Merge pull request #10572 from lucperkins/lperkins/docs-restructure
Restructure docs directory to be Hugo-able
@ -1,3 +0,0 @@
|
||||
# Harbor Documentation
|
||||
|
||||
You access the Harbor documentation from the [Table of Contents](index.md).
|
3
docs/1.10/_index.md
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
title: Harbor Documentation
|
||||
---
|
@ -1,18 +1,16 @@
|
||||
# Harbor Administration
|
||||
---
|
||||
title: Harbor Administration
|
||||
---
|
||||
|
||||
This section describes how to configure and maintain Harbor after deployment. These operations are performed by the Harbor system administrator. The Harbor system administrator performs global configuration operations that apply to the whole Harbor instance.
|
||||
|
||||
The operations that are performed by the Harbor system administrator are the following.
|
||||
|
||||
- Select database, LDAP/Active Directory, or OIDC based authentication. For information, see [Configuring Authentication](configure_authentication/configure_authentication.md).
|
||||
- Add users in database authentication mode and assign the system administrator role to other users. For information, see [Role Based Access Control](managing_users/rbac.md).
|
||||
- Configure global settings, such as configuring an email server, setting the registry to read-only mode, and restriction who can create projects. For information, see [Configure Global Settings](general_settings.md).
|
||||
- Apply resource quotas to projects. For information, see [Configure Project Quotas](configure_project_quotas.md).
|
||||
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](configuring_replication/configuring_replication.md).
|
||||
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](vulnerability_scanning/vulnerability_scanning.md).
|
||||
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](garbage_collection.md).
|
||||
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade_migrate_data.md).
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
||||
- Select database, LDAP/Active Directory, or OIDC based authentication. For information, see [Configuring Authentication](configure-authentication).
|
||||
- Add users in database authentication mode and assign the system administrator role to other users. For information, see [Role Based Access Control](managing-users/rbac.md).
|
||||
- Configure global settings, such as configuring an email server, setting the registry to read-only mode, and restriction who can create projects. For information, see [Configure Global Settings](../general-settings.md).
|
||||
- Apply resource quotas to projects. For information, see [Configure Project Quotas](../configure-project-quotas.md).
|
||||
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](configuring-replication).
|
||||
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](vulnerability-scanning).
|
||||
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](../garbage-collection.md).
|
||||
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade-migrate-data.md).
|
@ -1,16 +1,15 @@
|
||||
# Configuring Authentication
|
||||
---
|
||||
title: Configuring Authentication
|
||||
---
|
||||
|
||||
Harbor supports different modes for authenticating users and managing user accounts. You should select an authentication mode as soon as you deploy Harbor.
|
||||
Harbor supports different modes for authenticating users and managing user accounts. You should select an authentication mode as soon as you deploy Harbor.
|
||||
|
||||
**IMPORTANT**: If you create user accounts in the Harbor database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
|
||||
{{< important >}}
|
||||
If you create user accounts in the Harbor database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
|
||||
{{< /important >}}
|
||||
|
||||
- [Database Authentication](db_auth.md): You create and manage user accounts directly in Harbor. The user accounts are stored in the Harbor database.
|
||||
- [LDAP/Active Directory Authentication](ldap_auth.md): You connect Harbor to an external LDAP/Active Directory server. The user accounts are created and managed by your LDAP/AD provider.
|
||||
- [OIDC Provider Authentication](oidc_auth.md): You connect Harbor to an external OIDC provider. The user accounts are created and managed by your ODIC provider.
|
||||
- [Database Authentication](db-auth.md): You create and manage user accounts directly in Harbor. The user accounts are stored in the Harbor database.
|
||||
- [LDAP/Active Directory Authentication](ldap-auth.md): You connect Harbor to an external LDAP/Active Directory server. The user accounts are created and managed by your LDAP/AD provider.
|
||||
- [OIDC Provider Authentication](oidc-auth.md): You connect Harbor to an external OIDC provider. The user accounts are created and managed by your ODIC provider.
|
||||
|
||||
The Harbor interface offers an option to configure UAA authentication. This authentication mode is not recommended and is not documented in this guide.
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,31 +1,27 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Configure Database Authentication
|
||||
---
|
||||
title: Configure Database Authentication
|
||||
---
|
||||
|
||||
In database authentication mode, user accounts are stored in the local database. By default, only the Harbor system administrator can create user accounts to add users to Harbor. You can optionally configure Harbor to allow self-registration.
|
||||
|
||||
**IMPORTANT**: If you create users in the database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
|
||||
{{< important >}}
|
||||
If you create users in the database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
|
||||
{{< /important >}}
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
|
||||
1. Leave **Auth Mode** set to the default **Database** option.
|
||||
|
||||
![Database authentication](../../img/db_auth.png)
|
||||
![Database authentication](../../../img/db-auth.png)
|
||||
|
||||
1. Optionally select the **Allow Self-Registration** check box.
|
||||
|
||||
![Enable self-registration](../../img/new_self_reg.png)
|
||||
![Enable self-registration](../../../img/new-self-reg.png)
|
||||
|
||||
If you enable the self registration option, users can register themselves in Harbor. Self-registration is disabled by default. If you enable self-registration, unregistered users can sign up for a Harbor account by clicking **Sign up for an account** in the Harbor log in page.
|
||||
|
||||
![Enable self-registration](../../img/self-registration-login.png)
|
||||
![Enable self-registration](../../../img/self-registration-login.png)
|
||||
|
||||
## What to Do Next
|
||||
|
||||
For information about how to create users in database authentication mode, see [Create User Accounts in Database Mode](../managing_users/create_users_db.md).
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
For information about how to create users in database authentication mode, see [Create User Accounts in Database Mode](../managing-users/create-users-db.md).
|
@ -1,22 +1,22 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Configure LDAP/Active Directory Authentication
|
||||
---
|
||||
title: Configure LDAP/Active Directory Authentication
|
||||
---
|
||||
|
||||
If you select LDAP/AD authentication, users whose credentials are stored in an external LDAP or AD server can log in to Harbor directly. In this case, you do not create user accounts in Harbor.
|
||||
|
||||
**IMPORTANT**: You can change the authentication mode from database to LDAP only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
|
||||
{{< important >}}
|
||||
You can change the authentication mode from database to LDAP only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
|
||||
{{< /important >}}
|
||||
|
||||
Because the users are managed by LDAP or AD, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in LDAP/AD authentication mode.
|
||||
|
||||
If you want to manage user authentication by using LDAP groups, you must enable the `memberof` feature on the LDAP/AD server. With the `memberof` feature, the LDAP/AD user entity's `memberof` attribute is updated when the group entity's `member` attribute is updated, for example by adding or removing an LDAP/AD user from the LDAP/AD group. This feature is enabled by default in Active Directory. For information about how to enable and verify `memberof` overlay in OpenLDAP, see [this technical note]( https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay/).
|
||||
If you want to manage user authentication by using LDAP groups, you must enable the `memberof` feature on the LDAP/AD server. With the `memberof` feature, the LDAP/AD user entity's `memberof` attribute is updated when the group entity's `member` attribute is updated, for example by adding or removing an LDAP/AD user from the LDAP/AD group. This feature is enabled by default in Active Directory. For information about how to enable and verify `memberof` overlay in OpenLDAP, see [this technical note](https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay).
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
|
||||
1. Use the **Auth Mode** drop-down menu to select **LDAP**.
|
||||
|
||||
![LDAP authentication](../../img/select_ldap_auth.png)
|
||||
![LDAP authentication](../../../img/select-ldap-auth.png)
|
||||
1. Enter the address of your LDAP server, for example `ldaps://10.162.16.194`.
|
||||
1. Enter information about your LDAP server.
|
||||
|
||||
@ -26,7 +26,7 @@ If you want to manage user authentication by using LDAP groups, you must enable
|
||||
- **LDAP UID**: An attribute, for example `uid`, or `cn`, that is used to match a user with the username. If a match is found, the user's password is verified by a bind request to the LDAP/AD server.
|
||||
- **LDAP Scope**: The scope to search for LDAP/AD users. Select from **Subtree**, **Base**, and **OneLevel**.
|
||||
|
||||
![Basic LDAP configuration](../../img/ldap_auth.png)
|
||||
![Basic LDAP configuration](../../../img/ldap-auth.png)
|
||||
1. If you want to manage user authentication with LDAP groups, configure the group settings.
|
||||
- **LDAP Group Base DN**: The base DN from which to lookup a group in LDAP/AD. For example, `ou=groups,dc=example,dc=com`.
|
||||
- **LDAP Group Filter**: The filter to search for LDAP/AD groups. For example, `objectclass=groupOfNames`.
|
||||
@ -35,13 +35,9 @@ If you want to manage user authentication by using LDAP groups, you must enable
|
||||
- **LDAP Group Membership**: The user attribute usd to identify a user as a member of a group. By default this is `memberof`.
|
||||
- **LDAP Scope**: The scope to search for LDAP/AD groups. Select from **Subtree**, **Base**, and **OneLevel**.
|
||||
|
||||
![LDAP group configuration](../../img/ldap_groups.png)
|
||||
![LDAP group configuration](../../../img/ldap-groups.png)
|
||||
1. Uncheck **LDAP Verify Cert** if the LDAP/AD server uses a self-signed or untrusted certificate.
|
||||
|
||||
![LDAP certificate verification](../../img/ldap_cert_test.png)
|
||||
![LDAP certificate verification](../../../img/ldap-cert-test.png)
|
||||
1. Click **Test LDAP Server** to make sure that your configuration is correct.
|
||||
1. Click **Save** to complete the configuration.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,14 +1,14 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Configure OIDC Provider Authentication
|
||||
---
|
||||
title: Configure OIDC Provider Authentication
|
||||
---
|
||||
|
||||
If you select OpenID Connect (OIDC) authentication, users log in to the Harbor interface via an OIDC single sign-on (SSO) provider, such as Okta, KeyCloak, or dex. In this case, you do not create user accounts in Harbor.
|
||||
|
||||
**IMPORTANT**: You can change the authentication mode from database to OIDC only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
|
||||
{{< important >}}
|
||||
You can change the authentication mode from database to OIDC only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
|
||||
{{< /important >}}
|
||||
|
||||
Because the users are managed by the OIDC provider, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in OIDC authentication mode.
|
||||
Because the users are managed by the OIDC provider, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in OIDC authentication mode.
|
||||
|
||||
### Configure Your OIDC Provider
|
||||
|
||||
@ -27,7 +27,7 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
|
||||
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
|
||||
1. Use the **Auth Mode** drop-down menu to select **OIDC**.
|
||||
|
||||
![LDAP authentication](../../img/select_oidc_auth.png)
|
||||
![LDAP authentication](../../../img/select-oidc-auth.png)
|
||||
1. Enter information about your OIDC provider.
|
||||
|
||||
- **OIDC Provider Name**: The name of the OIDC provider.
|
||||
@ -39,11 +39,11 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
|
||||
|
||||
The OIDC scope must contain `openid` and usually also contains `profile` and `email`. To obtain refresh tokens it should also contain `offline_access`. If you are using OIDC groups, a scope must identify the group claim. Check with your OIDC provider administrator for precise details of how to identify the group claim scope, as this differs from vendor to vendor.
|
||||
|
||||
![OIDC settings](../../img/oidc_auth_setting.png)
|
||||
![OIDC settings](../../../img/oidc-auth-setting.png)
|
||||
1. Uncheck **Verify Certificate** if the OIDC Provider uses a self-signed or untrusted certificate.
|
||||
1. Verify that the Redirect URI that you configured in your OIDC provider is the same as the one displayed at the bottom of the page.
|
||||
|
||||
![OIDC certificate verification, URI, and test ](../../img/oidc_cert_verification.png)
|
||||
![OIDC certificate verification, URI, and test ](../../../img/oidc-cert-verification.png)
|
||||
1. Click **Test OIDC Server** to make sure that your configuration is correct.
|
||||
1. Click **Save** to complete the configuration.
|
||||
|
||||
@ -51,7 +51,7 @@ Before configuring an OIDC provider in Harbor, make sure that your provider is c
|
||||
|
||||
When the Harbor system administrator has configured Harbor to authenticate via OIDC a **Login via OIDC Provider** button appears on the Harbor login page.
|
||||
|
||||
![oidc_login](../../img/oidc_login.png)
|
||||
![oidc_login](../../../img/oidc-login.png)
|
||||
|
||||
**NOTE:** When Harbor is configured authentication via OIDC, the **Username** and **Password** fields are reserved for the local Harbor system administrator to log in.
|
||||
|
||||
@ -60,7 +60,7 @@ When the Harbor system administrator has configured Harbor to authenticate via O
|
||||
This redirects you to the OIDC Provider for authentication.
|
||||
1. If this is the first time that you are logging in to Harbor with OIDC, specify a user name for Harbor to associate with your OIDC username.
|
||||
|
||||
![Specify Harbor username for OIDC](../../img/oidc_onboard_dlg.png)
|
||||
![Specify Harbor username for OIDC](../../../img/oidc-onboard-dlg.png)
|
||||
|
||||
This is the user name by which you are identified in Harbor, which is used when adding you to projects, assigning roles, and so on. If the username is already taken, you are prompted to choose another one.
|
||||
1. After the OIDC provider has authenticated you, you are redirected back to Harbor.
|
||||
@ -74,13 +74,13 @@ The Docker and Helm CLIs cannot handle redirection for OIDC, so Harbor provides
|
||||
1. Log in to Harbor with an OIDC user account.
|
||||
1. Click your username at the top of the screen and select **User Profile**.
|
||||
|
||||
![Access user profile](../../img/user_profile.png)
|
||||
![Access user profile](../../../img/user-profile.png)
|
||||
1. Click the clipboard icon to copy the CLI secret associated with your account.
|
||||
|
||||
![Copy CLI secret](../../img/profile_dlg.png)
|
||||
![Copy CLI secret](../../../img/profile-dlg.png)
|
||||
1. Optionally click the **...** icon in your user profile to display buttons for automatically generating or manually creating a new CLI secret.
|
||||
|
||||
![Copy CLI secret](../../img/generate_create_new_secret.png)
|
||||
![Copy CLI secret](../../../img/generate-create-new-secret.png)
|
||||
|
||||
A user can only have one CLI secret, so when a new secret is generated or create, the old one becomes invalid.
|
||||
1. If you generated a new CLI secret, click the clipboard icon to copy it.
|
||||
@ -88,11 +88,9 @@ The Docker and Helm CLIs cannot handle redirection for OIDC, so Harbor provides
|
||||
You can now use your CLI secret as the password when logging in to Harbor from the Docker or Helm CLI.
|
||||
|
||||
<pre>
|
||||
sh docker login -u testuser -p <i>cli_secret</i> jt-test.local.goharbor.io
|
||||
</pre>
|
||||
docker login -u testuser -p <i>cli_secret</i> jt-test.local.goharbor.io
|
||||
</pre>
|
||||
|
||||
**NOTE**: The CLI secret is associated with the OIDC ID token. Harbor will try to refresh the token, so the CLI secret will be valid after the ID token expires. However, if the OIDC Provider does not provide a refresh token or the refresh fails, the CLI secret becomes invalid. In this case, log out and log back in to Harbor via your OIDC provider so that Harbor can get a new ID token. The CLI secret will then work again.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
{{< note >}}
|
||||
The CLI secret is associated with the OIDC ID token. Harbor will try to refresh the token, so the CLI secret will be valid after the ID token expires. However, if the OIDC Provider does not provide a refresh token or the refresh fails, the CLI secret becomes invalid. In this case, log out and log back in to Harbor via your OIDC provider so that Harbor can get a new ID token. The CLI secret will then work again.
|
||||
{{< /note >}}
|
@ -1,30 +1,33 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Configure Project Quotas
|
||||
---
|
||||
title: Configure Project Quotas
|
||||
---
|
||||
|
||||
To exercise control over resource use, as a Harbor system administrator you can set quotas on projects. You can limit the number of tags that a project can contain and limit the amount of storage capacity that a project can consume. You can set default quotas that apply to all projects globally.
|
||||
|
||||
**NOTE**: Default quotas apply to projects that are created after you set or change the default quota. The default quota is not applied to projects that already existed before you set it.
|
||||
{{< note >}}
|
||||
Default quotas apply to projects that are created after you set or change the default quota. The default quota is not applied to projects that already existed before you set it.
|
||||
{{< /note >}}
|
||||
|
||||
You can also set quotas on individual projects. If you set a global default quota and you set different quotas on individual projects, the per-project quotas are applied.
|
||||
|
||||
By default, all projects have unlimited quotas for both tags and storage use.
|
||||
|
||||
1. Select the **Project Quotas** view.
|
||||
![Project quotas](../../img/project-quota1.png)
|
||||
|
||||
![Project quotas](../../img/project-quota1.png)
|
||||
1. To set global default quotas on all projects, click **Edit**.
|
||||
|
||||
![Project quotas](../../img/project-quota2.png)
|
||||
1. For **Default artifact count**, enter the maximum number of tags that any project can contain at a given time, or enter `-1` to set the default to unlimited.
|
||||
1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.
|
||||
![Project quotas](../../img/project-quota3.png)
|
||||
1. Click **OK**.
|
||||
![Project quotas](../../img/project-quota2.png)
|
||||
|
||||
1. For **Default artifact count**, enter the maximum number of tags that any project can contain at a given time, or enter `-1` to set the default to unlimited.
|
||||
1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.
|
||||
![Project quotas](../../img/project-quota3.png)
|
||||
|
||||
1. Click **OK**.
|
||||
1. To set quotas on an individual project, click the 3 vertical dots next to a project and select **Edit**.
|
||||
![Project quotas](../../img/project-quota4.png)
|
||||
1. For **Default artifact count**, enter the maximum number of tags that this individual project can contain, or enter `-1` to set the default to unlimited.
|
||||
1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
|
||||
![Project quotas](../../img/project-quota4.png)
|
||||
1. For **Default artifact count**, enter the maximum number of tags that this individual project can contain, or enter `-1` to set the default to unlimited.
|
||||
1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
|
||||
|
||||
After you set quotas, you can see how much of their quotas each project has consumed.
|
||||
|
||||
@ -37,7 +40,9 @@ When setting project quotas, it is useful to know how Harbor calculates tag numb
|
||||
- Harbor computes image size when blobs and manifests are pushed from the Docker client.
|
||||
- Harbor computes tag counts when manifests are pushed from the Docker client.
|
||||
|
||||
**NOTE**: When users push an image, the manifest is pushed last, after all of the associated blobs have been pushed successfully to the registry. If several images are pushed concurrently and if there is an insufficient number of tags left in the quota for all of them, images are accepted in the order that their manifests arrive. Consequently, an attempt to push an image might not be immediately rejected for exceeding the quota. This is because there was availability in the tag quota when the push was initiated, but by the time the manifest arrived the quota had been exhausted.
|
||||
{{< note >}}
|
||||
When users push an image, the manifest is pushed last, after all of the associated blobs have been pushed successfully to the registry. If several images are pushed concurrently and if there is an insufficient number of tags left in the quota for all of them, images are accepted in the order that their manifests arrive. Consequently, an attempt to push an image might not be immediately rejected for exceeding the quota. This is because there was availability in the tag quota when the push was initiated, but by the time the manifest arrived the quota had been exhausted.
|
||||
{{< /note >}}
|
||||
- Shared blobs are only computed once per project. In Docker, blob sharing is defined globally. In Harbor, blob sharing is defined at the project level. As a consequence, overall storage usage can be greater than the actual disk capacity.
|
||||
- Retagging images reserves and releases resources:
|
||||
- If you retag an image within a project, the tag count increases by one, but storage usage does not change because there are no new blobs or manifests.
|
||||
@ -45,7 +50,3 @@ When setting project quotas, it is useful to know how Harbor calculates tag numb
|
||||
- During garbage collection, Harbor frees the storage used by untagged blobs in the project.
|
||||
- If the tag count reaches the limit, image blobs can be pushed into a project and storage usage is updated accordingly. You can consider these blobs to be untagged blobs. They can be removed by garbage collection, and the storage that they consume is returned after garbage colletion.
|
||||
- Helm chart size is not calculated. Only tag counts are calculated.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
@ -1,4 +1,6 @@
|
||||
# Configuring Replication
|
||||
---
|
||||
title: Configuring Replication
|
||||
---
|
||||
|
||||
Replication allows users to replicate resources, namely images and charts, between Harbor and non-Harbor registries, in both pull or push mode.
|
||||
|
||||
@ -6,13 +8,10 @@ When the Harbor system administrator has set a replication rule, all resources t
|
||||
|
||||
There might be some delay during replication based on the condition of the network. If a replication task fails, it is re-scheduled for a few minutes later and retried several times.
|
||||
|
||||
**NOTE:** Due to API changes, replication between different versions of Harbor is not supported.
|
||||
{{< note >}}
|
||||
Due to API changes, replication between different versions of Harbor is not supported.
|
||||
{{< /note >}}
|
||||
|
||||
- [Create Replication Endpoints](create_replication_endpoints.md)
|
||||
- [Create Replication Rules](create_replication_rules.md)
|
||||
- [Running Replication Manually](manage_replications.md)
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
- [Create Replication Endpoints](create-replication-endpoints.md)
|
||||
- [Create Replication Rules](create-replication-rules.md)
|
||||
- [Running Replication Manually](manage-replications.md)
|
@ -1,14 +1,12 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Creating Replication Endpoints
|
||||
---
|
||||
title: Creating Replication Endpoints
|
||||
---
|
||||
|
||||
To replicate image repositories from one instance of Harbor to another Harbor or non-Harbor registry, you first create replication endpoints.
|
||||
|
||||
1. Go to **Registries** and click the **+ New Endpoint** button.
|
||||
|
||||
![New replication endpoint](../../img/replication-endpoint1.png)
|
||||
![New replication endpoint](../../../img/replication-endpoint1.png)
|
||||
1. For **Provider**, use the drop-down menu to select the type of registry to set up as a replication endpoint.
|
||||
|
||||
The endpoint can be another Harbor instance, or a non-Harbor registry. Currently, the following non-Harbor registries are supported:
|
||||
@ -25,7 +23,7 @@ To replicate image repositories from one instance of Harbor to another Harbor or
|
||||
- Quay.io
|
||||
- Jfrog Artifactory
|
||||
|
||||
![Replication providers](../../img/replication-endpoint2.png)
|
||||
![Replication providers](../../../img/replication-endpoint2.png)
|
||||
|
||||
1. Enter a suitable name and description for the new replication endpoint.
|
||||
1. Enter the full URL of the registry to set up as a replication endpoint.
|
||||
@ -33,24 +31,20 @@ To replicate image repositories from one instance of Harbor to another Harbor or
|
||||
For example, to replicate to another Harbor instance, enter https://harbor_instance_address:443. The registry must exist and be running before you create the endpoint.
|
||||
1. Enter the Access ID and Access Secret for the endpoint registry instance.
|
||||
|
||||
Use an account that has the appropriate privileges on that registry, or an account that has write permission on the corresponding project in a Harbor registry.
|
||||
|
||||
**NOTES**:
|
||||
Use an account that has the appropriate privileges on that registry, or an account that has write permission on the corresponding project in a Harbor registry.
|
||||
|
||||
{{< note >}}
|
||||
- AWS ECR adapters should use access keys, not a username and password. The access key should have sufficient permissions, such as storage permission.
|
||||
- Google GCR adapters should use the entire JSON key generated in the service account. The namespace should start with the project ID.
|
||||
{{< /note >}}
|
||||
1. Optionally, select the **Verify Remote Cert** check box.
|
||||
|
||||
Deselect the check box if the remote registry uses a self-signed or untrusted certificate.
|
||||
1. Click **Test Connection**.
|
||||
1. When you have successfully tested the connection, click **OK**.
|
||||
|
||||
|
||||
## Managing Registries
|
||||
You can list, add, edit and delete registries under `Administration->Registries`. Only registries which are not referenced by any rules can be deleted.
|
||||
|
||||
![browse project](../../img/manage_registry.png)
|
||||
You can list, add, edit and delete registries under **Administration** -> **Registries**. Only registries which are not referenced by any rules can be deleted.
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
![browse project](../../../img/manage-registry.png)
|
@ -1,23 +1,21 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
---
|
||||
title: Creating a Replication Rule
|
||||
---
|
||||
|
||||
----------
|
||||
|
||||
# Creating a Replication Rule
|
||||
|
||||
A replication endpoint must exist before you create a replication rule. To create an endpoint, follow the instructions in [Creating Replication Endpoints](create_replication_endpoints.md).
|
||||
A replication endpoint must exist before you create a replication rule. To create an endpoint, follow the instructions in [Creating Replication Endpoints](create-replication-endpoints.md).
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Expand **Administration**, and select **Replications**.
|
||||
|
||||
![Add a replication rule](../../img/replication-rule1.png)
|
||||
![Add a replication rule](../../../img/replication-rule1.png)
|
||||
1. Click **New Replication Rule**.
|
||||
1. Provide a name and description for the replication rule.
|
||||
1. Select **Push-based** or **Pull-based** replication, depending on whether you want to replicate images to or from the remote registry.
|
||||
|
||||
![Replication mode](../../img/replication-rule2.png)
|
||||
![Replication mode](../../../img/replication-rule2.png)
|
||||
1. For **Source resource filter**, identify the images to replicate.
|
||||
|
||||
![Replication filters](../../img/replication-rule3.png)
|
||||
![Replication filters](../../../img/replication-rule3.png)
|
||||
|
||||
* **Name**: Replicate resources with a given name by entering an image name or fragment.
|
||||
* **Tag**: Replicate resources with a given tag by entering a tag name or fragment.
|
||||
@ -48,20 +46,17 @@ A replication endpoint must exist before you create a replication rule. To creat
|
||||
|
||||
If you do not enter a namespace, resources are placed in the same namespace as in the source registry.
|
||||
|
||||
![Destination and namespaces](../../img/replication-rule4.png)
|
||||
![Destination and namespaces](../../../img/replication-rule4.png)
|
||||
1. Use the Trigger Mode drop-down menu to select how and when to run the rule.
|
||||
* **Manual**: Replicate the resources manually when needed. **Note**: Deletion operations are not replicated.
|
||||
* **Scheduled**: Replicate the resources periodically by defining a cron job. **Note**: Deletion operations are not replicated.
|
||||
* **Event Based**: When a new resource is pushed to the project, or an image is retagged, it is replicated to the remote registry immediately. If you select the `Delete remote resources when locally deleted`, if you delete an image, it is automatically deleted from the replication target.
|
||||
* **Event Based**: When a new resource is pushed to the project, or an image is retagged, it is replicated to the remote registry immediately. If you select the **Delete remote resources when locally deleted**, if you delete an image, it is automatically deleted from the replication target.
|
||||
|
||||
**NOTE**: You can filter images for replication based on the labels that are applied to the images. However, changing a label on an image does not trigger replication. Event-based replication is limited to pushing, retagging, and deleting images.
|
||||
{{< note >}}
|
||||
You can filter images for replication based on the labels that are applied to the images. However, changing a label on an image does not trigger replication. Event-based replication is limited to pushing, retagging, and deleting images.
|
||||
{{< /note >}}
|
||||
|
||||
![Trigger mode](../../img/replication-rule5.png)
|
||||
![Trigger mode](../../../img/replication-rule5.png)
|
||||
|
||||
1. Optionally select the Override checkbox to force replicated resources to replace resources at the destination with the same name.
|
||||
1. Click **Save** to create the replication rule.
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,28 +1,21 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Running Replication Manually
|
||||
---
|
||||
title: Running Replication Manually
|
||||
---
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Expand **Administration**, and select **Replications**.
|
||||
1. Select a replication rule and click **Replicate**.
|
||||
|
||||
![Add a replication rule](../../img/replication-rule6.png)
|
||||
![Add a replication rule](../../../img/replication-rule6.png)
|
||||
|
||||
The resources to which the rule is applied start to replicate from the source registry to the destination immediately.
|
||||
The resources to which the rule is applied start to replicate from the source registry to the destination immediately.
|
||||
1. Click the rule to see its execution status.
|
||||
1. Click the **ID** of the execution to see the details of the replication and the task list. The count of `IN PROGRESS` status in the summary includes both `Pending` and `In Progress` tasks.
|
||||
1. Optionally click **STOP** to stop the replication.
|
||||
1. Click the log icon to see detailed information about the replication task.
|
||||
|
||||
![View replication task](../../img/list_tasks.png)
|
||||
![View replication task](../../../img/list-tasks.png)
|
||||
|
||||
To edit or delete a replication rule, select the replication rule in the **Replications** view and click **Edit** or **Delete**. Only rules which have no executions in progress can be edited deleted.
|
||||
|
||||
![Delete or edit rule](../../img/replication-rule6.png)
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
![Delete or edit rule](../../../img/replication-rule6.png)
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Garbage Collection
|
||||
---
|
||||
title: Garbage Collection
|
||||
---
|
||||
|
||||
When you delete images from Harbor, space is not automatically freed up. You must run garbage collection to free up space by removing blobs that are no longer referenced by a manifest from the file system.
|
||||
|
||||
@ -11,7 +9,9 @@ When you delete images from Harbor, space is not automatically freed up. You mus
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Expand **Administration**, and select **Garbage Collection**.
|
||||
1. Select the **'Garbage Collection'** tab.
|
||||
![Garbage collection](../../img/garbage-collection.png)
|
||||
|
||||
![Garbage collection](../../img/garbage-collection.png)
|
||||
|
||||
1. To run garbage collection immediately, click **GC Now**.
|
||||
|
||||
When you run garbage collection, Harbor goes into read-only mode. All modifications to the registry are prohibited.
|
||||
@ -23,17 +23,17 @@ To avoid triggering the garbage collection process too frequently, the availabil
|
||||
1. Expand **Administration**, and select **Garbage Collection**.
|
||||
1. Select the **'Garbage Collection'** tab.
|
||||
1. Use the drop down-menu to select how often to run garbage collection.
|
||||
![Schedule garbage collection](../../img/gc_policy.png)
|
||||
* **None**: No garbage collection is scheduled.
|
||||
* **Hourly**: Run garbage collection at the beginning of every hour.
|
||||
* **Daily**: Run garbage collection at midnight every day.
|
||||
* **Weekly**: Run garbage collection at midnight every Saturday.
|
||||
* **Custom**: Run garbage collection according to a `cron` job.
|
||||
|
||||
![Schedule garbage collection](../../img/gc-policy.png)
|
||||
|
||||
* **None**: No garbage collection is scheduled.
|
||||
* **Hourly**: Run garbage collection at the beginning of every hour.
|
||||
* **Daily**: Run garbage collection at midnight every day.
|
||||
* **Weekly**: Run garbage collection at midnight every Saturday.
|
||||
* **Custom**: Run garbage collection according to a `cron` job.
|
||||
1. Click **Save**.
|
||||
1. Select the **History** tab to view records of the 10 most recent garbage collection runs.
|
||||
![Garbage collection history](../../img/gc_history.png)
|
||||
|
||||
![Garbage collection history](../../img/gc-history.png)
|
||||
|
||||
1. Click on the **Logs** link to view the related logs.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
@ -1,40 +1,34 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Configure Global Settings
|
||||
---
|
||||
title: Configure Global Settings
|
||||
---
|
||||
|
||||
You can configure Harbor to connect to an email server, set the registry in read-only mode, and configure Harbor so that only system administrators can create projects.
|
||||
|
||||
## Configure an Email Server
|
||||
|
||||
You can configure Harbor to connect to an email server. The email server is only used to send out responses to users who request to reset their password.
|
||||
You can configure Harbor to connect to an email server. The email server is only used to send out responses to users who request to reset their password.
|
||||
|
||||
![browse project](../../img//new_config_email.png)
|
||||
![browse project](../../img/new-config-email.png)
|
||||
|
||||
## Make the Registry Read Only
|
||||
|
||||
You can set Harbor to read-only mode. In read-only mode, Harbor allows `docker pull` but prevents `docker push` and the deletion of repositories and tags.
|
||||
|
||||
![Read-only mode](../../img//read_only.png)
|
||||
![Read-only mode](../../img/read-only.png)
|
||||
|
||||
If it set to true, deleting repositories, tags and pushing images are not permitted.
|
||||
|
||||
![browse project](../../img//read_only_enable.png)
|
||||
![browse project](../../img/read-only-enable.png)
|
||||
|
||||
|
||||
```
|
||||
$ docker push 10.117.169.182/demo/ubuntu:14.04
|
||||
```sh
|
||||
docker push 10.117.169.182/demo/ubuntu:14.04
|
||||
The push refers to a repository [10.117.169.182/demo/ubuntu]
|
||||
0271b8eebde3: Preparing
|
||||
denied: The system is in read only mode. Any modification is prohibited.
|
||||
denied: The system is in read only mode. Any modification is prohibited.
|
||||
```
|
||||
|
||||
## Set Who Can Create Projects
|
||||
|
||||
Use the **Project Creation** drop-down menu to set which users can create projects. Select **Everyone** to allow all users to create projects. Select **Admin Only** to allow only users with the Harbor system administrator role to create projects.
|
||||
![browse project](../../img/new_proj_create.png)
|
||||
Use the **Project Creation** drop-down menu to set which users can create projects. Select **Everyone** to allow all users to create projects. Select **Admin Only** to allow only users with the Harbor system administrator role to create projects.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
||||
![browse project](../../img/new-proj-create.png)
|
3
docs/1.10/administration/managing-users/_index.md
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
title: Managing Users
|
||||
---
|
20
docs/1.10/administration/managing-users/create-users-db.md
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
title: Create User Accounts in Database Mode
|
||||
---
|
||||
|
||||
In database authentication mode, the Harbor system administrator creates user accounts manually.
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Under **Administration**, go to **Users**.
|
||||
|
||||
![Create user account](../../../img/create-user.png)
|
||||
1. Click **New User**.
|
||||
1. Enter information about the new user.
|
||||
|
||||
![Provide user information](../../../img/new-user.png)
|
||||
|
||||
- The username must be unique in the Harbor system
|
||||
- The email address is used for password recovery
|
||||
- The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
|
||||
|
||||
If users forget their password, there is a **Forgot Password** in the Harbor log in page. To use this feature, you must [configure an email server](../general-settings.md).
|
@ -1,38 +1,32 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
---
|
||||
title: Harbor Role Based Access Control (RBAC)
|
||||
---
|
||||
|
||||
----------
|
||||
Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them.
|
||||
|
||||
# Harbor Role Based Access Control (RBAC)
|
||||
|
||||
Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them.
|
||||
|
||||
![rbac](../../img/rbac.png)
|
||||
![RBAC](../../../img/rbac.png)
|
||||
|
||||
* **Limited Guest**: A Limited Guest does not have full read privileges for a project. They can pull images but cannot push, and they cannot see logs or the other members of a project. For example, you can create limited guests for users from different organizations who share access to a project.
|
||||
* **Guest**: Guest has read-only privilege for a specified project. They can pull and retag images, but cannot push.
|
||||
* **Developer**: Developer has read and write privileges for a project.
|
||||
* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts.
|
||||
* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts.
|
||||
* **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan.
|
||||
|
||||
Besides the above roles, there are two system-level roles:
|
||||
Besides the above roles, there are two system-level roles:
|
||||
|
||||
* **Harbor system administrator**: "Harbor system administrator" has the most privileges. In addition to the privileges mentioned above, "Harbor system administrator" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
|
||||
* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
|
||||
* **Harbor system administrator**: "Harbor system administrator" has the most privileges. In addition to the privileges mentioned above, "Harbor system administrator" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
|
||||
* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
|
||||
|
||||
For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md).
|
||||
For full details of the permissions of the different roles, see [User Permissions By Role](../user-permissions-by-role.md).
|
||||
|
||||
If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](create_users_db.md).
|
||||
If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](../create-users-db.md).
|
||||
|
||||
If you run Harbor in LDAP/AD or OIDC authentication mode, you create and manage user accounts in your LDAP/AD or OIDC provider. Harbor obtains the users from the LDAP/AD or OIDC server and displays them in the **Users** tab of the Harbor interface.
|
||||
|
||||
## Assigning the Harbor System Administrator Role
|
||||
|
||||
Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking **Set as Administrator** in the **Users** tab.
|
||||
Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking **Set as Administrator** in the **Users** tab.
|
||||
|
||||
![browse project](../../img/new_set_admin_remove_user.png)
|
||||
![browse project](../../../img/new-set-admin-remove-user.png)
|
||||
|
||||
To delete users, select a user and click `DELETE`. Deleting user is only supported under database authentication mode.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
To delete users, select a user and click `DELETE`. Deleting users is only supported under database authentication mode.
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# User Permissions By Role
|
||||
---
|
||||
title: User Permissions By Role
|
||||
---
|
||||
|
||||
Users have different abilities depending on the role they in a project.
|
||||
|
||||
@ -33,8 +31,8 @@ The following table depicts the various user permission levels in a project.
|
||||
| Pull image | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| Push image | | | ✓ | ✓ | ✓ |
|
||||
| Scan/delete image | | | | ✓ | ✓ |
|
||||
| Add scanners to Harbor | | | | | |
|
||||
| Edit scanners in projects | | | | | ✓ |
|
||||
| Add scanners to Harbor | | | | | |
|
||||
| Edit scanners in projects | | | | | ✓ |
|
||||
| See a list of image vulnerabilities | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| See image build history | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| Add/Remove labels of image | | | ✓ | ✓ | ✓ |
|
||||
@ -54,13 +52,9 @@ The following table depicts the various user permission levels in a project.
|
||||
| Enable/disable webhooks | | | ✓ | ✓ | ✓ |
|
||||
| Create/delete tag retention rules | | | ✓ | ✓ | ✓ |
|
||||
| Enable/disable tag retention rules | | | ✓ | ✓ | ✓ |
|
||||
| Create/delete tag immutability rules | | | | | ✓ |
|
||||
| Enable/disable tag immutability rules | | | | | ✓ |
|
||||
| Create/delete tag immutability rules | | | | | ✓ |
|
||||
| Enable/disable tag immutability rules | | | | | ✓ |
|
||||
| See project quotas | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
| Edit project quotas * | | | | | |
|
||||
| Edit project quotas * | | | | | |
|
||||
|
||||
* Only the Harbor system administrator can edit project quotas and add new scanners.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,26 +0,0 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Create User Accounts in Database Mode
|
||||
|
||||
In database authentication mode, the Harbor system administrator creates user accounts manually.
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Under **Administration**, go to **Users**.
|
||||
|
||||
![Create user account](../../img/create_user.png)
|
||||
1. Click **New User**.
|
||||
1. Enter information about the new user.
|
||||
|
||||
![Provide user information](../../img/new_user.png)
|
||||
|
||||
- The username must be unique in the Harbor system
|
||||
- The email address is used for password recovery
|
||||
- The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
|
||||
|
||||
If users forget their password, there is a **Forgot Password** in the Harbor log in page. To use this feature, you must [configure an email server](../general_settings.md).
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
3
docs/1.10/administration/upgrade/_index.md
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
title: Upgrade
|
||||
---
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Upgrading Harbor Deployed with Helm
|
||||
---
|
||||
title: Upgrading Harbor Deployed with Helm
|
||||
---
|
||||
|
||||
This guide is used to upgrade Harbor deployed by chart since version 0.3.0.
|
||||
|
||||
@ -27,7 +25,7 @@ Configure the new chart to make sure that the configuration items have the same
|
||||
|
||||
> Note: if TLS is enabled and the certificate is generated by chart automatically, a new certificate will be generated and overwrite the old one during the upgrade, this may cause some issues if you have distributed the certificate. You can follow the below steps to configure the new chart to use the old certificate:
|
||||
|
||||
1) Get the secret name which certificate is stored in:
|
||||
1. Get the secret name which certificate is stored in:
|
||||
|
||||
```bash
|
||||
kubectl get secret
|
||||
@ -35,24 +33,22 @@ Configure the new chart to make sure that the configuration items have the same
|
||||
|
||||
Find the secret whose name ends with `-harbor-ingress` (expose service via `Ingress`) or `-harbor-nginx`(expose service via `ClusterIP` or `NodePort`)
|
||||
|
||||
2) Export the secret as yaml file:
|
||||
2. Export the secret as yaml file:
|
||||
|
||||
|
||||
```bash
|
||||
kubectl get secret <secret-name-from-step-1> -o yaml > secret.yaml
|
||||
```
|
||||
|
||||
3. Rename the secret by setting `metadata.name` in `secret.yaml`
|
||||
|
||||
|
||||
3) Rename the secret by setting `metadata.name` in `secret.yaml`
|
||||
|
||||
4) Create a new secret:
|
||||
4. Create a new secret:
|
||||
|
||||
```bash
|
||||
kubectl create -f secret.yaml
|
||||
```
|
||||
|
||||
5) Configure the chart to use the new secret by setting `expose.tls.secretName` as the value you set in step **3**
|
||||
5. Configure the chart to use the new secret by setting `expose.tls.secretName` as the value you set in step **3**
|
||||
|
||||
### 4. Upgrade
|
||||
|
||||
@ -62,13 +58,10 @@ Run upgrade command:
|
||||
helm upgrade release-name --force .
|
||||
```
|
||||
|
||||
> The `--force` is necessary if upgrade from version 0.3.0 due to issue [#30](https://github.com/goharbor/harbor-helm/issues/30).
|
||||
{{< note >}}
|
||||
The `--force` is necessary if upgrade from version 0.3.0 due to issue [#30](https://github.com/goharbor/harbor-helm/issues/30).
|
||||
{{< /note >}}
|
||||
|
||||
## Known issues
|
||||
|
||||
- The job logs will be lost if you upgrade from version 0.3.0 as the logs are store in a `emptyDir` in 0.3.0.
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,12 +1,12 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Roll Back from an Upgrade
|
||||
---
|
||||
title: Roll Back from an Upgrade
|
||||
---
|
||||
|
||||
If, for any reason, you need to roll back to the previous version of Harbor, perform the following steps.
|
||||
|
||||
**NOTE**: To roll back from an upgrade, you must have backed up the previous version of Harbor. For information about backing up Harbor before an upgrade, see [Upgrade Harbor and Migrate Data](upgrade_migrate_data.md).
|
||||
{{< note >}}
|
||||
To roll back from an upgrade, you must have backed up the previous version of Harbor. For information about backing up Harbor before an upgrade, see [Upgrade Harbor and Migrate Data](../upgrade-migrate-data.md).
|
||||
{{< /note >}}
|
||||
|
||||
1. Stop and remove the current Harbor service if it is still running.
|
||||
|
||||
@ -38,8 +38,6 @@ If, for any reason, you need to roll back to the previous version of Harbor, per
|
||||
./install.sh
|
||||
```
|
||||
|
||||
**NOTE**: While you can roll back an upgrade to the state before you started the upgrade, Harbor does not support downgrades.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
{{< note >}}
|
||||
While you can roll back an upgrade to the state before you started the upgrade, Harbor does not support downgrades.
|
||||
{{< /note >}}
|
@ -1,15 +1,13 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Upgrade Harbor and Migrate Data
|
||||
---
|
||||
title: Upgrade Harbor and Migrate Data
|
||||
---
|
||||
|
||||
This guide covers upgrade and migration to version 1.10.0. This guide only covers migration from v1.8.x and later to the current version. If you are upgrading from an earlier version, refer to the migration guide in the `release-1.8.0` branch to upgrade to v1.8.x first, then follow this guide to perform the migration to this version.
|
||||
|
||||
When upgrading an existing Harbor instance to a newer version, you might need to migrate the data in your database and the settings in `harbor.cfg`.
|
||||
Since the migration might alter the database schema and the settings of `harbor.cfg`, you should **always** back up your data before any migration.
|
||||
|
||||
**NOTES:**
|
||||
## Notes
|
||||
|
||||
- Again, you must back up your data before any data migration.
|
||||
- In version 1.9.0, some containers are started by `non-root`. This does not pose problems if you are upgrading an officially released version of Harbor, but if you have deployed a customized instance of Harbor, you might encounter permission issues.
|
||||
@ -64,10 +62,6 @@ Since the migration might alter the database schema and the settings of `harbor.
|
||||
|
||||
1. In the `./harbor` directory, run the `./install.sh` script to install the new Harbor instance.
|
||||
|
||||
To install Harbor with components such as Notary, Clair, and chartmuseum, see [Run the Installer Script](../../install_config/run_installer_script.md) for more information.
|
||||
To install Harbor with components such as Notary, Clair, and chartmuseum, see [Run the Installer Script](../../install-config/run-installer-script.md) for more information.
|
||||
|
||||
If you need to roll back to the previous version of Harbor, see [Roll Back from an Upgrade](roll_back_upgrade.md).
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
If you need to roll back to the previous version of Harbor, see [Roll Back from an Upgrade](roll-back-upgrade.md).
|
@ -1,4 +1,6 @@
|
||||
# Test Harbor Upgrade
|
||||
---
|
||||
title: Test Harbor Upgrade
|
||||
---
|
||||
|
||||
## Prepare data
|
||||
1. Add user usera userb userc userd usere, set usera userb as system admin.
|
@ -1,28 +1,24 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Vulnerability Scanning
|
||||
---
|
||||
title: Vulnerability Scanning
|
||||
---
|
||||
|
||||
Harbor provides static analysis of vulnerabilities in images through the open source [Clair](https://github.com/coreos/clair) project.
|
||||
|
||||
**IMPORTANT**: Clair is an optional component. To be able to use Clair you must have enabled Clair when you installed your Harbor instance.
|
||||
{{< important >}}
|
||||
Clair is an optional component. To be able to use Clair you must have enabled Clair when you installed your Harbor instance.
|
||||
{{< /important >}}
|
||||
|
||||
You can also connect Harbor to your own instance of Clair or to additional vulnerability scanners by using an interrogation service. You configure additional scanners in the Harbor interface, after you have installed Harbor. For the list of additional scanners that are currently supported, see the [Harbor Compatibility List](../../install_config/harbor_compatibility_list.md#scanner-adapters).
|
||||
You can also connect Harbor to your own instance of Clair or to additional vulnerability scanners by using an interrogation service. You configure additional scanners in the Harbor interface, after you have installed Harbor. For the list of additional scanners that are currently supported, see the [Harbor Compatibility List](../../install-config/harbor-compatibility-list.md#scanner-adapters).
|
||||
|
||||
It might be necessary to connect Harbor to other scanners for corporate compliance reasons, or because your organization already uses a particular scanner. Different scanners also use different vulnerability databases, capture different CVE sets, and apply different severity thresholds. By connecting Harbor to more than one vulnerability scanner, you broaden the scope of your protection against vulnerabilities.
|
||||
|
||||
For information about installing Harbor with Clair, see the [Run the Installer Script](../../install_config/run_installer_script.md).
|
||||
For information about installing Harbor with Clair, see the [Run the Installer Script](../../install-config/run-installer_script.md).
|
||||
|
||||
You can manually initiate scanning on a particular image, or on all images in Harbor. Additionally, you can also set a policy to automatically scan all of the images at specific intervals.
|
||||
|
||||
- [Connect Harbor to Additional Vulnerability Scanners](pluggable_scanners.md)
|
||||
- [Scan Individual Images](scan_individual_image.md)
|
||||
- [Scan All Images](scan_all_images.md)
|
||||
- [Schedule Scans](schedule_scans.md)
|
||||
- [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md)
|
||||
- [Configure System-Wide CVE Whitelists](configure_system_whitelist.md)
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
- [Connect Harbor to Additional Vulnerability Scanners](../pluggable-scanners.md)
|
||||
- [Scan Individual Images](../scan-individual-image.md)
|
||||
- [Scan All Images](../scan-all-images.md)
|
||||
- [Schedule Scans](../schedule-scans.md)
|
||||
- [Import Vulnerability Data to an Offline Harbor instance](../import-vulnerability-data.md)
|
||||
- [Configure System-Wide CVE Whitelists](../configure-system-whitelist.md)
|
@ -1,12 +1,10 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Configure System-Wide CVE Whitelists
|
||||
---
|
||||
title: Configure System-Wide CVE Whitelists
|
||||
---
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working_with_projects/configure_project_whitelist.md).
|
||||
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working-with-projects/configure-project-whitelist.md).
|
||||
|
||||
System-wide CVE whitelists apply to all of the projects in a Harbor instance.
|
||||
|
||||
@ -25,7 +23,3 @@ System-wide CVE whitelists apply to all of the projects in a Harbor instance.
|
||||
After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
|
||||
|
||||
![Add and remove system CVEs](../../img/cve-whitelist4.png)
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Import Vulnerability Data to an Offline Harbor instance
|
||||
---
|
||||
title: Import Vulnerability Data to an Offline Harbor instance
|
||||
---
|
||||
|
||||
If Harbor is installed in an environment without an internet connection, Clair cannot fetch data from the public vulnerability database. In this case, the Harbor administrator must update the Clair database manually.
|
||||
|
||||
@ -14,6 +12,7 @@ If Harbor is installed in an environment without an internet connection, Clair c
|
||||
1. Use `docker ps` to find out the container ID of the Clair service.
|
||||
1. Run `docker logs <container_id>` to check the log of the Clair container. If you are using Harbor you can find the latest Clair logs under `/var/log/harbor/2017-xx-xx/clair.log`.
|
||||
1. Look for logs that look like the following:
|
||||
|
||||
```
|
||||
Jul 3 20:40:45 172.18.0.1 clair[3516]: {"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-07-04 03:40:45.890364","updater name":"rhel"}
|
||||
Jul 3 20:40:46 172.18.0.1 clair[3516]: {"Event":"finished fetching","Level":"info","Location":"updater.go:227","Time":"2017-07-04 03:40:46.768924","updater name":"alpine"}
|
||||
@ -31,15 +30,14 @@ The phrase `finished fetching` indicates that Clair has finished a round of vuln
|
||||
1. Log in to the host, that is connected to Internet, on which the Postgres Clair database is running.
|
||||
1. Dump Clair's vulnerability database by running the following commands.
|
||||
|
||||
**NOTE**: The container name `clair-db` is a placeholder for the database container used by the internet-connected instance of Clair.
|
||||
{{< note >}}
|
||||
The container name `clair-db` is a placeholder for the database container used by the internet-connected instance of Clair.
|
||||
{{< /note >}}
|
||||
|
||||
```
|
||||
$ docker exec clair-db /bin/sh -c "pg_dump -U postgres -a -t feature -t keyvalue -t namespace -t schema_migrations -t vulnerability -t vulnerability_fixedin_feature" > vulnerability.sql
|
||||
```
|
||||
|
||||
```
|
||||
$ docker exec clair-db /bin/sh -c "pg_dump -U postgres -c -s" > clear.sql
|
||||
```
|
||||
```shell
|
||||
$ docker exec clair-db /bin/sh -c "pg_dump -U postgres -a -t feature -t keyvalue -t namespace -t schema_migrations -t vulnerability -t vulnerability_fixedin_feature" > vulnerability.sql
|
||||
$ docker exec clair-db /bin/sh -c "pg_dump -U postgres -c -s" > clear.sql
|
||||
```
|
||||
|
||||
The files `vulnerability.sql` and `clear.sql` are generated.
|
||||
|
||||
@ -47,8 +45,8 @@ The files `vulnerability.sql` and `clear.sql` are generated.
|
||||
|
||||
Before importing the data, it is strongly recommended to back up the Clair database in Harbor.
|
||||
|
||||
```
|
||||
$ docker exec harbor-db /bin/sh -c "pg_dump -U postgres -c" > all.sql
|
||||
```shell
|
||||
docker exec harbor-db /bin/sh -c "pg_dump -U postgres -c" > all.sql
|
||||
```
|
||||
|
||||
## Update the Harbor Clair Database
|
||||
@ -56,18 +54,11 @@ Before importing the data, it is strongly recommended to back up the Clair datab
|
||||
1. Copy the `vulnerability.sql` and `clear.sql` files to the host on which Harbor is running.
|
||||
1. Run the following commands to import the data to the Harbor Clair database:
|
||||
|
||||
```
|
||||
$ docker exec -i harbor-db psql -U postgres < clear.sql
|
||||
```
|
||||
```
|
||||
$ docker exec -i harbor-db psql -U postgres < vulnerability.sql
|
||||
```
|
||||
```shell
|
||||
docker exec -i harbor-db psql -U postgres < clear.sql
|
||||
docker exec -i harbor-db psql -U postgres < vulnerability.sql
|
||||
```
|
||||
|
||||
## Rescan the Images
|
||||
|
||||
After importing the data, trigger the scanning process in the Harbor interface. For information about running a scan, see [Scan All Images](scan_all_images.md).
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
After importing the data, trigger the scanning process in the Harbor interface. For information about running a scan, see [Scan All Images](../scan-all-images.md).
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Connect Harbor to Additional Vulnerability Scanners
|
||||
---
|
||||
title: Connect Harbor to Additional Vulnerability Scanners
|
||||
---
|
||||
|
||||
To connect Harbor to additional vulnerability scanners, you must install and configure an instance of the additional scanner according to the scanner vendor's requirements. The scanner must expose an API endpoint to allow Harbor to trigger the scan process or get reports. You can deploy multiple different scanners, and multiple instances of the same type of scanner.
|
||||
|
||||
@ -36,12 +34,8 @@ To connect Harbor to additional vulnerability scanners, you must install and con
|
||||
Vulnerability scanners depend on the vulnerability metadata to complete the analysis process. After the first initial installation, the vulnerability scanner automatically starts to update the metadata database from different vulnerability repositories. The database update might take a while, based on the data size and network connection.
|
||||
|
||||
Depending on the scanner that you use, once the database is ready, the timestamp of the last update is shown in the **Interrogation Services** > **Vulnerability** tab. Currently, only Clair and Anchore provide timestamp information.
|
||||
![browse project](../../img/clair_ready.png)
|
||||
![browse project](../../img/clair-ready.png)
|
||||
|
||||
Until the database has been fully populated, the timestamp is replaced by a warning symbol. When the database is ready, you can scan images individually or scan all images across all projects.
|
||||
|
||||
If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md).
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
||||
If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](../import-vulnerability-data.md).
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Scan All Images
|
||||
---
|
||||
title: Scan All Images
|
||||
---
|
||||
|
||||
In addition to scanning individual images in projects, you can run global scans on all of the images in a Harbor instance, across all projects.
|
||||
|
||||
@ -10,10 +8,6 @@ In addition to scanning individual images in projects, you can run global scans
|
||||
1. Expand **Administration**, and select **Interrogation Services**.
|
||||
1. Select the **Vulnerability** tab and click **Scan Now** to scan all of the images in all projects.
|
||||
|
||||
![Scan all images](../../img/scan_all.png)
|
||||
![Scan all images](../../img/scan-all.png)
|
||||
|
||||
Scanning requires intensive resource consumption. If scanning is in progress, the **Scan Now** button is unavailable.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -0,0 +1,58 @@
|
||||
---
|
||||
title: Scan Individual Images
|
||||
---
|
||||
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Scanner** tab.
|
||||
|
||||
The **Scanner** tab shows the details of the scanner that is currently set as the scanner to use for this project.
|
||||
|
||||
![Project scanner tab](../../img/project-scanners.png)
|
||||
|
||||
1. Click **Edit** to select a different scanner from the list of scanners that are connected to this Harbor instance, and click **OK**.
|
||||
|
||||
![Project scanner tab](../../img/select-scanner.png)
|
||||
|
||||
{{< note >}}
|
||||
If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
|
||||
{{< /note >}}
|
||||
|
||||
1. Select the **Repositories** tab and select a repository.
|
||||
|
||||
For each tag in the repository, the **Vulnerabilities** column displays the vulnerability scanning status and related information.
|
||||
|
||||
![Tag vulnerability status](../../img/tag-vulnerability-status.png)
|
||||
|
||||
1. Select a tag, or use the check box at the top to select all tags in the repository, and click the **Scan** button to run the vulnerability scan on this image.
|
||||
|
||||
![Scan an image](../../img/scan-image.png)
|
||||
|
||||
**NOTE**: You can start a scan at any time, unless the status is **Queued** or **Scanning**. If the database has not been fully populated, you should not run a scan. The following statuses are displayed in the **Vulnerabilities** column:
|
||||
|
||||
* **Not Scanned:** The tag has never been scanned.
|
||||
* **Queued:** The scanning task is scheduled but has not run yet.
|
||||
* **Scanning:** The scanning task is in progress and a progress bar is displayed.
|
||||
* **View log:** The scanning task failed to complete. Click **View Log** link to view the related logs.
|
||||
* **Complete:** The scanning task completed successfully.
|
||||
|
||||
If the process completes successfully, the result indicates the overall severity level, with the total number of vulnerabilities found for each severity level, and the number of fixable vulnerabilities.
|
||||
|
||||
![Scan result](../../img/scan-result.png)
|
||||
|
||||
* **Red:** At least one critical vulnerability found
|
||||
* **Orange:** At least one high level vulnerability found
|
||||
* **Yellow:** At least one medium level vulnerability found
|
||||
* **Blue:** At least one low level vulnerability found
|
||||
* **Green:** No vulnerabilities found
|
||||
* **Grey:** Unknown vulnerabilities
|
||||
|
||||
1. Hover over the number of fixable vulnerabilities to see a summary of the vulnerability report.
|
||||
|
||||
![Vulnerability summary](../../img/vulnerability-summary.png)
|
||||
|
||||
1. Click on the tag name to see a detailed vulnerability report.
|
||||
|
||||
![Vulnerability report](../../img/tag-detail.png)
|
||||
|
||||
In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag.
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Schedule Scans
|
||||
---
|
||||
title: Schedule Scans
|
||||
---
|
||||
|
||||
You can set policies to control when vulnerability scanning should run.
|
||||
|
||||
@ -11,7 +9,7 @@ You can set policies to control when vulnerability scanning should run.
|
||||
1. Select the **Vulnerability** tab and click the **Edit** button next to **Schedule to scan all**.
|
||||
1. Use the drop down-menu to select how often to run scans.
|
||||
|
||||
![browse project](../../img/scan_policy.png)
|
||||
![browse project](../../img/scan-policy.png)
|
||||
|
||||
* **None**: No scans are scheduled.
|
||||
* **Hourly**: Run a scan at the beginning of every hour.
|
||||
@ -19,7 +17,3 @@ You can set policies to control when vulnerability scanning should run.
|
||||
* **Weekly**: Run a scan at midnight every Saturday.
|
||||
* **Custom**: Run a scan according to a `cron` job.
|
||||
1. Click **Save**.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
@ -1,57 +0,0 @@
|
||||
[Back to table of contents](../../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Scan Individual Images
|
||||
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Scanner** tab.
|
||||
|
||||
The **Scanner** tab shows the details of the scanner that is currently set as the scanner to use for this project.
|
||||
|
||||
![Project scanner tab](../../img/project-scanners.png)
|
||||
1. Click **Edit** to select a different scanner from the list of scanners that are connected to this Harbor instance, and click **OK**.
|
||||
|
||||
![Project scanner tab](../../img/select-scanner.png)
|
||||
|
||||
**NOTE**: If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
|
||||
1. Select the **Repositories** tab and select a repository.
|
||||
|
||||
For each tag in the repository, the **Vulnerabilities** column displays the vulnerability scanning status and related information.
|
||||
|
||||
![Tag vulnerability status](../../img/tag-vulnerability-status.png)
|
||||
1. Select a tag, or use the check box at the top to select all tags in the repository, and click the **Scan** button to run the vulnerability scan on this image.
|
||||
|
||||
![Scan an image](../../img/scan_image.png)
|
||||
|
||||
**NOTE**: You can start a scan at any time, unless the status is **Queued** or **Scanning**. If the database has not been fully populated, you should not run a scan. The following statuses are displayed in the **Vulnerabilities** column:
|
||||
|
||||
* **Not Scanned:** The tag has never been scanned.
|
||||
* **Queued:** The scanning task is scheduled but has not run yet.
|
||||
* **Scanning:** The scanning task is in progress and a progress bar is displayed.
|
||||
* **View log:** The scanning task failed to complete. Click **View Log** link to view the related logs.
|
||||
* **Complete:** The scanning task completed successfully.
|
||||
|
||||
If the process completes successfully, the result indicates the overall severity level, with the total number of vulnerabilities found for each severity level, and the number of fixable vulnerabilities.
|
||||
|
||||
![Scan result](../../img/scan-result.png)
|
||||
|
||||
* **Red:** At least one critical vulnerability found
|
||||
* **Orange:** At least one high level vulnerability found
|
||||
* **Yellow:** At least one medium level vulnerability found
|
||||
* **Blue:** At least one low level vulnerability found
|
||||
* **Green:** No vulnerabilities found
|
||||
* **Grey:** Unknown vulnerabilities
|
||||
1. Hover over the number of fixable vulnerabilities to see a summary of the vulnerability report.
|
||||
|
||||
![Vulnerability summary](../../img/vulnerability-summary.png)
|
||||
1. Click on the tag name to see a detailed vulnerability report.
|
||||
|
||||
![Vulnerability report](../../img/tag_detail.png)
|
||||
|
||||
In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag.
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../../index.md)
|
3
docs/1.10/build-customize-contribute/_index.md
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
title: Building, Customizing, and Contributing to Harbor
|
||||
---
|
@ -1,8 +1,6 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Build Harbor from Source Code
|
||||
---
|
||||
title: Build Harbor from Source Code
|
||||
---
|
||||
|
||||
This guide provides instructions for developers to build and run Harbor from source code.
|
||||
|
||||
@ -24,18 +22,18 @@ Harbor is deployed as several Docker containers and most of the code is written
|
||||
## Step 2: Getting the source code
|
||||
|
||||
```sh
|
||||
$ git clone https://github.com/goharbor/harbor
|
||||
git clone https://github.com/goharbor/harbor
|
||||
```
|
||||
|
||||
## Step 3: Building and installing Harbor
|
||||
|
||||
### Configuration
|
||||
|
||||
Edit the file **make/harbor.yml** and make necessary configuration changes such as hostname, admin password and mail server. Refer to **[Installation and Configuration Guide](installation_guide.md#configuring-harbor)** for more info.
|
||||
Edit the file **make/harbor.yml** and make necessary configuration changes such as hostname, admin password and mail server. Refer to the [Installation and Configuration Guide](../installation-guide.md#configuring-harbor) for more info.
|
||||
|
||||
```sh
|
||||
$ cd harbor
|
||||
$ vi make/harbor.yml
|
||||
cd harbor
|
||||
vi make/harbor.yml
|
||||
```
|
||||
|
||||
### Compiling and Running
|
||||
@ -46,62 +44,62 @@ You can compile the code by one of the three approaches:
|
||||
|
||||
- Get official Golang image from docker hub:
|
||||
|
||||
```sh
|
||||
$ docker pull golang:1.12.5
|
||||
```
|
||||
```sh
|
||||
docker pull golang:1.12.5
|
||||
```
|
||||
|
||||
- Build, install and bring up Harbor without Notary:
|
||||
|
||||
```sh
|
||||
$ make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage
|
||||
```
|
||||
```sh
|
||||
make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage
|
||||
```
|
||||
|
||||
- Build, install and bring up Harbor with Notary:
|
||||
|
||||
```sh
|
||||
$ make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage NOTARYFLAG=true
|
||||
```
|
||||
```sh
|
||||
make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage NOTARYFLAG=true
|
||||
```
|
||||
|
||||
- Build, install and bring up Harbor with Clair:
|
||||
|
||||
```sh
|
||||
$ make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage CLAIRFLAG=true
|
||||
```
|
||||
```sh
|
||||
make install GOBUILDIMAGE=golang:1.12.5 COMPILETAG=compile_golangimage CLAIRFLAG=true
|
||||
```
|
||||
|
||||
#### II. Compile code with your own Golang environment, then build Harbor
|
||||
|
||||
- Move source code to \$GOPATH
|
||||
- Move source code to `$GOPATH`
|
||||
|
||||
```sh
|
||||
$ mkdir $GOPATH/src/github.com/goharbor/
|
||||
$ cd ..
|
||||
$ mv harbor $GOPATH/src/github.com/goharbor/.
|
||||
```
|
||||
```sh
|
||||
mkdir $GOPATH/src/github.com/goharbor/
|
||||
cd ..
|
||||
mv harbor $GOPATH/src/github.com/goharbor/.
|
||||
```
|
||||
|
||||
- Build, install and run Harbor without Notary and Clair:
|
||||
|
||||
```sh
|
||||
$ cd $GOPATH/src/github.com/goharbor/harbor
|
||||
$ make install
|
||||
```
|
||||
```sh
|
||||
cd $GOPATH/src/github.com/goharbor/harbor
|
||||
$ make install
|
||||
```
|
||||
|
||||
- Build, install and run Harbor with Notary and Clair:
|
||||
|
||||
```sh
|
||||
$ cd $GOPATH/src/github.com/goharbor/harbor
|
||||
$ make install -e NOTARYFLAG=true CLAIRFLAG=true
|
||||
```
|
||||
```sh
|
||||
cd $GOPATH/src/github.com/goharbor/harbor
|
||||
make install -e NOTARYFLAG=true CLAIRFLAG=true
|
||||
```
|
||||
|
||||
### Verify your installation
|
||||
|
||||
If everything worked properly, you can get the below message:
|
||||
If everything worked properly, you will see this message:
|
||||
|
||||
```sh
|
||||
...
|
||||
Start complete. You can visit harbor now.
|
||||
...
|
||||
Start complete. You can visit harbor now.
|
||||
```
|
||||
|
||||
Refer to [Installation and Configuration Guide](installation_guide.md#managing-harbors-lifecycle) for more information about managing your Harbor instance.
|
||||
Refer to the [Installation and Configuration Guide](../installation-guide.md#managing-harbors-lifecycle) for more information about managing your Harbor instance.
|
||||
|
||||
## Appendix
|
||||
|
||||
@ -154,34 +152,27 @@ The `Makefile` contains these configurable parameters:
|
||||
#### Push Harbor images to specific registry server
|
||||
|
||||
```sh
|
||||
$ make pushimage -e DEVFLAG=false REGISTRYSERVER=[$SERVERADDRESS] REGISTRYUSER=[$USERNAME] REGISTRYPASSWORD=[$PASSWORD] REGISTRYPROJECTNAME=[$PROJECTNAME]
|
||||
|
||||
make pushimage -e DEVFLAG=false REGISTRYSERVER=[$SERVERADDRESS] REGISTRYUSER=[$USERNAME] REGISTRYPASSWORD=[$PASSWORD] REGISTRYPROJECTNAME=[$PROJECTNAME]
|
||||
```
|
||||
|
||||
**Note**: need add "/" on end of REGISTRYSERVER. If REGISTRYSERVER is not set, images will be pushed directly to Docker Hub.
|
||||
|
||||
```sh
|
||||
$ make pushimage -e DEVFLAG=false REGISTRYUSER=[$USERNAME] REGISTRYPASSWORD=[$PASSWORD] REGISTRYPROJECTNAME=[$PROJECTNAME]
|
||||
|
||||
make pushimage -e DEVFLAG=false REGISTRYUSER=[$USERNAME] REGISTRYPASSWORD=[$PASSWORD] REGISTRYPROJECTNAME=[$PROJECTNAME]
|
||||
```
|
||||
|
||||
#### Clean up binaries and images of a specific version
|
||||
|
||||
```sh
|
||||
$ make clean -e VERSIONTAG=[TAG]
|
||||
|
||||
make clean -e VERSIONTAG=[TAG]
|
||||
```
|
||||
|
||||
**Note**: If new code had been added to Github, the git commit TAG will change. Better use this command to clean up images and files of previous TAG.
|
||||
{{< note >}}
|
||||
If new code has been added to Github, the git commit TAG will change. Better use this command to clean up images and files of previous TAG.
|
||||
{{< /note >}}
|
||||
|
||||
#### By default, the make process create a development build. To create a release build of Harbor, set the below flag to false.
|
||||
|
||||
```sh
|
||||
$ make XXXX -e DEVFLAG=false
|
||||
|
||||
make XXXX -e DEVFLAG=false
|
||||
```
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
96
docs/1.10/build-customize-contribute/configure-swagger.md
Normal file
@ -0,0 +1,96 @@
|
||||
---
|
||||
title: View and Test the Harbor REST API via Swagger
|
||||
---
|
||||
|
||||
A Swagger file is provided for viewing and testing Harbor REST API.
|
||||
|
||||
## Viewing Harbor REST API
|
||||
|
||||
* Open the file **swagger.yaml** under the _docs_ directory in Harbor project
|
||||
* Paste all its content into the online Swagger Editor at http://editor.swagger.io. The descriptions of Harbor API will be shown on the right pane of the page.
|
||||
|
||||
![Swagger Editor](../../img/swagger-editor.png)
|
||||
|
||||
## Testing Harbor REST API
|
||||
From time to time, you may need to mannually test Harbor REST API. You can deploy the Swagger file into Harbor's service node. Suppose you install Harbor through online or offline installer, you should have a Harbor directory after you un-tar the installer, such as `~/harbor`.
|
||||
|
||||
{{< danger >}}
|
||||
When using Swagger to send REST requests to Harbor, you may alter the data of Harbor accidentally. For this reason, we do **not** recommended using Swagger against a production Harbor instance.
|
||||
{{< /danger >}}
|
||||
|
||||
* Download `prepare-swagger.sh` and `swagger.yaml` under the `docs` directory to your local Harbor directory, e.g. `~/harbor`.
|
||||
|
||||
```sh
|
||||
wget https://raw.githubusercontent.com/goharbor/harbor/master/docs/prepare-swagger.sh https://raw.githubusercontent.com/goharbor/harbor/master/docs/swagger.yaml
|
||||
```
|
||||
|
||||
* Edit the script file `prepare-swagger.sh`.
|
||||
|
||||
```sh
|
||||
vi prepare-swagger.sh
|
||||
```
|
||||
|
||||
* Change the SCHEME to the protocol scheme of your Harbor server.
|
||||
|
||||
```sh
|
||||
SCHEME=<HARBOR_SERVER_SCHEME>
|
||||
```
|
||||
|
||||
* Change the `SERVER_IP` to the IP address of your Harbor server.
|
||||
|
||||
```sh
|
||||
SERVER_IP=<HARBOR_SERVER_DOMAIN>
|
||||
```
|
||||
|
||||
* Change the file mode.
|
||||
|
||||
```sh
|
||||
chmod +x prepare-swagger.sh
|
||||
```
|
||||
|
||||
* Run the shell script. It downloads a Swagger package and extracts files into the `../static` directory.
|
||||
|
||||
```sh
|
||||
./prepare-swagger.sh
|
||||
```
|
||||
|
||||
* Edit the `docker-compose.yml` file under your local Harbor directory.
|
||||
|
||||
```sh
|
||||
vi docker-compose.yml
|
||||
```
|
||||
|
||||
* Add two lines to the file `docker-compose.yml` under the section `ui.volumes`.
|
||||
|
||||
```yaml
|
||||
# ...
|
||||
ui:
|
||||
# ...
|
||||
volumes:
|
||||
- ./common/config/ui/app.conf:/etc/core/app.conf:z
|
||||
- ./common/config/ui/private_key.pem:/etc/core/private_key.pem:z
|
||||
- /data/secretkey:/etc/core/key:z
|
||||
- /data/ca_download/:/etc/core/ca/:z
|
||||
## add two lines as below ##
|
||||
- ../src/ui/static/vendors/swagger-ui-2.1.4/dist:/harbor/static/vendors/swagger
|
||||
- ../src/ui/static/resources/yaml/swagger.yaml:/harbor/static/resources/yaml/swagger.yaml
|
||||
# ...
|
||||
```
|
||||
|
||||
* Recreate Harbor containers
|
||||
|
||||
```docker
|
||||
docker-compose down -v && docker-compose up -d
|
||||
```
|
||||
|
||||
* Because a session ID is usually required by Harbor API, **you should log in first from a browser.**
|
||||
* Open another tab in the same browser so that the session is shared between tabs.
|
||||
* Enter the URL of the Swagger page in Harbor as below. The ```<HARBOR_SERVER>``` should be replaced by the IP address or the hostname of the Harbor server.
|
||||
|
||||
```text
|
||||
http://<HARBOR_SERVER>/static/vendors/swagger/index.html
|
||||
```
|
||||
|
||||
* You should see a Swagger UI page with Harbor API _swagger.yaml_ file loaded in the same domain, **be aware that your REST request submitted by Swagger may change the data of Harbor**.
|
||||
|
||||
![Harbor API](../../img/rendered-swagger.png)
|
@ -1,15 +1,14 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Customize the Harbor Look & Feel
|
||||
---
|
||||
title: Customize the Look and Feel of Harbor
|
||||
---
|
||||
|
||||
The primary look & feel of Harbor supports to be customized with several simple steps. All the relevant customization in configurations are saved in the `setting.json` file under `$HARBOR_DIR/src/portal/src` folder with `json` format and will be loaded when Harbor is launched.
|
||||
|
||||
## Configure
|
||||
|
||||
Open the `setting.json` file, you'll see the default content as shown below:
|
||||
|
||||
```
|
||||
```json
|
||||
{
|
||||
"headerBgColor": "#004a70",
|
||||
"headerLogo": "",
|
||||
@ -40,9 +39,3 @@ Change the values of configuration if you want to override the default style to
|
||||
## Build
|
||||
|
||||
Once the `setting.json` configurations has been updated, re-[build](#configure) your product to apply the new changes.
|
||||
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
73
docs/1.10/build-customize-contribute/developer-guide-i18n.md
Normal file
@ -0,0 +1,73 @@
|
||||
---
|
||||
title: Developing for Internationalization
|
||||
---
|
||||
|
||||
{{< note >}}
|
||||
All the files you created should use UTF-8 encoding.
|
||||
{{< /note >}}
|
||||
|
||||
Steps to localize the UI in your language
|
||||
|
||||
1. In the folder `src/portal/src/i18n/lang`, copy json file `en-us-lang.json` to a new file and rename it to `<language>-<locale>-lang.json` .
|
||||
|
||||
The file contains a JSON object including all the key-value pairs of UI strings:
|
||||
|
||||
```javascript
|
||||
{
|
||||
"APP_TITLE": {
|
||||
"VMW_HARBOR": "Harbor",
|
||||
"HARBOR": "Harbor",
|
||||
// ...
|
||||
},
|
||||
// ...
|
||||
}
|
||||
```
|
||||
|
||||
In the file `<language>-<locale>-lang.json`, translate all the values into your language. Do not change any keys.
|
||||
|
||||
2. After creating your language file, you should add it to the language supporting list.
|
||||
|
||||
Locate the file `src/portal/src/app/shared/shared.const.ts`.
|
||||
|
||||
Append `<language>-<locale>` to the language supporting list:
|
||||
|
||||
```typescript
|
||||
export const supportedLangs = ['en-us', 'zh-cn', '<language>-<locale>'];
|
||||
```
|
||||
|
||||
Define the language display name and append it to the name list:
|
||||
|
||||
```typescript
|
||||
export const languageNames = {
|
||||
"en-us": "English",
|
||||
"zh-cn": "中文简体",
|
||||
"<language>-<locale>": "<DISPLAY_NAME>"
|
||||
};
|
||||
```
|
||||
|
||||
{{< note >}}
|
||||
Don't miss the comma before the new key-value item you've added.
|
||||
{{< /note >}}
|
||||
|
||||
3. Enable the new language in the view.
|
||||
|
||||
Locate the file `src/portal/src/app/base/navigator/navigator.component.html` and then find the following code piece:
|
||||
|
||||
```html
|
||||
<div class="dropdown-menu">
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("en-us")' [class.lang-selected]='matchLang("en-us")'>English</a>
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("zh-cn")' [class.lang-selected]='matchLang("zh-cn")'>中文简体</a>
|
||||
</div>
|
||||
```
|
||||
|
||||
Add a new menu item for your language:
|
||||
|
||||
```html
|
||||
<div class="dropdown-menu">
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("en-us")' [class.lang-selected]='matchLang("en-us")'>English</a>
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("zh-cn")' [class.lang-selected]='matchLang("zh-cn")'>中文简体</a>
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("<language>-<locale>")' [class.lang-selected]='matchLang("<language>-<locale>")'>DISPLAY_NAME</a>
|
||||
</div>
|
||||
```
|
||||
|
||||
4. Next, please refer [compile guideline](../compile-guide.md) to rebuild and restart Harbor.
|
@ -1,10 +1,8 @@
|
||||
[Back to table of contents](../index.md)
|
||||
---
|
||||
title: Registry Landscape
|
||||
---
|
||||
|
||||
----------
|
||||
|
||||
# Registry Landscape
|
||||
|
||||
The cloud native ecosystem is moving rapidly–registries and their feature sets are no exception. We've made our best effort to survey the container registry landscape and compare to our core feature set.
|
||||
The cloud native ecosystem is moving rapidly—registries and their feature sets are no exception. We've made our best effort to survey the container registry landscape and compare to our core feature set.
|
||||
|
||||
If you find something outdated or outright erroneous, please submit a PR and we'll fix it right away.
|
||||
|
||||
@ -35,8 +33,3 @@ Table updated on 10/21/2019 against Harbor 1.9.
|
||||
| Vulnerability Scanning Plugin Framework | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
|
||||
| Vulnerability Whitelisting | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
|
||||
| Webhooks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
@ -1,16 +1,14 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Developing the Harbor Frontend
|
||||
---
|
||||
title: Developing the Harbor Frontend
|
||||
---
|
||||
|
||||
If you already have a harbor backend environment, you can build a frontend development environment with the following configuration.
|
||||
|
||||
1. Create the file proxy.config.json in the directory harbor/src/portal,and config it according to the sample below.
|
||||
|
||||
**NOTE:** You should replace “$IP_ADDRESS” with your own ip address.
|
||||
**NOTE:** You should replace “$IP_ADDRESS” with your own ip address.
|
||||
|
||||
```
|
||||
```json
|
||||
{
|
||||
"/api/*": {
|
||||
"target": "$IP_ADDRESS",
|
||||
@ -83,21 +81,16 @@ If you already have a harbor backend environment, you can build a frontend devel
|
||||
```
|
||||
|
||||
2. Open the terminal and run the following command,install npm packages as 3rd-party dependencies.
|
||||
```
|
||||
|
||||
```sh
|
||||
cd harbor/src/portal
|
||||
npm install
|
||||
```
|
||||
|
||||
3. Execute the following command,serve Harbor locally.
|
||||
|
||||
```
|
||||
```sh
|
||||
npm run start
|
||||
```
|
||||
|
||||
4. Then you can visit the Harbor by address: https://localhost:4200.
|
||||
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
||||
4. Then you can visit the Harbor by address: https://localhost:4200.
|
@ -1,7 +1,6 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
# Using Make
|
||||
---
|
||||
title: Using Make
|
||||
---
|
||||
|
||||
## Variables
|
||||
|
||||
@ -42,19 +41,26 @@ version | set harbor version
|
||||
|
||||
## Examples
|
||||
|
||||
### Build and run harbor from source code.
|
||||
### Build and run harbor from source code
|
||||
|
||||
```sh
|
||||
make install GOBUILDIMAGE=golang:1.13.4 COMPILETAG=compile_golangimage NOTARYFLAG=true
|
||||
```
|
||||
|
||||
### Package offline installer
|
||||
|
||||
```sh
|
||||
make package_offline GOBUILDIMAGE=golang:1.13.4 COMPILETAG=compile_golangimage NOTARYFLAG=true
|
||||
```
|
||||
|
||||
### Start harbor with notary
|
||||
|
||||
```sh
|
||||
make -e NOTARYFLAG=true start
|
||||
```
|
||||
|
||||
### Stop harbor with notary
|
||||
|
||||
```sh
|
||||
make -e NOTARYFLAG=true down
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
||||
```
|
@ -1,80 +0,0 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# View and test Harbor REST API via Swagger
|
||||
A Swagger file is provided for viewing and testing Harbor REST API.
|
||||
|
||||
## Viewing Harbor REST API
|
||||
* Open the file **swagger.yaml** under the _docs_ directory in Harbor project;
|
||||
* Paste all its content into the online Swagger Editor at http://editor.swagger.io. The descriptions of Harbor API will be shown on the right pane of the page.
|
||||
|
||||
![Swagger Editor](img/swaggerEditor.png)
|
||||
|
||||
## Testing Harbor REST API
|
||||
From time to time, you may need to mannually test Harbor REST API. You can deploy the Swagger file into Harbor's service node. Suppose you install Harbor through online or offline installer, you should have a Harbor directory after you un-tar the installer, such as **~/harbor**.
|
||||
|
||||
**Caution:** When using Swagger to send REST requests to Harbor, you may alter the data of Harbor accidentally. For this reason, it is NOT recommended using Swagger against a production Harbor instance.
|
||||
|
||||
* Download _prepare-swagger.sh_ and _swagger.yaml_ under the _docs_ directory to your local Harbor directory, e.g. **~/harbor**.
|
||||
```sh
|
||||
wget https://raw.githubusercontent.com/goharbor/harbor/master/docs/prepare-swagger.sh https://raw.githubusercontent.com/goharbor/harbor/master/docs/swagger.yaml
|
||||
```
|
||||
* Edit the script file _prepare-swagger.sh_.
|
||||
```sh
|
||||
vi prepare-swagger.sh
|
||||
```
|
||||
* Change the SCHEME to the protocol scheme of your Harbor server.
|
||||
```sh
|
||||
SCHEME=<HARBOR_SERVER_SCHEME>
|
||||
```
|
||||
* Change the SERVER_IP to the IP address of your Harbor server.
|
||||
```sh
|
||||
SERVER_IP=<HARBOR_SERVER_DOMAIN>
|
||||
```
|
||||
* Change the file mode.
|
||||
```sh
|
||||
chmod +x prepare-swagger.sh
|
||||
````
|
||||
* Run the shell script. It downloads a Swagger package and extracts files into the _../static_ directory.
|
||||
```sh
|
||||
./prepare-swagger.sh
|
||||
```
|
||||
* Edit the _docker-compose.yml_ file under your local Harbor directory.
|
||||
```sh
|
||||
vi docker-compose.yml
|
||||
```
|
||||
* Add two lines to the file _docker-compose.yml_ under the section _ui.volumes_.
|
||||
```docker
|
||||
...
|
||||
ui:
|
||||
...
|
||||
volumes:
|
||||
- ./common/config/ui/app.conf:/etc/core/app.conf:z
|
||||
- ./common/config/ui/private_key.pem:/etc/core/private_key.pem:z
|
||||
- /data/secretkey:/etc/core/key:z
|
||||
- /data/ca_download/:/etc/core/ca/:z
|
||||
## add two lines as below ##
|
||||
- ../src/ui/static/vendors/swagger-ui-2.1.4/dist:/harbor/static/vendors/swagger
|
||||
- ../src/ui/static/resources/yaml/swagger.yaml:/harbor/static/resources/yaml/swagger.yaml
|
||||
...
|
||||
```
|
||||
* Recreate Harbor containers
|
||||
```docker
|
||||
docker-compose down -v && docker-compose up -d
|
||||
```
|
||||
|
||||
* Because a session ID is usually required by Harbor API, **you should log in first from a browser.**
|
||||
* Open another tab in the same browser so that the session is shared between tabs.
|
||||
* Enter the URL of the Swagger page in Harbor as below. The ```<HARBOR_SERVER>``` should be replaced by the IP address or the hostname of the Harbor server.
|
||||
```
|
||||
http://<HARBOR_SERVER>/static/vendors/swagger/index.html
|
||||
```
|
||||
* You should see a Swagger UI page with Harbor API _swagger.yaml_ file loaded in the same domain, **be aware that your REST request submitted by Swagger may change the data of Harbor**.
|
||||
|
||||
![Harbor API](img/renderedSwagger.png)
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
@ -1,67 +0,0 @@
|
||||
[Back to table of contents](../index.md)
|
||||
|
||||
----------
|
||||
|
||||
# Developing for Internationalization
|
||||
|
||||
*NOTE: All the files you created should use UTF-8 encoding.*
|
||||
|
||||
Steps to localize the UI in your language
|
||||
|
||||
1. In the folder `src/portal/src/i18n/lang`, copy json file `en-us-lang.json` to a new file and rename it to `<language>-<locale>-lang.json` .
|
||||
|
||||
The file contains a JSON object including all the key-value pairs of UI strings:
|
||||
```
|
||||
{
|
||||
"APP_TITLE": {
|
||||
"VMW_HARBOR": "Harbor",
|
||||
"HARBOR": "Harbor",
|
||||
...
|
||||
},
|
||||
...
|
||||
}
|
||||
```
|
||||
In the file `<language>-<locale>-lang.json`, translate all the values into your language. Do not change any keys.
|
||||
|
||||
2. After creating your language file, you should add it to the language supporting list.
|
||||
|
||||
Locate the file `src/portal/src/app/shared/shared.const.ts`.
|
||||
Append `<language>-<locale>` to the language supporting list:
|
||||
```
|
||||
export const supportedLangs = ['en-us', 'zh-cn', '<language>-<locale>'];
|
||||
```
|
||||
Define the language display name and append it to the name list:
|
||||
```
|
||||
export const languageNames = {
|
||||
"en-us": "English",
|
||||
"zh-cn": "中文简体",
|
||||
"<language>-<locale>": "<DISPLAY_NAME>"
|
||||
};
|
||||
```
|
||||
|
||||
**NOTE: Don't miss the comma before the new key-value item you've added.**
|
||||
|
||||
3. Enable the new language in the view.
|
||||
|
||||
Locate the file `src/portal/src/app/base/navigator/navigator.component.html` and then find the following code piece:
|
||||
```
|
||||
<div class="dropdown-menu">
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("en-us")' [class.lang-selected]='matchLang("en-us")'>English</a>
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("zh-cn")' [class.lang-selected]='matchLang("zh-cn")'>中文简体</a>
|
||||
</div>
|
||||
```
|
||||
Add new menu item for your language:
|
||||
```
|
||||
<div class="dropdown-menu">
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("en-us")' [class.lang-selected]='matchLang("en-us")'>English</a>
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("zh-cn")' [class.lang-selected]='matchLang("zh-cn")'>中文简体</a>
|
||||
<a href="javascript:void(0)" clrDropdownItem (click)='switchLanguage("<language>-<locale>")' [class.lang-selected]='matchLang("<language>-<locale>")'>DISPLAY_NAME</a>
|
||||
</div>
|
||||
```
|
||||
|
||||
4. Next, please refer [compile guideline](compile_guide.md) to rebuild and restart Harbor.
|
||||
|
||||
|
||||
----------
|
||||
|
||||
[Back to table of contents](../index.md)
|
Before Width: | Height: | Size: 3.8 KiB After Width: | Height: | Size: 3.8 KiB |
Before Width: | Height: | Size: 46 KiB After Width: | Height: | Size: 46 KiB |
Before Width: | Height: | Size: 95 KiB After Width: | Height: | Size: 95 KiB |
Before Width: | Height: | Size: 231 KiB After Width: | Height: | Size: 231 KiB |
Before Width: | Height: | Size: 21 KiB After Width: | Height: | Size: 21 KiB |
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 16 KiB |
Before Width: | Height: | Size: 114 KiB After Width: | Height: | Size: 114 KiB |
Before Width: | Height: | Size: 34 KiB After Width: | Height: | Size: 34 KiB |
Before Width: | Height: | Size: 208 KiB After Width: | Height: | Size: 208 KiB |
Before Width: | Height: | Size: 934 KiB After Width: | Height: | Size: 934 KiB |
Before Width: | Height: | Size: 86 KiB After Width: | Height: | Size: 86 KiB |
Before Width: | Height: | Size: 220 KiB After Width: | Height: | Size: 220 KiB |
Before Width: | Height: | Size: 308 KiB After Width: | Height: | Size: 308 KiB |
Before Width: | Height: | Size: 41 KiB After Width: | Height: | Size: 41 KiB |
Before Width: | Height: | Size: 198 KiB After Width: | Height: | Size: 198 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 35 KiB After Width: | Height: | Size: 35 KiB |
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 118 KiB After Width: | Height: | Size: 118 KiB |
Before Width: | Height: | Size: 41 KiB After Width: | Height: | Size: 41 KiB |
Before Width: | Height: | Size: 153 KiB After Width: | Height: | Size: 153 KiB |
Before Width: | Height: | Size: 212 KiB After Width: | Height: | Size: 212 KiB |
Before Width: | Height: | Size: 232 KiB After Width: | Height: | Size: 232 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 16 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 6.7 KiB After Width: | Height: | Size: 6.7 KiB |
Before Width: | Height: | Size: 99 KiB After Width: | Height: | Size: 99 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 167 KiB After Width: | Height: | Size: 167 KiB |
Before Width: | Height: | Size: 187 KiB After Width: | Height: | Size: 187 KiB |
Before Width: | Height: | Size: 250 KiB After Width: | Height: | Size: 250 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 15 KiB After Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 192 KiB After Width: | Height: | Size: 192 KiB |
Before Width: | Height: | Size: 205 KiB After Width: | Height: | Size: 205 KiB |
Before Width: | Height: | Size: 79 KiB After Width: | Height: | Size: 79 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 168 KiB After Width: | Height: | Size: 168 KiB |
Before Width: | Height: | Size: 220 KiB After Width: | Height: | Size: 220 KiB |
Before Width: | Height: | Size: 95 KiB After Width: | Height: | Size: 95 KiB |
Before Width: | Height: | Size: 165 KiB After Width: | Height: | Size: 165 KiB |
Before Width: | Height: | Size: 181 KiB After Width: | Height: | Size: 181 KiB |
Before Width: | Height: | Size: 180 KiB After Width: | Height: | Size: 180 KiB |
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 16 KiB |
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 150 KiB After Width: | Height: | Size: 150 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 166 KiB After Width: | Height: | Size: 166 KiB |
Before Width: | Height: | Size: 18 KiB After Width: | Height: | Size: 18 KiB |
Before Width: | Height: | Size: 30 KiB After Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |