mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 04:05:40 +01:00
Adding weightings to order topics
This commit is contained in:
Stuart Clements
parent
75bbf9d0bf
commit
81de40e6b1
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Harbor Administration
|
||||
weight: 10
|
||||
---
|
||||
|
||||
This section describes how to configure and maintain Harbor after deployment. These operations are performed by the Harbor system administrator. The Harbor system administrator performs global configuration operations that apply to the whole Harbor instance.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configuring Authentication
|
||||
weight: 5
|
||||
---
|
||||
|
||||
Harbor supports different modes for authenticating users and managing user accounts. You should select an authentication mode as soon as you deploy Harbor.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure Database Authentication
|
||||
weight: 15
|
||||
---
|
||||
|
||||
In database authentication mode, user accounts are stored in the local database. By default, only the Harbor system administrator can create user accounts to add users to Harbor. You can optionally configure Harbor to allow self-registration.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure LDAP/Active Directory Authentication
|
||||
weight: 20
|
||||
---
|
||||
|
||||
If you select LDAP/AD authentication, users whose credentials are stored in an external LDAP or AD server can log in to Harbor directly. In this case, you do not create user accounts in Harbor.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure OIDC Provider Authentication
|
||||
weight: 25
|
||||
---
|
||||
|
||||
If you select OpenID Connect (OIDC) authentication, users log in to the Harbor interface via an OIDC single sign-on (SSO) provider, such as Okta, KeyCloak, or dex. In this case, you do not create user accounts in Harbor.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure Project Quotas
|
||||
weight: 20
|
||||
---
|
||||
|
||||
To exercise control over resource use, as a Harbor system administrator you can set quotas on projects. You can limit the number of tags that a project can contain and limit the amount of storage capacity that a project can consume. You can set default quotas that apply to all projects globally.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configuring Replication
|
||||
weight: 15
|
||||
---
|
||||
|
||||
Replication allows users to replicate resources, namely images and charts, between Harbor and non-Harbor registries, in both pull or push mode.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Creating Replication Endpoints
|
||||
weight: 20
|
||||
---
|
||||
|
||||
To replicate image repositories from one instance of Harbor to another Harbor or non-Harbor registry, you first create replication endpoints.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Creating a Replication Rule
|
||||
weight: 25
|
||||
---
|
||||
|
||||
A replication endpoint must exist before you create a replication rule. To create an endpoint, follow the instructions in [Creating Replication Endpoints](create-replication-endpoints.md).
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Running Replication Manually
|
||||
weight: 30
|
||||
---
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Garbage Collection
|
||||
weight: 25
|
||||
---
|
||||
|
||||
When you delete images from Harbor, space is not automatically freed up. You must run garbage collection to free up space by removing blobs that are no longer referenced by a manifest from the file system.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure Global Settings
|
||||
weight: 15
|
||||
---
|
||||
|
||||
You can configure Harbor to connect to an email server, set the registry in read-only mode, and configure Harbor so that only system administrators can create projects.
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
title: Managing Users
|
||||
weight: 10
|
||||
---
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Create User Accounts in Database Mode
|
||||
weight: 25
|
||||
---
|
||||
|
||||
In database authentication mode, the Harbor system administrator creates user accounts manually.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Harbor Role Based Access Control (RBAC)
|
||||
weight: 15
|
||||
---
|
||||
|
||||
Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: User Permissions By Role
|
||||
weight: 20
|
||||
---
|
||||
|
||||
Users have different abilities depending on the role they in a project.
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
title: Upgrade
|
||||
weight: 30
|
||||
---
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Upgrading Harbor Deployed with Helm
|
||||
weight: 40
|
||||
---
|
||||
|
||||
This guide is used to upgrade Harbor deployed by chart since version 0.3.0.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Roll Back from an Upgrade
|
||||
weight: 45
|
||||
---
|
||||
|
||||
If, for any reason, you need to roll back to the previous version of Harbor, perform the following steps.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Upgrade Harbor and Migrate Data
|
||||
weight: 35
|
||||
---
|
||||
|
||||
This guide covers upgrade and migration to version 1.10.0. This guide only covers migration from v1.8.x and later to the current version. If you are upgrading from an earlier version, refer to the migration guide in the `release-1.8.0` branch to upgrade to v1.8.x first, then follow this guide to perform the migration to this version.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Test Harbor Upgrade
|
||||
weight: 50
|
||||
---
|
||||
|
||||
## Prepare data
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Vulnerability Scanning
|
||||
weight: 20
|
||||
---
|
||||
|
||||
Harbor provides static analysis of vulnerabilities in images through the open source [Clair](https://github.com/coreos/clair) project.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure System-Wide CVE Whitelists
|
||||
weight: 50
|
||||
---
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Import Vulnerability Data to an Offline Harbor instance
|
||||
weight: 45
|
||||
---
|
||||
|
||||
If Harbor is installed in an environment without an internet connection, Clair cannot fetch data from the public vulnerability database. In this case, the Harbor administrator must update the Clair database manually.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Connect Harbor to Additional Vulnerability Scanners
|
||||
weight: 25
|
||||
---
|
||||
|
||||
To connect Harbor to additional vulnerability scanners, you must install and configure an instance of the additional scanner according to the scanner vendor's requirements. The scanner must expose an API endpoint to allow Harbor to trigger the scan process or get reports. You can deploy multiple different scanners, and multiple instances of the same type of scanner.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Scan All Images
|
||||
weight: 35
|
||||
---
|
||||
|
||||
In addition to scanning individual images in projects, you can run global scans on all of the images in a Harbor instance, across all projects.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Scan Individual Images
|
||||
weight: 30
|
||||
---
|
||||
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Schedule Scans
|
||||
weight: 40
|
||||
---
|
||||
|
||||
You can set policies to control when vulnerability scanning should run.
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
title: Building, Customizing, and Contributing to Harbor
|
||||
weight: 20
|
||||
---
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Harbor Installation and Configuration
|
||||
weight: 5
|
||||
---
|
||||
|
||||
This section describes how to perform a new installation of Harbor.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure HTTPS Access to Harbor
|
||||
weight: 30
|
||||
---
|
||||
|
||||
By default, Harbor does not ship with certificates. It is possible to deploy Harbor without security, so that you can connect to it over HTTP. However, using HTTP is acceptable only in air-gapped test or development environments that do not have a connection to the external internet. Using HTTP in environments that are not air-gapped exposes you to man-in-the-middle attacks. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure Harbor User Settings at the Command Line
|
||||
weight: 65
|
||||
---
|
||||
|
||||
From release 1.8.0 onwards, user settings are configured separately from the system settings. You do not configure user settings in the `harbor.yml` file, but rather in the Harbor interface or via HTTP requests.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure the Harbor YML File
|
||||
weight: 35
|
||||
---
|
||||
|
||||
You set system level parameters for Harbor in the `harbor.yml` file that is contained in the installer package. These parameters take effect when you run the `install.sh` script to install or reconfigure Harbor.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Customize the Harbor Token Service
|
||||
weight: 60
|
||||
---
|
||||
|
||||
By default, Harbor uses its own private key and certificate to authenticate with Docker clients. This topic describes how to optionally customize your configuration to use your own key and certificate.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Test Harbor with the Demo Server
|
||||
weight: 10
|
||||
---
|
||||
|
||||
The Harbor team has made available a demo Harbor instance that you can use to experiment with Harbor and test its functionalities.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Download the Harbor Installer
|
||||
weight: 25
|
||||
---
|
||||
|
||||
You download the Harbor installers from the [official releases](https://github.com/goharbor/harbor/releases) page. Download either the online installer or the offline installer.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Harbor Compatibility List
|
||||
weight: 15
|
||||
---
|
||||
|
||||
This document provides compatibility information for all Harbor components.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Deploying Harbor with High Availability via Helm
|
||||
weight: 40
|
||||
---
|
||||
|
||||
## Goal
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Harbor Installation Prerequisites
|
||||
weight: 20
|
||||
---
|
||||
|
||||
Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Docker, and Docker Compose to be installed.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Deploy Harbor with the Quick Installation Script
|
||||
weight: 45
|
||||
---
|
||||
|
||||
The Harbor community has provided a script that with a single command prepares an Ubuntu 18.04 machine for Harbor and deploys the latest stable version.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Reconfigure Harbor and Manage the Harbor Lifecycle
|
||||
weight: 55
|
||||
---
|
||||
|
||||
You use `docker-compose` to manage the lifecycle of Harbor. This topic provides some useful commands. You must run the commands in the directory in which `docker-compose.yml` is located.
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
---
|
||||
title: Run the Installer Script
|
||||
|
||||
weight: 35
|
||||
---
|
||||
|
||||
Once you have configured `harbor.yml` and optionally set up a storage backend, you install and start Harbor by using the `install.sh` script. Note that it might take some time for the online installer to download all of the Harbor images from Docker hub.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Troubleshooting Harbor Installation
|
||||
weight: 50
|
||||
---
|
||||
|
||||
The following sections help you to solve problems when installing Harbor.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Working with Projects
|
||||
weight: 15
|
||||
---
|
||||
|
||||
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects. The Harbor administrator can also perform all of these tasks.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Access and Search Project Logs
|
||||
weight: 35
|
||||
---
|
||||
|
||||
Harbor keeps a log of all of the operations that users perform in a project. You can apply filters to help you to search the logs.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Assign Users to a Project
|
||||
weight: 25
|
||||
---
|
||||
|
||||
You can add individual users to an existing project and assign a role to them. You can add an LDAP/AD or OIDC user to the project members if you use LDAP/AD or OIDC authentication, or a user that you have already created if you use database authentication. If you use LDAP/AD or OIDC authentication, you can add groups to projects and assign a role to the group.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure a Per-Project CVE Whitelist
|
||||
weight: 50
|
||||
---
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. You can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Configure Webhook Notifications
|
||||
weight: 45
|
||||
---
|
||||
|
||||
If you are a project administrator, you can configure a connection from a project in Harbor to a webhook endpoint. If you configure webhooks, Harbor notifies the webhook endpoint of certain events that occur in the project. Webhooks allow you to integrate Harbor with other tools to streamline continuous integration and development processes.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Managing Labels
|
||||
weight: 70
|
||||
---
|
||||
|
||||
Harbor provides two kinds of labels to isolate different kinds of resources:
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Create Projects
|
||||
weight: 20
|
||||
---
|
||||
|
||||
A project in Harbor contains all repositories of an application. Images cannot be pushed to Harbor before a project is created. Role-Based Access Control (RBAC) is applied to projects, so that only users with the appropriate roles can perform certain operations.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Create Robot Accounts
|
||||
weight: 40
|
||||
---
|
||||
|
||||
You can create robot accounts to run automated operations. Robot accounts have the following limitations:
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Tag Immutability Rules
|
||||
weight: 85
|
||||
---
|
||||
|
||||
By default, users can repeatedly push an image with the same tag to repositories in Harbor. This causes the previous image to effectively be overwritten with each push, in that the tag now points to a different image and the image that previously used the tag now becomes tagless. This is due to the Docker implementation, that does not enforce the mapping between an image tag and the image digest. This can be undesirable in certain cases, because the tag can no longer be trusted to identify the image version. The sha256 digest remains reliable and always points to the same build, but it is not rendered in a human-readable format.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Create Tag Retention Rules
|
||||
weight: 80
|
||||
---
|
||||
|
||||
A repository can rapidly accumulate a large number of image tags, many of which might not be required after a given time or once they have been superseded by a subsequent image build. These excess tags can obviously consume large quantities of storage capacity. As a Harbor system administrator, you can define rules that govern how many tags of a given repository to retain, or for how long to retain certain tags.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Implementing Content Trust
|
||||
weight: 55
|
||||
---
|
||||
|
||||
{{< note >}}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Managing Helm Charts
|
||||
weight: 95
|
||||
---
|
||||
|
||||
[Helm](https://helm.sh) is a package manager for [Kubernetes](https://kubernetes.io). Helm uses a packaging format called [charts](https://docs.helm.sh/developing_charts). Since version 1.6.0 Harbor is now a composite cloud-native registry which supports both container image management and Helm charts management. Access to Helm charts in Harbor is controlled by [role-based access controls (RBAC)](https://en.wikipedia.org/wiki/Role-based_access_control) and is restricted by projects.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Project Configuration
|
||||
weight: 30
|
||||
---
|
||||
|
||||
After the initial creation of a project, you can configure or reconfigure its properties in the **Configuration** tab for that project.
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Pulling and Pushing Images in the Docker Client
|
||||
weight: 65
|
||||
---
|
||||
|
||||
Harbor optionally supports HTTP connections, however the Docker client always attempts to connect to registries by first using HTTPS. If Harbor is configured for HTTP, you must configure your Docker client so that it can connect to insecure registries. In your Docker client is not configured for insecure registries, you will see the following error when you attempt to pull or push images to Harbor:
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Retagging Images
|
||||
weight: 75
|
||||
---
|
||||
|
||||
You can retag images in Harbor. Users with sufficient privileges can retag images to different repositories and projects. For example, you can retag images as follows:
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
---
|
||||
title: Working with Images and Tags
|
||||
weight: 60
|
||||
---
|
||||
|
||||
This section describes how to work with images and tags in Harbor.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user