Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-22 18:25:56 +01:00
Code Issues Projects Releases Wiki Activity

More reorg in Admin section

Browse Source
This commit is contained in:
Stuart Clements 2019-10-17 17:40:06 +02:00
parent 6645d02a45
commit 7d642c3d60
11 changed files with 122 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/harbor-doc-reorg/_index.md
View File

@ -28,8 +28,13 @@ This section describes how to use and maintain Harbor after deployment. These da
- [Managing Users](administration/managing_users/_index.md)
- [Harbor Role Based Access Control (RBAC)](administration/managing_users/configure_rbac.md)
- [User Permissions By Role](administration/managing_users/user_permissions_by_role.md)
- [Configure Harbor User Settings at the Command Line](administration/managing_users/configure_user_settings_cli.md)
- [Manage Roles by LDAP Group](administration/managing_users/manage_role_by_ldap_group.md)
- [Configuring Replication](administration/configuring_replication/_index.md)
- [Create Replication Endpoints](administration/configuring_replication/create_replication_endpoints.md)
- [Create Replication Rules](administration/configuring_replication/create_replication_rules.md)
- [Manage Replications](administration/configuring_replication/manage_replications.md)
- [Upgrading Harbor](administration/upgrade/_index.md)
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade_migrate_data.md)
- [Roll Back an Upgrade](administration/upgrade/roll_back_upgrade.md)

1
docs/harbor-doc-reorg/administration/_index.md
View File

@ -1,4 +1,5 @@
# Harbor Administration
- [Managing Users](managing_users/_index.md)
- [Configuring Replication](configuring_replication/_index.md)
- [Upgrading Harbor](upgrade/_index.md)

5
docs/harbor-doc-reorg/administration/administrator_options.md
View File

@ -1,8 +1,5 @@
# Administrator options
### Managing user
Administrator can add "Administrator" role to one or more ordinary users by checking checkboxes and clicking `SET AS ADMINISTRATOR`. To delete users, checked checkboxes and select `DELETE`. Deleting user is only supported under database authentication mode.
![browse project](../img/new_set_admin_remove_user.png)
### Managing registry
You can list, add, edit and delete registries under `Administration->Registries`. Only registries which are not referenced by any rules can be deleted.
@ -10,9 +7,7 @@ You can list, add, edit and delete registries under `Administration->Registries`
![browse project](../img/manage_registry.png)
### Managing replication
You can list, add, edit and delete rules under `Administration->Replications`.
![browse project](../img/manage_replication.png)
### Managing authentication
You can change authentication mode between **Database**(default) and **LDAP** before any user is added, when there is at least one user(besides admin) in Harbor, you cannot change the authentication mode.

13
docs/harbor-doc-reorg/administration/configuring_replication/_index.md Normal file
View File

@ -0,0 +1,13 @@
# Configuring Replication
Replication allows users to replicate resources (images/charts) between Harbor and non-Harbor registries in both pull or push mode.
Once the system administrator has set a rule, all resources that match the defined [filter](#resource-filter) patterns will be replicated to the destination registry when the [triggering condition](#trigger-mode) is matched. Each resource will start a task to run. If the namespace does not exist on the destination registry, a new namespace will be created automatically. If it already exists and the user configured in the policy has no write privilege to it, the process will fail. The member information will not be replicated.
There may be a bit of delay during replication based on the situation of the network. If a replication task fails, it will be re-scheduled a few minutes later and retried times.
**Note:** Due to API changes, replication between different versions of Harbor is not supported.
- [Create Replication Endpoints](create_replication_endpoints.md)
- [Create Replication Rules](create_replication_rules.md)
- [Manage Replications](manage_replications.md)

38
docs/harbor-doc-reorg/administration/configuring_replication/create_replication_endpoints.md Normal file
View File

@ -0,0 +1,38 @@
# Create Replication Endpoints
To replicate image repositories from one instance of Harbor to another Harbor or non-Harbor registry, you first create replication endpoints.
1. Go to **Registries** and click the **+ New Endpoint** button.
![New replication endpoint](../img/replication-endpoint1.png)
1. For **Provider**, use the drop-down menu to select the type of registry to set up as a replication endpoint.
The endpoint can be another Harbor instance, or a non-Harbor registry. Currently, the following non-Harbor registries are supported:
- Docker Hub
- Docker registry
- AWS Elastic Container Registry
- Azure Container Registry
- Ali Cloud Container Registry
- Google Container Registry
- Huawei SWR
- Helm Hub
![Replication providers](../img/replication-endpoint2.png)
1. Enter a suitable name and description for the new replication endpoint.
1. Enter the full URL of the registry to set up as a replication endpoint.
For example, to replicate to another Harbor instance, enter https://harbor_instance_address:443. The registry must exist and be running before you create the endpoint.
1. Enter the Access ID and Access Secret for the endpoint registry instance.
Use an account that has the appropriate privileges on that registry, or an account that has write permission on the corresponding project in a Harbor registry.
**NOTES**:
- AWS ECR adapters should use access keys, not a username and password. The access key should have sufficient permissions, such as storage permission.
- Google GCR adapters should use the entire JSON key generated in the service account. The namespace should start with the project ID.
1. Optionally, select the **Verify Remote Cert** check box.
Deselect the check box if the remote registry uses a self-signed or untrusted certificate.
1. Click **Test Connection**.
1. When you have successfully tested the connection, click **OK**.

31
docs/harbor-doc-reorg/administration/configuring_replication/create_replication_rules.md Normal file
View File

@ -0,0 +1,31 @@
# Create Replication Rules
Login as a system administrator user, click `NEW REPLICATION RULE` under `Administration->Replications` and fill in the necessary fields. You can choose different replication modes, [resource filters](#resource-filter) and [trigger modes](#trigger-mode) according to the different requirements. If there is no endpoint available in the list, follow the instructions in the [Creating replication endpoints](#creating-replication-endpoints) to create one. Click `SAVE` to create a replication rule.
![browse project](../img/create_rule.png)
#### Resource filter
Three resource filters are supported:
* **Name**: Filter resources according to the name.
* **Tag**: Filter resources according to the tag.
* **Resource**: Filter images according to the resource type.
The terms supported in the pattern used by name filter and tag filter are as follows:
* **\***: Matches any sequence of non-separator characters `/`.
* **\*\***: Matches any sequence of characters, including path separators `/`.
* **?**: Matches any single non-separator character `/`.
* **{alt1,...}**: Matches a sequence of characters if one of the comma-separated alternatives matches.
**Note:** `library` must be added if you want to replicate the official images of Docker Hub. For example, `library/hello-world` matches the official hello-world images.
Pattern | String(Match or not)
---------- | -------
`library/*` | `library/hello-world`(Y)<br> `library/my/hello-world`(N)
`library/**` | `library/hello-world`(Y)<br> `library/my/hello-world`(Y)
`{library,goharbor}/**` | `library/hello-world`(Y)<br> `goharbor/harbor-core`(Y)<br> `google/hello-world`(N)
`1.?` | `1.0`(Y)<br> `1.01`(N)
#### Trigger mode
* **Manual**: Replicate the resources manually when needed. **Note**: The deletion operations are not replicated.
* **Scheduled**: Replicate the resources periodically. **Note**: The deletion operations are not replicated.
* **Event Based**: When a new resource is pushed to the project, it is replicated to the remote registry immediately. Same to the deletion operation if the `Delete remote resources when locally deleted` checkbox is selected.

26
docs/harbor-doc-reorg/administration/configuring_replication/manage_replications.md Normal file
View File

@ -0,0 +1,26 @@
# Manage Replications
You can list, add, edit and delete rules under `Administration->Replications`.
![browse project](../img/manage_replication.png)
### Starting a replication manually
Select a replication rule and click `REPLICATE`, the resources which the rule is applied to will be replicated from the source registry to the destination immediately.
![browse project](../img/start_replicate.png)
### Listing and stopping replication executions
Click a rule, the execution records which belong to this rule will be listed. Each record represents the summary of one execution of the rule. Click `STOP` to stop the executions which are in progress.
![browse project](../img/list_stop_executions.png)
### Listing tasks
Click the ID of one execution, you can get the execution summary and the task list. Click the log icon can get the detail information for the replication progress.
**Note**: The count of `IN PROGRESS` status in the summary includes both `Pending` and `In Progress` tasks.
![browse project](../img/list_tasks.png)
### Deleting the replication rule
Select the replication rule and click `DELETE` to delete it. Only rules which have no in progress executions can be deleted.
![browse project](../img/delete_rule.png)

1
docs/harbor-doc-reorg/administration/managing_users/_index.md
View File

@ -1,5 +1,6 @@
# Managing Users
- [Harbor Role Based Access Control (RBAC)](configure_rbac.md)
- [User Permissions By Role](user_permissions_by_role.md)
- [Configure Harbor User Settings at the Command Line](configure_user_settings_cli.md)
- [Manage Roles by LDAP Group](manage_role_by_ldap_group.md)

7
docs/harbor-doc-reorg/administration/managing_users/configure_rbac.md
View File

@ -14,7 +14,12 @@ Besides the above three roles, there are two system-level roles:
* **SysAdmin**: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
See detailed permissions matrix listed here: https://github.com/goharbor/harbor/blob/master/docs/permissions.md
For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md).
## Managing user
Administrator can add "Administrator" role to one or more ordinary users by checking checkboxes and clicking `SET AS ADMINISTRATOR`. To delete users, checked checkboxes and select `DELETE`. Deleting user is only supported under database authentication mode.
![browse project](../img/new_set_admin_remove_user.png)
## User account
Harbor supports different authentication modes:

2
docs/harbor-doc-reorg/working_with_projects/permissions.md → docs/harbor-doc-reorg/administration/managing_users/user_permissions_by_role.md
View File

@ -1,4 +1,4 @@
# Permissions
# User Permissions By Role
Users have different abilities depending on the role they in a project.

99
docs/harbor-doc-reorg/working_with_projects/replicating_resources.md
View File

@ -1,99 +0,0 @@
# Replicating Resources
Replication allows users to replicate resources (images/charts) between Harbor and non-Harbor registries in both pull or push mode.
Once the system administrator has set a rule, all resources that match the defined [filter](#resource-filter) patterns will be replicated to the destination registry when the [triggering condition](#trigger-mode) is matched. Each resource will start a task to run. If the namespace does not exist on the destination registry, a new namespace will be created automatically. If it already exists and the user configured in the policy has no write privilege to it, the process will fail. The member information will not be replicated.
There may be a bit of delay during replication based on the situation of the network. If a replication task fails, it will be re-scheduled a few minutes later and retried times.
**Note:** Due to API changes, replication between different versions of Harbor is not supported.
### Creating replication endpoints
To replicate image repositories from one instance of Harbor to another Harbor or non-Harbor registry, you first create replication endpoints.
1. Go to **Registries** and click the **+ New Endpoint** button.
![New replication endpoint](../img/replication-endpoint1.png)
1. For **Provider**, use the drop-down menu to select the type of registry to set up as a replication endpoint.
The endpoint can be another Harbor instance, or a non-Harbor registry. Currently, the following non-Harbor registries are supported:
- Docker Hub
- Docker registry
- AWS Elastic Container Registry
- Azure Container Registry
- Ali Cloud Container Registry
- Google Container Registry
- Huawei SWR
- Helm Hub
![Replication providers](../img/replication-endpoint2.png)
1. Enter a suitable name and description for the new replication endpoint.
1. Enter the full URL of the registry to set up as a replication endpoint.
For example, to replicate to another Harbor instance, enter https://harbor_instance_address:443. The registry must exist and be running before you create the endpoint.
1. Enter the Access ID and Access Secret for the endpoint registry instance.
Use an account that has the appropriate privileges on that registry, or an account that has write permission on the corresponding project in a Harbor registry.
**NOTES**:
- AWS ECR adapters should use access keys, not a username and password. The access key should have sufficient permissions, such as storage permission.
- Google GCR adapters should use the entire JSON key generated in the service account. The namespace should start with the project ID.
1. Optionally, select the **Verify Remote Cert** check box.
Deselect the check box if the remote registry uses a self-signed or untrusted certificate.
1. Click **Test Connection**.
1. When you have successfully tested the connection, click **OK**.
### Creating a replication rule
Login as a system administrator user, click `NEW REPLICATION RULE` under `Administration->Replications` and fill in the necessary fields. You can choose different replication modes, [resource filters](#resource-filter) and [trigger modes](#trigger-mode) according to the different requirements. If there is no endpoint available in the list, follow the instructions in the [Creating replication endpoints](#creating-replication-endpoints) to create one. Click `SAVE` to create a replication rule.
![browse project](../img/create_rule.png)
#### Resource filter
Three resource filters are supported:
* **Name**: Filter resources according to the name.
* **Tag**: Filter resources according to the tag.
* **Resource**: Filter images according to the resource type.
The terms supported in the pattern used by name filter and tag filter are as follows:
* **\***: Matches any sequence of non-separator characters `/`.
* **\*\***: Matches any sequence of characters, including path separators `/`.
* **?**: Matches any single non-separator character `/`.
* **{alt1,...}**: Matches a sequence of characters if one of the comma-separated alternatives matches.
**Note:** `library` must be added if you want to replicate the official images of Docker Hub. For example, `library/hello-world` matches the official hello-world images.
Pattern | String(Match or not)
---------- | -------
`library/*` | `library/hello-world`(Y)<br> `library/my/hello-world`(N)
`library/**` | `library/hello-world`(Y)<br> `library/my/hello-world`(Y)
`{library,goharbor}/**` | `library/hello-world`(Y)<br> `goharbor/harbor-core`(Y)<br> `google/hello-world`(N)
`1.?` | `1.0`(Y)<br> `1.01`(N)
#### Trigger mode
* **Manual**: Replicate the resources manually when needed. **Note**: The deletion operations are not replicated.
* **Scheduled**: Replicate the resources periodically. **Note**: The deletion operations are not replicated.
* **Event Based**: When a new resource is pushed to the project, it is replicated to the remote registry immediately. Same to the deletion operation if the `Delete remote resources when locally deleted` checkbox is selected.
### Starting a replication manually
Select a replication rule and click `REPLICATE`, the resources which the rule is applied to will be replicated from the source registry to the destination immediately.
![browse project](../img/start_replicate.png)
### Listing and stopping replication executions
Click a rule, the execution records which belong to this rule will be listed. Each record represents the summary of one execution of the rule. Click `STOP` to stop the executions which are in progress.
![browse project](../img/list_stop_executions.png)
### Listing tasks
Click the ID of one execution, you can get the execution summary and the task list. Click the log icon can get the detail information for the replication progress.
**Note**: The count of `IN PROGRESS` status in the summary includes both `Pending` and `In Progress` tasks.
![browse project](../img/list_tasks.png)
### Deleting the replication rule
Select the replication rule and click `DELETE` to delete it. Only rules which have no in progress executions can be deleted.
![browse project](../img/delete_rule.png)