From 6a037242235251fa2ee807baa0ede35587fe3cc5 Mon Sep 17 00:00:00 2001 From: Stuart Clements Date: Tue, 17 Dec 2019 12:42:52 +0100 Subject: [PATCH] All content now migrated into new structure --- .../upgrade/roll_back_upgrade.md | 4 +- .../upgrade/upgrade_migrate_data.md | 11 +++- .../registry_landscape.md | 42 ++++++++++----- .../ui_contribution_get_started.md | 12 ++--- .../build_customize_contribute/use_make.md | 6 +-- .../installation/harbor_compatibility_list.md | 51 +++++++++++++++++++ 6 files changed, 96 insertions(+), 30 deletions(-) create mode 100644 docs/harbor-doc-reorg/install_config/installation/harbor_compatibility_list.md diff --git a/docs/harbor-doc-reorg/administration/upgrade/roll_back_upgrade.md b/docs/harbor-doc-reorg/administration/upgrade/roll_back_upgrade.md index e9bac1a86..90a8c33e7 100644 --- a/docs/harbor-doc-reorg/administration/upgrade/roll_back_upgrade.md +++ b/docs/harbor-doc-reorg/administration/upgrade/roll_back_upgrade.md @@ -1,4 +1,4 @@ -# Roll Back an Upgrade +# Roll Back from an Upgrade If, for any reason, you want to roll back to the previous version of Harbor, perform the following steps: @@ -31,4 +31,4 @@ If, for any reason, you want to roll back to the previous version of Harbor, per ./install.sh ``` -**NOTE**: While you can roll back an upgrade to the state before you started the upgrade, Harbor does not support downgrades. +**NOTE**: While you can roll back an upgrade to the state before you started the upgrade, Harbor does not support downgrades. \ No newline at end of file diff --git a/docs/harbor-doc-reorg/administration/upgrade/upgrade_migrate_data.md b/docs/harbor-doc-reorg/administration/upgrade/upgrade_migrate_data.md index 1b0868080..3103659cc 100644 --- a/docs/harbor-doc-reorg/administration/upgrade/upgrade_migrate_data.md +++ b/docs/harbor-doc-reorg/administration/upgrade/upgrade_migrate_data.md @@ -14,7 +14,7 @@ Since the migration might alter the database schema and the settings of `harbor. - With the introduction of storage and artifact quotas in version 1.9.0, migration from 1.7.x and 1.8.x might take a few minutes. This is because the `core` walks through all blobs in the registry and populates the database with information about the layers and artifacts in projects. - With the introduction of storage and artifact quotas in version 1.9.0, replication between version 1.9.0 and a previous version of Harbor does not work. You must upgrade all Harbor nodes to 1.9.0 if you have configured replication between them. -## Procedure +## Upgrading Harbor and Migrating Data 1. Log in to the host that Harbor runs on, stop and remove existing Harbor instance if it is still running: @@ -38,12 +38,19 @@ Since the migration might alter the database schema and the settings of `harbor. 3. Get the latest Harbor release package from Github: [https://github.com/goharbor/harbor/releases](https://github.com/goharbor/harbor/releases) -4. Before upgrading Harbor, perform a migration first. The migration tool is delivered as a docker image, so you should pull the image from docker hub. Replace [tag] with the release version of Harbor (for example, v1.9.0) in the command below: +4. Before upgrading Harbor, perform migration first. The migration tool is delivered as a docker image. + You can pull the image from docker hub. Replace [tag] with the release version of Harbor (e.g. v1.5.0) in the below command: ```sh docker pull goharbor/harbor-migrator:[tag] ``` + Alternatively, if you are using an offline installer package you can load it from the image tarball included in the offline installer package. Replace [version] with the release version of Harbor (e.g. v1.5.0) in the below command: + ```sh + tar zxf + docker image load -i harbor/harbor.[version].tar.gz + ``` + 5. If you are current version is v1.7.x or earlier, i.e. migrate config file from `harbor.cfg` to `harbor.yml`. **NOTE:** You can find the ${harbor_yml} in the extracted installer you got in step `3`, after the migration the file `harbor.yml` diff --git a/docs/harbor-doc-reorg/build_customize_contribute/registry_landscape.md b/docs/harbor-doc-reorg/build_customize_contribute/registry_landscape.md index 27a26c5ae..b9b66d2e6 100644 --- a/docs/harbor-doc-reorg/build_customize_contribute/registry_landscape.md +++ b/docs/harbor-doc-reorg/build_customize_contribute/registry_landscape.md @@ -1,18 +1,32 @@ # Registry Landscape -The cloud native ecosystem is moving rapidly–registries and their featuresets are no exception. We've made our best effort to survey the container registry landscape and compare to our core featureset. +The cloud native ecosystem is moving rapidly–registries and their feature sets are no exception. We've made our best effort to survey the container registry landscape and compare to our core feature set. If you find something outdated or outright erroneous, please submit a PR and we'll fix it right away. -| Feature | Harbor | Docker Trusted Registry | Quay | Cloud Providers (GCP, AWS, Azure) | Docker Distribution | Artifactory | -| -------------: | :----: | :---------------------: | :--: | :-------------------------------: | :-----------------: | :---------: | -| Local Auth | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | -| LDAP-based Auth | ✓ | ✓ | ✓ | partial | ✗ | ✓ | -| Content Trust and Validation | ✓ | ✓ | ✗ | ✗ | partial | partial | -| Vulnerability Scanning & Monitoring | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ | -| Replication | ✓ | ✓ | ✓ | n/a | ✗ | ✓ | -| Multi-Tenancy (projects, teams, etc.) | ✓ | ✓ | ✓ | partial | ✗ | ✓ | -| Role-Based Access Control | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | -| Custom TLS Certificates | ✓ | ✓ | ✓ | ✗ | ✓ | ✓ | -| Ability to Determine Version of Binaries in Containers | ✓ | ✓ | ✓ | ✗ | ✗ | ? | -| Upstream Registry Proxy Cache | ✗ | ✓ | ✗ | ✗ | ✓ | ✓ | -| Audit Logs | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | +Table updated on 10/21/2019 against Harbor 1.9. + +| Feature | Harbor | Docker Trusted Registry | Quay | Cloud Providers (GCP, AWS, Azure) | Docker Distribution | Artifactory | GitLab | +| -------------: | :----: | :---------------------: | :-----: | :-------------------------------: | :-----------------: | :---------: | :------: | +| Ability to Determine Version of Binaries in Containers | ✓ | ✓ | ✓ | ✗ | ✗ | ? | ? | +| Artifact Repository (rpms, git, jar, etc) | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ | partial | +| Audit Logs | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | ✓ | +| Content Trust and Validation | ✓ | ✓ | ✗ | ✗ | partial | partial | ✗ | +| Custom TLS Certificates | ✓ | ✓ | ✓ | ✗ | ✓ | ✓ | ✓ | +| Helm Chart Repository Manager | ✓ | ✗ | partial | ✗ | ✗ | ✓ | ✗ | +| LDAP-based Auth | ✓ | ✓ | ✓ | partial | ✗ | ✓ | ✓ | +| Local Auth | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | ✓ | +| Multi-Tenancy (projects, teams, namespaces, etc) | ✓ | ✓ | ✓ | partial | ✗ | ✓ | ✓ | +| Open Source | ✓ | partial | ✗ | ✗ | ✓ | partial | partial | +| Project Quotas (by image count & storage consumption) | ✓ | ✗ | ✗ | partial | ✗ | ✗ | ✗ | +| Replication between instances | ✓ | ✓ | ✓ | n/a | ✗ | ✓ | ✗ | +| Replication between non-instances | ✓ | ✗ | ✓ | n/a | ✗ | ✗ | ✗ | +| Robot Accounts for Helm Charts | ✓ | ✗ | ✗ | ? | ✗ | ✗ | ✗ | +| Robot Accounts for Images | ✓ | ? | ✓ | ? | ✗ | ? | ? | +| Role-Based Access Control | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | ✗ | +| Single Sign On (OIDC) | ✓ | ✓ | ✓ | ✓ | ✗ | partial | ✗ | +| Tag Retention Policy | ✓ | ✗ | partial | ✗ | ✗ | ✗ | ✗ | +| Upstream Registry Proxy Cache | ✗ | ✓ | ✗ | ✗ | ✓ | ✓ | ✗ | +| Vulnerability Scanning & Monitoring | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ | partial | +| Vulnerability Scanning Plugin Framework | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | +| Vulnerability Whitelisting | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | +| Webhooks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | diff --git a/docs/harbor-doc-reorg/build_customize_contribute/ui_contribution_get_started.md b/docs/harbor-doc-reorg/build_customize_contribute/ui_contribution_get_started.md index accbebc29..568508d72 100644 --- a/docs/harbor-doc-reorg/build_customize_contribute/ui_contribution_get_started.md +++ b/docs/harbor-doc-reorg/build_customize_contribute/ui_contribution_get_started.md @@ -1,4 +1,4 @@ -# Developing the Harbor Frontend +# Harbor frontend environment get started guide If you already have a harbor backend environment, you can build a frontend development environment with the following configuration. @@ -84,17 +84,11 @@ If you already have a harbor backend environment, you can build a frontend devel npm install ``` -3. Compile the frontend code by the following command. - - ``` - npm run build_all - ``` - -4. Execute the following command,serve Harbor locally. +3. Execute the following command,serve Harbor locally. ``` npm run start ``` -5. Then you can visit the Harbor by address: https://localhost:4200. +4. Then you can visit the Harbor by address: https://localhost:4200. diff --git a/docs/harbor-doc-reorg/build_customize_contribute/use_make.md b/docs/harbor-doc-reorg/build_customize_contribute/use_make.md index 7c60ee86d..ab249d941 100644 --- a/docs/harbor-doc-reorg/build_customize_contribute/use_make.md +++ b/docs/harbor-doc-reorg/build_customize_contribute/use_make.md @@ -1,4 +1,4 @@ -# Using Make +### Variables Variable | Description -------------------|------------- BASEIMAGE | Container base image, default: photon @@ -36,10 +36,10 @@ version | set harbor version #### EXAMPLE: #### Build and run harbor from source code. -make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage NOTARYFLAG=true +make install GOBUILDIMAGE=golang:1.13.4 COMPILETAG=compile_golangimage NOTARYFLAG=true ### Package offline installer -make package_offline GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage NOTARYFLAG=true +make package_offline GOBUILDIMAGE=golang:1.13.4 COMPILETAG=compile_golangimage NOTARYFLAG=true ### Start harbor with notary make -e NOTARYFLAG=true start diff --git a/docs/harbor-doc-reorg/install_config/installation/harbor_compatibility_list.md b/docs/harbor-doc-reorg/install_config/installation/harbor_compatibility_list.md new file mode 100644 index 000000000..739ce1c54 --- /dev/null +++ b/docs/harbor-doc-reorg/install_config/installation/harbor_compatibility_list.md @@ -0,0 +1,51 @@ +# Harbor Compatibility List + +This document provides compatibility information for all Harbor components. + +## Replication Adapters + +| | Registries | Pull Mode | Push Mode | Introduced in Release | Automated Pipeline Covered | +|-----|------------------|-----------|-----------|-----------------------|---------------------------| +| [Harbor](https://goharbor.io/)| ![Harbor](img/replication_adapters/harbor_logo.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.8 | Y | +| [distribution](https://github.com/docker/distribution) | ![distribution](img/replication_adapters/distribution.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.8 | Y | +| [docker hub](https://hub.docker.com/) | ![docker hub](img/replication_adapters/docker_hub.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.8 | Y | +| [Huawei SWR](https://www.huaweicloud.com/en-us/product/swr.html) | ![Huawei SWR](img/replication_adapters/hw.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.8 | N | +| [GCR](https://cloud.google.com/container-registry/) | ![GCR](img/replication_adapters/gcr.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.9 | Y | +| [ECR](https://aws.amazon.com/ecr/) | ![ECR](img/replication_adapters/ecr.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.9 | Y | +| [ACR](https://azure.microsoft.com/en-us/services/container-registry/) | ![ACR](img/replication_adapters/acr.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.9 | N | +| [AliCR](https://www.alibabacloud.com/product/container-registry) | ![AliCR](img/replication_adapters/ali-cr.png)|![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| V1.9 | N | +| [Helm Hub](https://hub.helm.sh/) | ![Helm Hub](img/replication_adapters/helm-hub.png)|![Y](img/replication_adapters/right.png)| N/A | V1.9 | N | +| [Artifactory](https://jfrog.com/artifactory/) | ![Artifactory](img/replication_adapters/artifactory.png)|![Y](img/replication_adapters/right.png)| ![Y](img/replication_adapters/right.png) | V1.10 | N | +| [Quay](https://github.com/quay/quay) | ![Quay](img/replication_adapters/quay.png)|![Y](img/replication_adapters/right.png)| ![Y](img/replication_adapters/right.png) | V1.10 | N | +| [GitLab Registry](https://docs.gitlab.com/ee/user/packages/container_registry/) | ![GitLab Registry](img/replication_adapters/gitlab.png)|![Y](img/replication_adapters/right.png)| ![Y](img/replication_adapters/right.png) | V1.10 | N | + +**Notes**: + +* `Pull` mode replicates artifacts from the specified source registries into Harbor. +* `Push` mode replicates artifacts from Harbor to the specified target registries. + +## OIDC Adapters + +| | OIDC Providers | Officially Verified | End User Verified | Verified in Release | +|---|-----------------|---------------------|---------------------|-----------------------| +| [Google Identity](https://developers.google.com/identity/protocols/OpenIDConnect) | ![google identity](img/OIDC/google_identity.png)| ![Y](img/replication_adapters/right.png) | |V1.9| +| [Dex](https://github.com/dexidp/dex) | ![dex](img/OIDC/dex.png) | ![Y](img/replication_adapters/right.png)| | V1.9 | +| [Ping Identity](https://www.pingidentity.com) | ![ping identity](img/OIDC/ping.png) | | ![Y](img/replication_adapters/right.png)| V1.9 | +| [Keycloak](https://www.keycloak.org/) | ![Keycloak](img/OIDC/keycloak.png) | ![Y](img/replication_adapters/right.png) | | V1.10 | +| [Auth0](https://auth0.com/) | ![Auth0](img/OIDC/auth0.png) | ![Y](img/replication_adapters/right.png) | | V1.10 | + +## Scanner Adapters + +| | Scanners | Providers | Evaluated | As Default | Onboard in Release | +|---|----------|-----------|-----------|------------|--------------------| +| [Clair](https://github.com/goharbor/harbor-scanner-clair) |![Clair](img/scanners/clair.png)| CentOS |![Y](img/replication_adapters/right.png)|![Y](img/replication_adapters/right.png)| v1.10 | +| [Anchore](https://github.com/anchore/harbor-scanner-adapter) |![Anchore](img/scanners/anchore.png) | Anchore |![Y](img/replication_adapters/right.png)| N | v1.10 | +| [Trivy](https://github.com/aquasecurity/harbor-scanner-trivy)|![Trivy](img/scanners/trivy.png)| Aqua |![Y](img/replication_adapters/right.png)| N | v1.10 | +| [CSP](https://github.com/aquasecurity/harbor-scanner-aqua) |![Aqua](img/scanners/aqua.png)| Aqua | N | N | v1.10 | +| [DoSec](https://github.com/dosec-cn/harbor-scanner/blob/master/README_en.md)|![DoSec](img/scanners/dosec.png) | DoSec | N | N | v1.10 | + +**Notes:** + +* `Evaluated` means that the scanner implementation has been officially tested and verified. +* `As Default` means that the scanner is provided as a default option and can be deployed together with the main Harbor components by providing extra options during installation. You must install other scanners manually. +