Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-10-31 23:59:32 +01:00
Code Issues Projects Releases Wiki Activity

Link checking and topic rewrites

Browse Source
This commit is contained in:
Stuart Clements 2020-01-13 12:25:55 +01:00
parent 67a58cbe72
commit 7b176d6ae8
9 changed files with 73 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/1.10/administration/index.md
View File

@ -11,7 +11,7 @@ The operations that are performed by the Harbor system administrator are the fol
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](configuring_replication/configuring_replication.md).
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](vulnerability_scanning/vulnerability_scanning.md).
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](garbage_collection.md).
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade_harbor.md).
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade_migrate_data.md).
----------

4
docs/1.10/administration/upgrade/upgrade_harbor.md
View File

@ -1,4 +0,0 @@
# Upgrading Harbor
- [Upgrade Harbor and Migrate Data](upgrade_migrate_data.md)
- [Roll Back an Upgrade](roll_back_upgrade.md)

3
docs/1.10/index.md
View File

@ -45,8 +45,7 @@ This section describes how to use and maintain Harbor after deployment. These da
- [Import Vulnerability Data to an Offline Harbor instance](administration/vulnerability_scanning/import_vulnerability_data.md)
- [Configure System-Wide CVE Whitelists](administration/vulnerability_scanning/configure_system_whitelist.md)
- [Garbage Collection](administration/garbage_collection.md)
- [Upgrading Harbor](administration/upgrade/index.md)
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade_migrate_data.md)
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade_migrate_data.md)
- [Roll Back an Upgrade](administration/upgrade/roll_back_upgrade.md)
## Working with Harbor Projects

6
docs/1.10/install_config/configure_https.md
View File

@ -115,8 +115,7 @@ After generating the `ca.crt`, `yourdomain.com.crt`, and `yourdomain.com.key` fi
`systemctl restart docker`
You might also need to trust the certificate at the OS level. See [Troubleshooting Harbor Installation
](troubleshoot_installation.md#https) for more information.
You might also need to trust the certificate at the OS level. See [Troubleshooting Harbor Installation](troubleshoot_installation.md#https) for more information.
The following example illustrates a configuration that uses custom certificates.
@ -179,8 +178,7 @@ After setting up HTTPS for Harbor, you can verify the HTTPS connection by perfor
## What to Do Next ##
- If the verification succeeds, see [Harbor Administration](../administration/index.md) for information about using Harbor.
- If installation fails, see [Troubleshooting Harbor Installation
](troubleshoot_installation.md).
- If installation fails, see [Troubleshooting Harbor Installation](troubleshoot_installation.md).
----------

39
docs/1.10/install_config/configure_user_settings_cli.md
View File

@ -1,16 +1,22 @@
[Back to table of contents](../index.md)
----------
# Configure Harbor User Settings at the Command Line
After release 1.8.0, all user settings are separated from system settings, it can not be configured in config file anymore. Users need to configure it with admin privileges in web console or via HTTP request.
From release 1.8.0 onwards, user settings are configured separately from the system settings. You do not configure user settings in the `harbor.yml` file, but rather in the Harbor interface or via HTTP requests.
## Example Configuration Commands:
Add a new user in the local database:
`curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki <Harbor Server URL>/api/configurations -d'{"<item_name>":"<item_value>"}'`
Get current configurations
Get the current configuration, run the following command:
`curl -u "<username>:<password>" -H "Content-Type: application/json" -ki <Harbor Server URL>/api/configurations`
## Sample config commands:
1. Update Harbor to use LDAP auth
Update Harbor to use LDAP authentication:
Command
```shell
@ -27,7 +33,7 @@ Get current configurations
Set-Cookie: sid=a5803a1265e2b095cf65ce1d8bbd79b1; Path=/; HttpOnly
```
1. Restrict project creation to admin only
Restrict project creation to Harbor administrators:
Command
```shell
@ -45,7 +51,7 @@ Get current configurations
Set-Cookie: sid=b7925eaf7af53bdefb13bdcae201a14a; Path=/; HttpOnly
```
1. Update the token expiration time
Update the token expiration time:
Command
```shell
@ -99,14 +105,19 @@ uaa_client_id | UAA client ID | string | required(uaa_auth)
uaa_client_secret | UAA certificate | string | required(uaa_auth)
uaa_endpoint | UAA endpoint | string | required(uaa_auth)
uaa_verify_cert | UAA verify cert, true or false | boolean | optional | true
oidc_name | name for OIDC authentication | string | required(oidc_auth)
oidc_endpoint | endpoint for OIDC auth | string | required(oidc_auth)
oidc_client_id | client id for OIDC auth | string | required(oidc_auth)
oidc_client_secret | client secret for OIDC auth |string | required(oidc_auth)
oidc_scope | scope for OIDC auth | string| required(oidc_auth)
oidc_verify_cert | verify cert for OIDC auth, true or false | boolean | optional| true
oidc_name | Name for OIDC authentication | string | required(oidc_auth)
oidc_endpoint | Endpoint for OIDC auth | string | required(oidc_auth)
oidc_client_id | Client id for OIDC auth | string | required(oidc_auth)
oidc_client_secret | Client secret for OIDC auth |string | required(oidc_auth)
oidc_scope | Ccope for OIDC auth | string| required(oidc_auth)
oidc_verify_cert | Verify certificate for OIDC auth, true or false | boolean | optional| true
robot_token_duration | Robot token expiration time in minutes | number | optional | 43200 (30days)
**Note:** Both boolean and number can be enclosed with double quote in the request json, for example: `123`, `"123"`, `"true"` or `true` is OK.
**Note:** Both booleans and numbers can be enclosed with double quote in the request json, for example: `123`, `"123"`, `"true"` or `true` is OK.
----------
[Back to table of contents](../index.md)

75
docs/1.10/install_config/customize_token_service.md
View File

@ -6,59 +6,62 @@
By default, Harbor uses its own private key and certificate to authenticate with Docker clients. This topic describes how to optionally customize your configuration to use your own key and certificate.
Harbor requires Docker client to access the Harbor registry with a token. The procedure to generate a token is like [Docker Registry v2 authentication](https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md). Firstly, you should make a request to the token service for a token. The token is signed by the private key. After that, you make a new request with the token to the Harbor registry, Harbor registry will verify the token with the public key in the rootcert bundle. Then Harbor registry will authorize the Docker client to push/pull images.
Harbor requires the Docker client to access the Harbor registry with a token. The procedure to generate a token is like [Docker Registry v2 authentication](https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md). Firstly, you make a request to the token service for a token. The token is signed by the private key. After that, you make a new request with the token to the Harbor registry, Harbor registry verifies the token with the public key in the root cert bundle. Then Harbor registry authorizes the Docker client to push and pull images.
1. If you already have a certificate, go to step 3.
1. If not, you can generate a root certificate using openSSL with following commands:
- If you do not already have a certificate, follow the instructions in [Generate a Root Certificate](#gen-cert) to generate a root certificate by using openSSL.
- If you already have a certificate, go to [Provide the Certificate to Harbor](#provide-cert).
**1)Generate a private key:**
<a id="gen-cert"></a>
## Generate a Root Certificate
```sh
$ openssl genrsa -out private_key.pem 4096
```
1. Generate a private key.
**2)Generate a certificate:**
```sh
$ openssl req -new -x509 -key private_key.pem -out root.crt -days 3650
```
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank. Following are what you're asked to enter.
```sh
$ openssl genrsa -out private_key.pem 4096
```
Country Name (2 letter code) [AU]:
1. Generate a certificate.
State or Province Name (full name) [Some-State]:
```sh
$ openssl req -new -x509 -key private_key.pem -out root.crt -days 3650
```
Locality Name (eg, city) []:
1. Enter information to include in your certificate request.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some of them blank. For some fields there is a default value. If you enter `.`, the field is left blank.
Organizational Unit Name (eg, section) []:
- Country Name (2 letter code) [AU]:
- State or Province Name (full name) [Some-State]:
- Locality Name (eg, city) []:
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:
- Organizational Unit Name (eg, section) []:
- Common Name (eg, server FQDN or YOUR name) []:
- Email Address []:
Common Name (eg, server FQDN or YOUR name) []:
After you run these commands, the files `private_key.pem` and `root.crt` are created in the current directory.
Email Address []:
<a id="provide-cert"></a>
## Provide the Certificate to Harbor
After you execute these two commands, you will see private_key.pem and root.crt in the **current directory**, just type "ls", you'll see them.
See [Run the Installer Script](run_installer_script.md) or [Reconfigure Harbor and Manage the Harbor Lifecycle](reconfigure_manage_lifecycle.md) to install or reconfigure Harbor. After you run `./install` or `./prepare`, Harbor generates several configuration files. You need to replace the original private key and certificate with your own key and certificate.
3.Refer to [Installation Guide](https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md) to install Harbor, After you execute ./prepare, Harbor generates several config files. We need to replace the original private key and certificate with your own key and certificate.
1. Replace the default key and certificate.
4.Replace the default key and certificate. Assume that you key and certificate are in the directory /root/cert, following are what you should do:
Assuming that the key and certificate are in `/root/cert`, run the following commands:
```
$ cd config/ui
$ cp /root/cert/private_key.pem private_key.pem
$ cp /root/cert/root.crt ../registry/root.crt
```
```
$ cd config/ui
$ cp /root/cert/private_key.pem private_key.pem
$ cp /root/cert/root.crt ../registry/root.crt
```
5.After these, go back to the make directory, you can start Harbor using following command:
```
$ docker-compose up -d
```
1. Go back to the `make` directory, and start Harbor by using following command:
6.Then you can push/pull images to see if your own certificate works. Please refer [User Guide](https://github.com/goharbor/harbor/blob/master/docs/user_guide.md) for more info.
```
$ docker-compose up -d
```
1. Push and pull images to and from Harbor to check that your own certificate works.
----------

2
docs/1.10/install_config/demo_server.md
View File

@ -28,7 +28,7 @@ If you encounter any problems while using the demo server, open an [issue on Git
1. Explore the default project, `library`.
1. Click **New Project** to create your own project.
For information about how to create a project, see [Create a Project](../../working_with_projects/create_projects.md).
For information about how to create a project, see [Create a Project](../working_with_projects/create_projects.md).
1. Open a Docker client and log in to Harbor with the credentials that you created above.
```

7
docs/1.10/install_config/index.md
View File

@ -6,7 +6,7 @@
This section describes how to perform a new installation of Harbor.
If you are upgrading from a previous version of Harbor, you might need to update the configuration file and migrate your data to fit the database schema of the later version. For information about upgrading, see [Upgrading Harbor](../../administration/upgrade/index.md).
If you are upgrading from a previous version of Harbor, you might need to update the configuration file and migrate your data to fit the database schema of the later version. For information about upgrading, see [Upgrading Harbor](../../administration/upgrade/upgrade_migrate_data.md).
You can also use Helm to install Harbor on a Kubernetes cluster, to make it highly available. For information about installing Harbor with Helm on a Kubernetes cluster, see the [Harbor High Availability Guide](https://github.com/goharbor/harbor-helm/blob/master/docs/High%20Availability.md) in the https://github.com/goharbor/harbor-helm repository.
@ -24,8 +24,7 @@ The standard Harbor installation process involves the following stages:
1. [Configure the Harbor YML File](configure_yml_file.md)
1. [Run the Installer Script](run_installer_script.md)
If installation fails, see [Troubleshooting Harbor Installation
](troubleshoot_installation.md).
If installation fails, see [Troubleshooting Harbor Installation](troubleshoot_installation.md).
## Post-Installation Configuration
@ -52,4 +51,4 @@ The table below lists the components that are deployed when you deploy Harbor.
|Swagger-ui|3.22.1|
----------
[Back to table of contents](../../index.md)
[Back to table of contents](../index.md)

3
docs/1.10/install_config/run_installer_script.md
View File

@ -106,8 +106,7 @@ After you update `daemon.json`, you must restart both Docker Engine and Harbor.
- If the installation succeeds, see [Harbor Administration](../administration/index.md) for information about using Harbor.
- If you deployed Harbor with HTTP and you want to secure the connections to Harbor, see [Configure HTTPS Access to Harbor](configure_https.md).
- If installation fails, see [Troubleshooting Harbor Installation
](troubleshoot_installation.md).
- If installation fails, see [Troubleshooting Harbor Installation](troubleshoot_installation.md).
----------