh` script to install the new Harbor instance.
To install Harbor with components such as Notary, Clair, and chartmuseum, see [Run the Installer Script](../../install_config/run_installer_script.md) for more information.
To install Harbor with components such as Notary, Clair, and chartmuseum, see [Run the Installer Script](../../install-config/run-installer-script.md) for more information.
If you need to roll back to the previous version of Harbor, see [Roll Back from an Upgrade](roll_back_upgrade.md).
----------
[Back to table of contents](../../index.md)
If you need to roll back to the previous version of Harbor, see [Roll Back from an Upgrade](roll-back-upgrade.md).

30
docs/1.10/administration/upgrade/helm_upgrade.md → docs/administration/upgrade/helm-upgrade.md
View File

@ -1,8 +1,7 @@
[Back to table of contents](../../index.md)
----------
# Upgrading Harbor Deployed with Helm
---
title: Upgrading Harbor Deployed with Helm
weight: 40
---
This guide is used to upgrade Harbor deployed by chart since version 0.3.0.
@ -27,7 +26,7 @@ Configure the new chart to make sure that the configuration items have the same
> Note: if TLS is enabled and the certificate is generated by chart automatically, a new certificate will be generated and overwrite the old one during the upgrade, this may cause some issues if you have distributed the certificate. You can follow the below steps to configure the new chart to use the old certificate:
1) Get the secret name which certificate is stored in:
1. Get the secret name which certificate is stored in:
```bash
kubectl get secret
@ -35,24 +34,22 @@ Configure the new chart to make sure that the configuration items have the same
Find the secret whose name ends with `-harbor-ingress` (expose service via `Ingress`) or `-harbor-nginx`(expose service via `ClusterIP` or `NodePort`)
2) Export the secret as yaml file:
2. Export the secret as yaml file:
```bash
kubectl get secret <secret-name-from-step-1> -o yaml > secret.yaml
```
3. Rename the secret by setting `metadata.name` in `secret.yaml`
3) Rename the secret by setting `metadata.name` in `secret.yaml`
4) Create a new secret:
4. Create a new secret:
```bash
kubectl create -f secret.yaml
```
5) Configure the chart to use the new secret by setting `expose.tls.secretName` as the value you set in step **3**
5. Configure the chart to use the new secret by setting `expose.tls.secretName` as the value you set in step **3**
### 4. Upgrade
@ -62,13 +59,10 @@ Run upgrade command:
helm upgrade release-name --force .
```
> The `--force` is necessary if upgrade from version 0.3.0 due to issue [#30](https://github.com/goharbor/harbor-helm/issues/30).
{{< note >}}
The `--force` is necessary if upgrade from version 0.3.0 due to issue [#30](https://github.com/goharbor/harbor-helm/issues/30).
{{< /note >}}
## Known issues
- The job logs will be lost if you upgrade from version 0.3.0 as the logs are store in a `emptyDir` in 0.3.0.
----------
[Back to table of contents](../../index.md)

Some files were not shown because too many files have changed in this diff Show More