Upstream
/
harbor
mirror of https://github.com/goharbor/harbor.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fleshing out working with projects

This commit is contained in:
Stuart Clements 2019-11-01 14:15:48 +01:00
parent d9a8fa1275
commit 56c119b17a
10 changed files with 116 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/harbor-doc-reorg/_index.md
View File

@ -54,8 +54,11 @@ This section describes how to use and maintain Harbor after deployment. These da
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects.
- [Configure a Per-Project CVE Whitelist](working_with_projects/configure_project_whitelist.md)
- [](working_with_projects/)
- [Working with Projects](working_with_projects/)
- [Create a Project](working_with_projects/create_projects.md)
- [Assign Users to a Project](working_with_projects/add_users.md)
- [Configure a Per-Project CVE Whitelist](working_with_projects/configure_project_whitelist.md)
- [Access Project Logs](working_with_projects/access_project_logs.md)
- [](working_with_projects/)
- [](working_with_projects/)
- [](working_with_projects/)

4
docs/harbor-doc-reorg/install_config/installation/_index.md
View File

@ -1,6 +1,6 @@
# Installing Harbor
This guide describes how to install and configure Harbor for the first time.
This guide describes how to install for the first time.
If you are upgrading from a previous version of Harbor, you might need to update the configuration file and migrate your data to fit the database schema of the later version. For information about upgrading, see the [Upgrading Harbor](../../administration/upgrade/_index.md).
@ -16,7 +16,7 @@ The standard Harbor installation process involves the following stages:
1. [Configure the Harbor YML File](configure_yml_file.md)
1. [Run the Installer Script](run_installer_script.md)
IF installation fails, see [Troubleshooting Harbor Installation
If installation fails, see [Troubleshooting Harbor Installation
](troubleshoot_installation.md).
## Harbor Components

8
docs/harbor-doc-reorg/install_config/installation/configure_https.md
View File

@ -1,11 +1,11 @@
# Configuring Harbor with HTTPS Access
# Configure HTTPS Access to Harbor
In versions up to and including 1.9.x, by default Harbor uses HTTP to serve registry requests. However, using HTTP is acceptable only in air-gapped test or development environments that do not have a connection to the external internet. Using HTTP in environments that are not air-gapped exposes you to man-in-the-middle attacks. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS.
By default, Harbor does not ship with certificates. It is possible to deploy Harbor without security, so that you can connect to it over HTTP. However, using HTTP is acceptable only in air-gapped test or development environments that do not have a connection to the external internet. Using HTTP in environments that are not air-gapped exposes you to man-in-the-middle attacks. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS.
To configure HTTPS, you must create SSL certificates. You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. This section describes how to use OpenSSL to create a CA, and how to use your CA to sign a server certificate and a client certificate.
Harbor uses an `nginx` instance as a reverse proxy for all services. You use the `prepare` script to configure `nginx` to enable HTTPS.
You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. The following sections describe how to create a CA, and how to use your CA to sign a server certificate and a client certificate.
## Getting Certificate Authority
```

11
docs/harbor-doc-reorg/install_config/installation/demo_server.md
View File

@ -21,9 +21,10 @@ If you encounter any problems while using the demo server, open an [issue on Git
1. Click **Sign up for an account**.
1. Create a user account by providing a username, your email address, your name, and a password.
1. Log in to the Harbor interface using the account you created.
1. Explore the default project, `library` and create your own project.
1. Explore the default project, `library`.
1. Click **New Project** to create your own project.
For information about how to create a project, see [Managing Projects](../../working_with_projects/managing_projects.md).
For information about how to create a project, see [Create a Project](../../working_with_projects/create_projects.md).
1. Open a Docker client and log in to Harbor with the credentials that you created above.
```
@ -37,15 +38,15 @@ If you encounter any problems while using the demo server, open an [issue on Git
1. Build an image from this Dockerfile and tag it.
```
docker build -t demo.goharbor.io/your-project/your-image .
docker build -t demo.goharbor.io/your-project/test-image .
```
1. Push the image to your project in Harbor.
```
docker push demo.goharbor.io/your-project/your-image
docker push demo.goharbor.io/your-project/test-image
```
1. In the Harbor interface, go to **Projects** > *your_project* > **Repositories** to view the image repository that you pushed to your Harbor project.
## What to Do Next ##
Verify that your target host meets the [Harbor Installation Prerequisites](installation_prereqs.md).
If you decide to install Harbor, verify that your target host meets the [Harbor Installation Prerequisites](installation_prereqs.md).

12
docs/harbor-doc-reorg/install_config/installation/installation_prereqs.md
View File

@ -1,6 +1,6 @@
# Harbor Installation Prerequisites
Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Docker, and Docker Compose to be installed.
Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Docker and Docker Compose to be installed.
## Hardware
@ -18,9 +18,9 @@ The following table lists the software versions that must be installed on the ta
|Software|Version|Description|
|---|---|---|
|Docker engine|version 17.06.0-ce+ or higher|For installation instructions, see [docker engine doc](https://docs.docker.com/engine/installation/)|
|Docker Compose|version 1.18.0 or higher|For installation instructions, see [docker compose doc](https://docs.docker.com/compose/install/)|
|Openssl|latest is preferred|Used to generate certificate and keys for Harbor|
|Docker Engine|17.06.0-ce+ or higher|For installation instructions, see the [Docker Engine doc](https://docs.docker.com/engine/installation/)|
|Docker Compose|1.18.0 or higher|For installation instructions, see [Docker Compose doc](https://docs.docker.com/compose/install/)|
|OpenSSL|Latest is preferred|Used to generate the Harbor certificate and keys|
## Network ports
@ -28,9 +28,9 @@ Harbor requires that the following ports be open on the target host.
|Port|Protocol|Description|
|---|---|---|
|443|HTTPS|Harbor portal and core API accept HTTPS requests on this port. You can change this port in the configuration file.|
|443|HTTPS|Harbor interface and core API accept HTTPS requests on this port. You can change this port in the configuration file.|
|4443|HTTPS|Connections to the Docker Content Trust service for Harbor. Only required if Notary is enabled. You can change this port in the configuration file.|
|80|HTTP|Harbor portal and core API accept HTTP requests on this port. You can change this port in the configuration file.|
|80|HTTP|Harbor interface and core API accept HTTP requests on this port. You can change this port in the configuration file.|
## What to Do Next ##

12
docs/harbor-doc-reorg/working_with_projects/_index.md
View File

@ -1,9 +1,11 @@
# Working with Harbor Projects
# Working with Projects
Placeholder text.
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects. The Harbor administrator can also perform all of these tasks.
A project in Harbor contains all repositories of an application. Images cannot be pushed to Harbor before a project is created. Role-Based Access Control (RBAC) is applied to projects, so that only users with the appropriate roles can perform certain operations.
1. Item
1. Item
1. Item
There are two types of project in Harbor:
* **Public**: Any user can pull images from this project. This is a convenient way for you to share repositories with others.
* **Private**: Only users who are members of the project can pull images

27
docs/harbor-doc-reorg/working_with_projects/access_project_logs.md Normal file
View File

@ -0,0 +1,27 @@
# Access and Search Project Logs
Harbor keeps a log of all of the operations that users perform in a project. You can apply filters to help you to search the logs.
## Prerequisites
Log in to Harbor with a Harbor administrator, project administrator, master, developer, or guest account.
## Procedure
1. Select **Projects**, select your project, and select the **Logs** tab.
In the **Logs** view you can see system logs for all of the events that have occurred in the project.
1. To see a reduced list of operations, enter text in the search box.
For example, enter the name of a repository or a user to see events that apply to that repository or user.
1. If your project has a lot of events, click **Advanced** to refine your search.
- To search by operation type, click **Operations** and select or deselect **Pull**, **Push**, **Create**, **Delete**, or **Others**.
- To search for events within a certain time period, click the calendar icons and set dates to search between.
![Search logs](../img/new_project_log.png)
## What to Do Next
TBD

28
docs/harbor-doc-reorg/working_with_projects/add_users.md Normal file
View File

@ -0,0 +1,28 @@
# Assign Users to a Project
As a project administrator, you can add any user that is present in the Harbor system to a project, and assign them a role in that project.
For more information about users and roles in Harbor, see [User Permissions By Role](..administration/managing_users/user_permissions_by_role.md).
## Prerequisites
Log in to Harbor with a Harbor administrator or project administrator account.
## Procedure
1. Select **Projects**, and select the project to which you want to add users.
1. Click the **Members** tab and click **+ User** to add a new user to that project.
1. In the New Member window, configure the user and their level of access.
1. In the **Name** text box, start typing the name of the user and select it from the list.
1. For **Role**, select the appropriate role for that user and click **OK**.
![browse project](../img/new_add_member.png)
1. (Optional) To change the role of a user that is already assigned to the project, select the check box next to a user and select a new role from the **Action** menu.
![Update user role](../img/new_remove_update_member.png)
## What to Do Next
TBD

31
docs/harbor-doc-reorg/working_with_projects/create_projects.md Normal file
View File

@ -0,0 +1,31 @@
# Create a Project
In Harbor, you create different projects to which you assign users so that they can push and pull image repositories. You also configure project-specific settings. When you first deploy Harbor, a default public project named `library` is created.
## Prerequisites
Log in to Harbor with a Harbor administrator or project administrator account.
## Procedure
1. Go to **Projects** and click **New Project**.
1. Provide a name for the project.
1. (Optional) Check the **Public** check box to make the project public.
If you set the project to **Public**, any user can pull images from this project. If you leave the project set to **Private**, only users who are members of the project can pull images. You can toggle projects from public to private, or the reverse, at any moment after you create the project.
![create project](../img/new_create_project.png)
5. Click **OK**.
After the project is created, you can browse repositories, members, logs, replication and configuration using the navigation tab.
![browse project](../img/new_browse_project.png)
There are two views to show repositories, list view and card view, you can switch between them by clicking the corresponding icon.
![browse repositories](../img/browse_project_repositories.png)
## What to Do Next
[Assign Users to a Project](add_users.md)

27
docs/harbor-doc-reorg/working_with_projects/managing_projects.md
View File

@ -1,26 +1,8 @@
# Managing projects
A project in Harbor contains all repositories of an application. No images can be pushed to Harbor before the project is created. RBAC is applied to a project. There are two types of projects in Harbor:
* **Public**: All users have the read privilege to a public project, it's convenient for you to share some repositories with others in this way.
* **Private**: A private project can only be accessed by users with proper privileges.
You can create a project after you signed in. Check on the "Access Level" checkbox will make this project public.
![create project](../img/new_create_project.png)
After the project is created, you can browse repositories, members, logs, replication and configuration using the navigation tab.
![browse project](../img/new_browse_project.png)
There are two views to show repositories, list view and card view, you can switch between them by clicking the corresponding icon.
![browse repositories](../img/browse_project_repositories.png)
All logs can be listed by clicking "Logs". You can apply a filter by username, or operations and dates under "Advanced Search".
![browse project](../img/log_search_advanced.png)
![browse project](../img/new_project_log.png)
Project properties can be changed by clicking "Configuration".
@ -34,16 +16,7 @@ Project properties can be changed by clicking "Configuration".
![browse project](../img/project_configuration.png)
## Managing members of a project
### Adding members
You can add members with different roles to an existing project. You can add a LDAP/AD user to project members under LDAP/AD authentication mode.
![browse project](../img/new_add_member.png)
### Updating and removing members
You can check one or more members, then click `ACTION`, choose one role to batch switch checked members' roles or remove them from the project.
![browse project](../img/new_remove_update_member.png)
## Searching projects and repositories
Entering a keyword in the search field at the top lists all matching projects and repositories. The search result includes both public and private repositories you have access to.