mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-26 18:48:02 +01:00
Fixing lots of links
This commit is contained in:
parent
86b3e47f81
commit
972b10c1f7
@ -1,10 +1,8 @@
|
||||
---
|
||||
title: Harbor Documentation
|
||||
title: Harbor 1.10 Documentation
|
||||
---
|
||||
|
||||
Welcome to the Harbor 1.10.x documentation. Use the table of contents on the left of the page to navigate through the docs.
|
||||
|
||||
This documentation includes the following sections:
|
||||
Welcome to the Harbor 1.10.x documentation. This documentation includes all of the information that you need to install, configure, and use Harbor.
|
||||
|
||||
## Harbor Installation and Configuration
|
||||
|
||||
|
@ -11,8 +11,4 @@ There might be some delay during replication based on the condition of the netwo
|
||||
|
||||
{{< note >}}
|
||||
Due to API changes, replication between different versions of Harbor is not supported.
|
||||
{{< /note >}}
|
||||
|
||||
- [Create Replication Endpoints](create-replication-endpoints.md)
|
||||
- [Create Replication Rules](create-replication-rules.md)
|
||||
- [Running Replication Manually](manage-replications.md)
|
||||
{{< /note >}}
|
@ -49,3 +49,7 @@ To replicate image repositories from one instance of Harbor to another Harbor or
|
||||
You can list, add, edit and delete registries under **Administration** -> **Registries**. Only registries which are not referenced by any rules can be deleted.
|
||||
|
||||
![browse project](../../../img/manage-registry.png)
|
||||
|
||||
## What to Do Next
|
||||
|
||||
After you configure replication endpoints, see [Creating a Replication Rule](create-replication-rules.md).
|
||||
|
@ -61,3 +61,7 @@ A replication endpoint must exist before you create a replication rule. To creat
|
||||
|
||||
1. Optionally select the Override checkbox to force replicated resources to replace resources at the destination with the same name.
|
||||
1. Click **Save** to create the replication rule.
|
||||
|
||||
## What to Do Next
|
||||
|
||||
After you create a replication rule, see [Running Replication Manually](manage-replications.md).
|
||||
|
@ -18,9 +18,9 @@ Besides the above roles, there are two system-level roles:
|
||||
* **Harbor system administrator**: "Harbor system administrator" has the most privileges. In addition to the privileges mentioned above, "Harbor system administrator" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
|
||||
* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
|
||||
|
||||
For full details of the permissions of the different roles, see [User Permissions By Role](../user-permissions-by-role.md).
|
||||
For full details of the permissions of the different roles, see [User Permissions By Role](user-permissions-by-role.md).
|
||||
|
||||
If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](../create-users-db.md).
|
||||
If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](create-users-db.md).
|
||||
|
||||
If you run Harbor in LDAP/AD or OIDC authentication mode, you create and manage user accounts in your LDAP/AD or OIDC provider. Harbor obtains the users from the LDAP/AD or OIDC server and displays them in the **Users** tab of the Harbor interface.
|
||||
|
||||
|
@ -18,4 +18,4 @@ In database authentication mode, the Harbor system administrator creates user ac
|
||||
- The email address is used for password recovery
|
||||
- The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
|
||||
|
||||
If users forget their password, there is a **Forgot Password** in the Harbor log in page. To use this feature, you must [configure an email server](../general-settings.md).
|
||||
If users forget their password, there is a **Forgot Password** in the Harbor log in page. To use this feature, you must [configure an email server](../general-settings/_index.md).
|
||||
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
title: Harbor Role Based Access Control (RBAC)
|
||||
weight: 15
|
||||
---
|
||||
|
@ -1,4 +1,70 @@
|
||||
---
|
||||
title: Upgrade
|
||||
title: Upgrade Harbor and Migrate Data
|
||||
weight: 45
|
||||
---
|
||||
|
||||
This guide covers upgrade and migration to version 1.10.0. This guide only covers migration from v1.8.x and later to the current version. If you are upgrading from an earlier version, refer to the migration guide in the `release-1.8.0` branch to upgrade to v1.8.x first, then follow this guide to perform the migration to this version.
|
||||
|
||||
If you are upgrading a Harbor instance that you deployed with Helm, see [Upgrading Harbor Deployed with Helm](helm-upgrade.md).
|
||||
|
||||
When upgrading an existing Harbor instance to a newer version, you might need to migrate the data in your database and the settings in `harbor.cfg`.
|
||||
Since the migration might alter the database schema and the settings of `harbor.cfg`, you should **always** back up your data before any migration.
|
||||
|
||||
## Notes
|
||||
|
||||
- Again, you must back up your data before any data migration.
|
||||
- In version 1.9.0, some containers are started by `non-root`. This does not pose problems if you are upgrading an officially released version of Harbor, but if you have deployed a customized instance of Harbor, you might encounter permission issues.
|
||||
- In previous releases, user roles took precedence over group roles in a project. In this version, user roles and group roles are combined so that the user has whichever set of permissions is highest. This might cause the roles of certain users to change during upgrade.
|
||||
- With the introduction of storage and artifact quotas in version 1.9.0, migration from 1.8.x might take a few minutes. This is because the `core` walks through all blobs in the registry and populates the database with information about the layers and artifacts in projects.
|
||||
- With the introduction of storage and artifact quotas in version 1.9.0, replication between version 1.9.0 and a previous version of Harbor does not work. You must upgrade all Harbor nodes to 1.9.0 if you have configured replication between them.
|
||||
|
||||
## Upgrading Harbor and Migrating Data
|
||||
|
||||
1. Log in to the Harbor host and, if it is still running, stop and remove the existing Harbor instance.
|
||||
|
||||
```sh
|
||||
cd harbor
|
||||
docker-compose down
|
||||
```
|
||||
|
||||
1. Back up Harbor's current files so that you can roll back to the current version if necessary.
|
||||
|
||||
```sh
|
||||
mv harbor /my_backup_dir/harbor
|
||||
```
|
||||
|
||||
1. Back up the database, which by default is in the directory `/data/database`.
|
||||
|
||||
```sh
|
||||
cp -r /data/database /my_backup_dir/
|
||||
```
|
||||
|
||||
1. Get the latest Harbor release package from [https://github.com/goharbor/harbor/releases](https://github.com/goharbor/harbor/releases).
|
||||
1. Before upgrading Harbor, perform migration.
|
||||
|
||||
The migration tool is delivered as a docker image. You can pull the image from docker hub. Replace [tag] with the new Harbor version, for example v1.10.0, in the following command:
|
||||
|
||||
```sh
|
||||
docker pull goharbor/harbor-migrator:[tag]
|
||||
```
|
||||
|
||||
Alternatively, if you are using an offline installer package, you can load it from the image tarball that is included in the offline installer package. Replace [tag] with the new Harbor version, for example v1.10.0, in the following command:
|
||||
|
||||
```sh
|
||||
tar zxf <offline package>
|
||||
docker image load -i harbor/harbor.[version].tar.gz
|
||||
```
|
||||
|
||||
1. Upgrade the `harbor.yml` file.
|
||||
|
||||
```sh
|
||||
docker run -it --rm -v ${harbor_yml}:/harbor-migration/harbor-cfg/harbor.yml goharbor/harbor-migrator:[tag] --cfg up
|
||||
```
|
||||
|
||||
**NOTE:** The schema upgrade and data migration of the database is performed by core when Harbor starts. If the migration fails, check the core log to debug.
|
||||
|
||||
1. In the `./harbor` directory, run the `./install.sh` script to install the new Harbor instance.
|
||||
|
||||
To install Harbor with components such as Notary, Clair, and chartmuseum, see [Run the Installer Script](../../install-config/run-installer-script.md) for more information.
|
||||
|
||||
If you need to roll back to the previous version of Harbor, see [Roll Back from an Upgrade](roll-back-upgrade.md).
|
||||
|
@ -6,7 +6,7 @@ weight: 45
|
||||
If, for any reason, you need to roll back to the previous version of Harbor, perform the following steps.
|
||||
|
||||
{{< note >}}
|
||||
To roll back from an upgrade, you must have backed up the previous version of Harbor. For information about backing up Harbor before an upgrade, see [Upgrade Harbor and Migrate Data](../upgrade-migrate-data.md).
|
||||
To roll back from an upgrade, you must have backed up the previous version of Harbor. For information about backing up Harbor before an upgrade, see [Upgrade Harbor and Migrate Data](_index.md).
|
||||
{{< /note >}}
|
||||
|
||||
1. Stop and remove the current Harbor service if it is still running.
|
||||
|
@ -1,68 +0,0 @@
|
||||
---
|
||||
title: Upgrade Harbor and Migrate Data
|
||||
weight: 35
|
||||
---
|
||||
|
||||
This guide covers upgrade and migration to version 1.10.0. This guide only covers migration from v1.8.x and later to the current version. If you are upgrading from an earlier version, refer to the migration guide in the `release-1.8.0` branch to upgrade to v1.8.x first, then follow this guide to perform the migration to this version.
|
||||
|
||||
When upgrading an existing Harbor instance to a newer version, you might need to migrate the data in your database and the settings in `harbor.cfg`.
|
||||
Since the migration might alter the database schema and the settings of `harbor.cfg`, you should **always** back up your data before any migration.
|
||||
|
||||
## Notes
|
||||
|
||||
- Again, you must back up your data before any data migration.
|
||||
- In version 1.9.0, some containers are started by `non-root`. This does not pose problems if you are upgrading an officially released version of Harbor, but if you have deployed a customized instance of Harbor, you might encounter permission issues.
|
||||
- In previous releases, user roles took precedence over group roles in a project. In this version, user roles and group roles are combined so that the user has whichever set of permissions is highest. This might cause the roles of certain users to change during upgrade.
|
||||
- With the introduction of storage and artifact quotas in version 1.9.0, migration from 1.8.x might take a few minutes. This is because the `core` walks through all blobs in the registry and populates the database with information about the layers and artifacts in projects.
|
||||
- With the introduction of storage and artifact quotas in version 1.9.0, replication between version 1.9.0 and a previous version of Harbor does not work. You must upgrade all Harbor nodes to 1.9.0 if you have configured replication between them.
|
||||
|
||||
## Upgrading Harbor and Migrating Data
|
||||
|
||||
1. Log in to the Harbor host and, if it is still running, stop and remove the existing Harbor instance.
|
||||
|
||||
```sh
|
||||
cd harbor
|
||||
docker-compose down
|
||||
```
|
||||
|
||||
1. Back up Harbor's current files so that you can roll back to the current version if necessary.
|
||||
|
||||
```sh
|
||||
mv harbor /my_backup_dir/harbor
|
||||
```
|
||||
|
||||
1. Back up the database, which by default is in the directory `/data/database`.
|
||||
|
||||
```sh
|
||||
cp -r /data/database /my_backup_dir/
|
||||
```
|
||||
|
||||
1. Get the latest Harbor release package from [https://github.com/goharbor/harbor/releases](https://github.com/goharbor/harbor/releases).
|
||||
1. Before upgrading Harbor, perform migration.
|
||||
|
||||
The migration tool is delivered as a docker image. You can pull the image from docker hub. Replace [tag] with the new Harbor version, for example v1.10.0, in the following command:
|
||||
|
||||
```sh
|
||||
docker pull goharbor/harbor-migrator:[tag]
|
||||
```
|
||||
|
||||
Alternatively, if you are using an offline installer package, you can load it from the image tarball that is included in the offline installer package. Replace [tag] with the new Harbor version, for example v1.10.0, in the following command:
|
||||
|
||||
```sh
|
||||
tar zxf <offline package>
|
||||
docker image load -i harbor/harbor.[version].tar.gz
|
||||
```
|
||||
|
||||
1. Upgrade the `harbor.yml` file.
|
||||
|
||||
```sh
|
||||
docker run -it --rm -v ${harbor_yml}:/harbor-migration/harbor-cfg/harbor.yml goharbor/harbor-migrator:[tag] --cfg up
|
||||
```
|
||||
|
||||
**NOTE:** The schema upgrade and data migration of the database is performed by core when Harbor starts. If the migration fails, check the core log to debug.
|
||||
|
||||
1. In the `./harbor` directory, run the `./install.sh` script to install the new Harbor instance.
|
||||
|
||||
To install Harbor with components such as Notary, Clair, and chartmuseum, see [Run the Installer Script](../../install-config/run-installer-script.md) for more information.
|
||||
|
||||
If you need to roll back to the previous version of Harbor, see [Roll Back from an Upgrade](roll-back-upgrade.md).
|
@ -13,13 +13,6 @@ You can also connect Harbor to your own instance of Clair or to additional vulne
|
||||
|
||||
It might be necessary to connect Harbor to other scanners for corporate compliance reasons, or because your organization already uses a particular scanner. Different scanners also use different vulnerability databases, capture different CVE sets, and apply different severity thresholds. By connecting Harbor to more than one vulnerability scanner, you broaden the scope of your protection against vulnerabilities.
|
||||
|
||||
For information about installing Harbor with Clair, see the [Run the Installer Script](../../install-config/run-installer_script.md).
|
||||
For information about installing Harbor with Clair, see the [Run the Installer Script](../../install-config/run-installer-script.md).
|
||||
|
||||
You can manually initiate scanning on a particular image, or on all images in Harbor. Additionally, you can also set a policy to automatically scan all of the images at specific intervals.
|
||||
|
||||
- [Connect Harbor to Additional Vulnerability Scanners](../pluggable-scanners.md)
|
||||
- [Scan Individual Images](../scan-individual-image.md)
|
||||
- [Scan All Images](../scan-all-images.md)
|
||||
- [Schedule Scans](../schedule-scans.md)
|
||||
- [Import Vulnerability Data to an Offline Harbor instance](../import-vulnerability-data.md)
|
||||
- [Configure System-Wide CVE Whitelists](../configure-system-whitelist.md)
|
||||
|
@ -5,7 +5,7 @@ weight: 50
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working-with-projects/configure-project-whitelist.md).
|
||||
You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working-with-projects/project-configuration/configure-project-whitelist.md).
|
||||
|
||||
System-wide CVE whitelists apply to all of the projects in a Harbor instance.
|
||||
|
||||
|
@ -31,9 +31,9 @@ The phrase `finished fetching` indicates that Clair has finished a round of vuln
|
||||
1. Log in to the host, that is connected to Internet, on which the Postgres Clair database is running.
|
||||
1. Dump Clair's vulnerability database by running the following commands.
|
||||
|
||||
{{< note >}}
|
||||
The container name `clair-db` is a placeholder for the database container used by the internet-connected instance of Clair.
|
||||
{{< /note >}}
|
||||
{{< note >}}
|
||||
The container name `clair-db` is a placeholder for the database container used by the internet-connected instance of Clair.
|
||||
{{< /note >}}
|
||||
|
||||
```shell
|
||||
$ docker exec clair-db /bin/sh -c "pg_dump -U postgres -a -t feature -t keyvalue -t namespace -t schema_migrations -t vulnerability -t vulnerability_fixedin_feature" > vulnerability.sql
|
||||
@ -62,4 +62,4 @@ docker exec harbor-db /bin/sh -c "pg_dump -U postgres -c" > all.sql
|
||||
|
||||
## Rescan the Images
|
||||
|
||||
After importing the data, trigger the scanning process in the Harbor interface. For information about running a scan, see [Scan All Images](../scan-all-images.md).
|
||||
After importing the data, trigger the scanning process in the Harbor interface. For information about running a scan, see [Scan All Images](scan-all-images.md).
|
||||
|
@ -39,4 +39,4 @@ Depending on the scanner that you use, once the database is ready, the timestamp
|
||||
|
||||
Until the database has been fully populated, the timestamp is replaced by a warning symbol. When the database is ready, you can scan images individually or scan all images across all projects.
|
||||
|
||||
If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](../import-vulnerability-data.md).
|
||||
If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](import-vulnerability-data.md).
|
||||
|
@ -13,11 +13,11 @@ weight: 30
|
||||
|
||||
1. Click **Edit** to select a different scanner from the list of scanners that are connected to this Harbor instance, and click **OK**.
|
||||
|
||||
![Project scanner tab](../../../img/select-scanner.png)
|
||||
![Project scanner tab](../../../img/select-scanner.png)
|
||||
|
||||
{{< note >}}
|
||||
If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
|
||||
{{< /note >}}
|
||||
{{< note >}}
|
||||
If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
|
||||
{{< /note >}}
|
||||
|
||||
1. Select the **Repositories** tab and select a repository.
|
||||
|
||||
|
@ -2,3 +2,7 @@
|
||||
title: Building, Customizing, and Contributing to Harbor
|
||||
weight: 20
|
||||
---
|
||||
|
||||
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project.
|
||||
|
||||
See also the list of [Articles from the Harbor Community](https://github.com/goharbor/harbor/blob/master/docs/README.md#articles-from-the-community).
|
||||
|
@ -29,7 +29,7 @@ git clone https://github.com/goharbor/harbor
|
||||
|
||||
### Configuration
|
||||
|
||||
Edit the file **make/harbor.yml** and make necessary configuration changes such as hostname, admin password and mail server. Refer to the [Installation and Configuration Guide](../installation-guide.md#configuring-harbor) for more info.
|
||||
Edit the file **make/harbor.yml** and make necessary configuration changes such as hostname, admin password and mail server. Refer to [Harbor Installation and Configuration](../install-config/_index.md) for more info.
|
||||
|
||||
```sh
|
||||
cd harbor
|
||||
@ -99,7 +99,7 @@ If everything worked properly, you will see this message:
|
||||
Start complete. You can visit harbor now.
|
||||
```
|
||||
|
||||
Refer to the [Installation and Configuration Guide](../installation-guide.md#managing-harbors-lifecycle) for more information about managing your Harbor instance.
|
||||
Refer to [Reconfigure Harbor and Manage the Harbor Lifecycle](../install-config/reconfigure-manage-lifecycle.md) for more information about managing your Harbor instance.
|
||||
|
||||
## Appendix
|
||||
|
||||
|
@ -70,4 +70,4 @@ Steps to localize the UI in your language
|
||||
</div>
|
||||
```
|
||||
|
||||
4. Next, please refer [compile guideline](../compile-guide.md) to rebuild and restart Harbor.
|
||||
4. Next, refer to [Build Harbor from Source Code](compile-guide.md) to rebuild and restart Harbor.
|
||||
|
@ -5,7 +5,7 @@ weight: 5
|
||||
|
||||
This section describes how to perform a new installation of Harbor.
|
||||
|
||||
If you are upgrading from a previous version of Harbor, you might need to update the configuration file and migrate your data to fit the database schema of the later version. For information about upgrading, see [Upgrading Harbor](../../administration/upgrade/upgrade-migrate-data.md).
|
||||
If you are upgrading from a previous version of Harbor, you might need to update the configuration file and migrate your data to fit the database schema of the later version. For information about upgrading, see [Upgrading Harbor](../../administration/upgrade/_index.md).
|
||||
|
||||
Before you install Harbor, you can test its functionality on a demo server that the Harbor team has made available. For information, see [Test Harbor with the Demo Server](demo-server.md).
|
||||
|
||||
|
@ -117,7 +117,7 @@ After generating the `ca.crt`, `yourdomain.com.crt`, and `yourdomain.com.key` fi
|
||||
systemctl restart docker
|
||||
```
|
||||
|
||||
You might also need to trust the certificate at the OS level. See [Troubleshooting Harbor Installation](../troubleshoot-installation.md#https) for more information.
|
||||
You might also need to trust the certificate at the OS level. See [Troubleshooting Harbor Installation](troubleshoot-installation.md#https) for more information.
|
||||
|
||||
The following example illustrates a configuration that uses custom certificates.
|
||||
|
||||
@ -131,7 +131,7 @@ The following example illustrates a configuration that uses custom certificates.
|
||||
|
||||
## Deploy or Reconfigure Harbor
|
||||
|
||||
If you have not yet deployed Harbor, see [Configure the Harbor YML File](../configure-yml-file.md) for information about how to configure Harbor to use the certificates by specifying the `hostname` and `https` attributes in `harbor.yml`.
|
||||
If you have not yet deployed Harbor, see [Configure the Harbor YML File](configure-yml-file.md) for information about how to configure Harbor to use the certificates by specifying the `hostname` and `https` attributes in `harbor.yml`.
|
||||
|
||||
If you already deployed Harbor with HTTP and want to reconfigure it to use HTTPS, perform the following steps.
|
||||
|
||||
@ -182,4 +182,4 @@ After setting up HTTPS for Harbor, you can verify the HTTPS connection by perfor
|
||||
## What to Do Next
|
||||
|
||||
- If the verification succeeds, see [Harbor Administration](../administration) for information about using Harbor.
|
||||
- If installation fails, see [Troubleshooting Harbor Installation](../troubleshoot-installation.md).
|
||||
- If installation fails, see [Troubleshooting Harbor Installation](troubleshoot-installation.md).
|
||||
|
@ -13,7 +13,7 @@ The table below lists the parameters that must be set when you deploy Harbor. By
|
||||
|
||||
**IMPORTANT**: Harbor does not ship with any certificates. In versions up to and including 1.9.x, by default Harbor uses HTTP to serve registry requests. This is acceptable only in air-gapped test or development environments. In production environments, always use HTTPS. If you enable Content Trust with Notary to properly sign all images, you must use HTTPS.
|
||||
|
||||
You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. For information about how to create a CA, and how to use a CA to sign a server certificate and a client certificate, see [Configuring Harbor with HTTPS Access](../configure-https.md).
|
||||
You can use certificates that are signed by a trusted third-party CA, or you can use self-signed certificates. For information about how to create a CA, and how to use a CA to sign a server certificate and a client certificate, see [Configuring Harbor with HTTPS Access](configure-https.md).
|
||||
|
||||
<table width="100%" border="0">
|
||||
<caption>
|
||||
@ -320,4 +320,4 @@ storage_service:
|
||||
|
||||
## What to Do Next
|
||||
|
||||
To install Harbor, [Run the Installer Script](../run-installer-script.md).
|
||||
To install Harbor, [Run the Installer Script](run-installer-script.md).
|
||||
|
@ -40,7 +40,7 @@ Harbor requires the Docker client to access the Harbor registry with a token. Th
|
||||
|
||||
## Provide the Certificate to Harbor {#provide-cert}
|
||||
|
||||
See [Run the Installer Script](../run-installer-script.md) or [Reconfigure Harbor and Manage the Harbor Lifecycle](../reconfigure-manage-lifecycle.md) to install or reconfigure Harbor. After you run `./install` or `./prepare`, Harbor generates several configuration files. You need to replace the original private key and certificate with your own key and certificate.
|
||||
See [Run the Installer Script](run-installer-script.md) or [Reconfigure Harbor and Manage the Harbor Lifecycle](reconfigure-manage-lifecycle.md) to install or reconfigure Harbor. After you run `./install` or `./prepare`, Harbor generates several configuration files. You need to replace the original private key and certificate with your own key and certificate.
|
||||
|
||||
1. Replace the default key and certificate.
|
||||
|
||||
|
@ -57,4 +57,4 @@ If you encounter any problems while using the demo server, open an [issue on Git
|
||||
|
||||
## What to Do Next ##
|
||||
|
||||
See the [Harbor Installation Prerequisites](../installation-prereqs.md).
|
||||
See the [Harbor Installation Prerequisites](installation-prereqs.md).
|
||||
|
@ -49,5 +49,5 @@ The installation processes are almost the same for both the online and offline i
|
||||
|
||||
## Next Steps
|
||||
|
||||
- To secure the connections to Harbor, see [Configure HTTPS Access to Harbor](../configure-https.md).
|
||||
- To configure your Harbor installation, see [Configure the Harbor YML File](../configure-yml-file.md).
|
||||
- To secure the connections to Harbor, see [Configure HTTPS Access to Harbor](configure-https.md).
|
||||
- To configure your Harbor installation, see [Configure the Harbor YML File](configure-yml-file.md).
|
||||
|
@ -37,4 +37,4 @@ Harbor requires that the following ports be open on the target host.
|
||||
|
||||
## What to Do Next ##
|
||||
|
||||
[Download the Harbor Installer](../download-installer.md).
|
||||
[Download the Harbor Installer](download-installer.md).
|
||||
|
@ -47,4 +47,4 @@ You have a machine or VM that is running Ubuntu 18.04. The script does not work
|
||||
|
||||
1. Enter the Harbor address in a browser to log in to the Harbor interface.
|
||||
|
||||
After deployment, you can enable HTTPS and Notary by reconfiguring the installation. For information, see [Reconfigure Harbor and Manage the Harbor Lifecycle](../reconfigure-manage-lifecycle.md).
|
||||
After deployment, you can enable HTTPS and Notary by reconfiguring the installation. For information, see [Reconfigure Harbor and Manage the Harbor Lifecycle](reconfigure-manage-lifecycle.md).
|
@ -32,7 +32,7 @@ docker push reg.yourdomain.com/myproject/myrepo:mytag
|
||||
```
|
||||
|
||||
{{< important >}}
|
||||
- If your installation of Harbor uses HTTPS, you must provide the Harbor certificates to the Docker client. For information, see [Configure HTTPS Access to Harbor](../configure-https.md#provide-the-certificates-to-harbor-and-docker).
|
||||
- If your installation of Harbor uses HTTPS, you must provide the Harbor certificates to the Docker client. For information, see [Configure HTTPS Access to Harbor](configure-https.md#provide-the-certificates-to-harbor-and-docker).
|
||||
- If your installation of Harbor uses HTTP, you must add the option `--insecure-registry` to your client's Docker daemon and restart the Docker service. For more information, see [Connecting to Harbor via HTTP](#connect-http) below.
|
||||
{{< /important >}}
|
||||
|
||||
@ -113,5 +113,5 @@ After you update `daemon.json`, you must restart both Docker Engine and Harbor.
|
||||
## What to Do Next ##
|
||||
|
||||
- If the installation succeeds, see [Harbor Administration](../administration) for information about using Harbor.
|
||||
- If you deployed Harbor with HTTP and you want to secure the connections to Harbor, see [Configure HTTPS Access to Harbor](../configure-https.md).
|
||||
- If installation fails, see [Troubleshooting Harbor Installation](../troubleshoot-installation.md).
|
||||
- If you deployed Harbor with HTTP and you want to secure the connections to Harbor, see [Configure HTTPS Access to Harbor](configure-https.md).
|
||||
- If installation fails, see [Troubleshooting Harbor Installation](troubleshoot-installation.md).
|
||||
|
@ -40,7 +40,7 @@ If Harbor is running behind an `nginx` proxy or elastic load balancing, open the
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
```
|
||||
|
||||
If the proxy already has similar settings, remove it from the sections `location /`, `location /v2/` and `location /service/` and redeploy Harbor. For instructions about how to redeploy Harbor, see [Reconfigure Harbor and Manage the Harbor Lifecycle](../configuration/reconfigure-manage-lifecycle.md).
|
||||
If the proxy already has similar settings, remove it from the sections `location /`, `location /v2/` and `location /service/` and redeploy Harbor. For instructions about how to redeploy Harbor, see [Reconfigure Harbor and Manage the Harbor Lifecycle](reconfigure-manage-lifecycle.md).
|
||||
|
||||
## Troubleshoot HTTPS Connections {#https}
|
||||
|
||||
|
@ -3,8 +3,4 @@ title: Working with Projects
|
||||
weight: 15
|
||||
---
|
||||
|
||||
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects. The Harbor administrator can also perform all of these tasks.
|
||||
|
||||
- [Create Projects](create-projects)
|
||||
- [Project Configuration](project-configuration)
|
||||
- [Working with Images, Tags, and Helm Charts](working-with-images)
|
||||
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects. The Harbor administrator can also perform all of these tasks.
|
@ -24,33 +24,33 @@ Log in to Harbor with a Harbor administrator or project administrator account.
|
||||
|
||||
If you set the project to **Public**, any user can pull images from this project. If you leave the project set to **Private**, only users who are members of the project can pull images. You can toggle projects from public to private, or the reverse, at any moment after you create the project.
|
||||
|
||||
![create project](../../img/new-create-project.png)
|
||||
![create project](../../../img/new-create-project.png)
|
||||
|
||||
5. Click **OK**.
|
||||
|
||||
After the project is created, you can browse repositories, members, logs, replication and configuration using the navigation tab.
|
||||
|
||||
![browse project](../../img/new-browse-project.png)
|
||||
![browse project](../../../img/new-browse-project.png)
|
||||
|
||||
There are two views to show repositories, list view and card view, you can switch between them by clicking the corresponding icon.
|
||||
|
||||
![browse repositories](../../img/browse-project-repositories.png)
|
||||
![browse repositories](../../../img/browse-project-repositories.png)
|
||||
|
||||
Project properties can be changed by clicking "Configuration".
|
||||
|
||||
* To make all repositories under the project accessible to everyone, select the `Public` checkbox.
|
||||
|
||||
* To prevent un-signed images under the project from being pulled, select the `Enable content trust` checkbox. For more information about content trust, see [Implementing Content Trust](../implementing-content-trust.md).
|
||||
* To prevent un-signed images under the project from being pulled, select the `Enable content trust` checkbox. For more information about content trust, see [Implementing Content Trust](../project-configuration/implementing-content-trust.md).
|
||||
|
||||
![browse project](../../img/project-configuration.png)
|
||||
![browse project](../../../img/project-configuration.png)
|
||||
|
||||
|
||||
## Searching Projects and Repositories
|
||||
Entering a keyword in the search field at the top lists all matching projects and repositories. The search result includes both public and private repositories you have access to.
|
||||
|
||||
![browse project](../../img/new-search.png)
|
||||
![browse project](../../../img/new-search.png)
|
||||
|
||||
## What to Do Next
|
||||
|
||||
[Assign Users to a Project](../add-users.md)
|
||||
[Assign Users to a Project](add-users.md)
|
||||
|
||||
|
@ -5,7 +5,7 @@ weight: 25
|
||||
|
||||
You can add individual users to an existing project and assign a role to them. You can add an LDAP/AD or OIDC user to the project members if you use LDAP/AD or OIDC authentication, or a user that you have already created if you use database authentication. If you use LDAP/AD or OIDC authentication, you can add groups to projects and assign a role to the group.
|
||||
|
||||
For more information about users and roles in Harbor, see [User Permissions By Role](../administration/managing-users/user-permissions-by-role.md).
|
||||
For more information about users and roles in Harbor, see [User Permissions By Role](../../administration/managing-users/user-permissions-by-role.md).
|
||||
|
||||
## Add Individual Members to Projects
|
||||
|
||||
@ -13,13 +13,13 @@ For more information about users and roles in Harbor, see [User Permissions By R
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Members** tab and click **+User**.
|
||||
|
||||
![browse project](../../img/project-members.png)
|
||||
![browse project](../../../img/project-members.png)
|
||||
1. Enter the name of an existing database, LDAP/AD, or OIDC user and select a role for this user.
|
||||
|
||||
![browse project](../../img/new-add-member.png)
|
||||
![browse project](../../../img/new-add-member.png)
|
||||
1. Optionally select one or more members, click **Action**, and select a different role for the user or users, or select **Remove** to remove them from the project.
|
||||
|
||||
![browse project](../../img/new-remove-update-member.png)
|
||||
![browse project](../../../img/new-remove-update-member.png)
|
||||
|
||||
## Add LDAP/AD Groups to Projects
|
||||
|
||||
@ -27,10 +27,10 @@ For more information about users and roles in Harbor, see [User Permissions By R
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Members** tab and click **+Group**.
|
||||
|
||||
![Add group](../../img/add-group.png)
|
||||
![Add group](../../../img/add-group.png)
|
||||
1. Select **Add an existing user group to project members** or **Add a group from LDAP to project member**.
|
||||
|
||||
![Screenshot of add group dialog](../../img/ldap-group-addgroup-dialog.png)
|
||||
![Screenshot of add group dialog](../../../img/ldap-group-addgroup-dialog.png)
|
||||
|
||||
- If you selected **Add an existing user group to project members**, enter the name of a group that you have already used in Harbor and assign a role to that group.
|
||||
- If you selected **Add a group from LDAP to project member**, enter the LDAP Group DN and assign a role to that group.
|
||||
@ -41,16 +41,16 @@ If a user in the LDAP group has admin privilege, the user has the same privilege
|
||||
|
||||
## Add OIDC Groups to Projects
|
||||
|
||||
To be able to add OIDC groups to projects, your OIDC provider and Harbor instance must be configured correctly. For information about how to configure OIDC so that Harbor can use groups, see [OIDC Provider Authentication](#oidc-auth).
|
||||
To be able to add OIDC groups to projects, your OIDC provider and Harbor instance must be configured correctly. For information about how to configure OIDC so that Harbor can use groups, see [OIDC Provider Authentication](../../administration/configure-authentication/oidc-auth.md).
|
||||
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Members** tab and click **+Group**.
|
||||
|
||||
![Add group](../../img/add-group.png)
|
||||
![Add group](../../../img/add-group.png)
|
||||
1. Enter the name of a group that already exists in your OIDC provider and assign a role to that group.
|
||||
|
||||
![Add group](../../img/add-oidc-group.png)
|
||||
![Add group](../../../img/add-oidc-group.png)
|
||||
|
||||
{{< note >}}
|
||||
Unlike with LDAP groups, Harbor cannot check whether OIDC groups exist when you add them to a project. If you mistype the group name, or if the group does not exist in your OIDC provider, Harbor still creates the group.
|
||||
|
@ -11,13 +11,13 @@ After the initial creation of a project, you can configure or reconfigure its pr
|
||||
1. To make all repositories under the project accessible to everyone, select the `Public` checkbox, or deselect this checkbox to make the project private.
|
||||
1. To prevent un-signed images under the project from being pulled, select the `Enable content trust` checkbox.
|
||||
|
||||
![browse project](../../img/project-configuration.png)
|
||||
![browse project](../../../img/project-configuration.png)
|
||||
|
||||
## Searching projects and repositories
|
||||
|
||||
Enter a keyword in the search field at the top to list all matching projects and repositories. The search result includes both public and private repositories you have access to.
|
||||
|
||||
![browse project](../../img/new-search.png)
|
||||
![browse project](../../../img/new-search.png)
|
||||
|
||||
## Configure Vulnerability Settings in Projects
|
||||
|
||||
@ -28,16 +28,16 @@ You can configure projects so that images with vulnerabilities cannot be run, an
|
||||
1. Select the **Configuration** tab.
|
||||
1. To prevent vulnerable images under the project from being pulled, select the **Prevent vulnerable images from running** checkbox.
|
||||
|
||||
![Prevent vulnerable images from running](../../img/prevent-vulnerable-images.png)
|
||||
![Prevent vulnerable images from running](../../../img/prevent-vulnerable-images.png)
|
||||
|
||||
1. Select the severity level of vulnerabilities to prevent images from running.
|
||||
|
||||
![Set vulnerability threshold](../../img/set-vulnerability-threshold.png)
|
||||
![Set vulnerability threshold](../../../img/set-vulnerability-threshold.png)
|
||||
|
||||
Images cannot be pulled if their level is equal to or higher than the selected level of severity. Harbor does not prevent images with a vulnerability severity of `negligible` from running.
|
||||
1. To activate an immediate vulnerability scan on new images that are pushed to the project, select the **Automatically scan images on push** check box.
|
||||
|
||||
![Automatically scan images on push](../../img/scan-on-push.png)
|
||||
![Automatically scan images on push](../../../img/scan-on-push.png)
|
||||
|
||||
## Build history
|
||||
|
||||
@ -45,4 +45,4 @@ Build history makes it easy to see the contents of a container image, find the c
|
||||
|
||||
In Harbor portal, enter your project, select the repository, click on the link of tag name you'd like to see its build history, the detail page will be opened. Then switch to `Build History` tab, you can see the build history information.
|
||||
|
||||
![build history](../../img/build-history.png)
|
||||
![build history](../../../img/build-history.png)
|
||||
|
@ -13,22 +13,22 @@ Log in to Harbor with a Harbor administrator, project administrator, master, dev
|
||||
|
||||
1. Go to **Projects**, select a project, and select **Logs**.
|
||||
|
||||
![View logs](../../img/project-logs.png)
|
||||
![View logs](../../../img/project-logs.png)
|
||||
|
||||
All logs for the project are displayed.
|
||||
|
||||
1. Click the **Search** icon and start typing to filter the logs by name.
|
||||
|
||||
![Filter logs](../../img/log-filter.png)
|
||||
![Filter logs](../../../img/log-filter.png)
|
||||
|
||||
1. Click **Advanced**.
|
||||
|
||||
![Advanced log search](../../img/log-search-advanced.png)
|
||||
![Advanced log search](../../../img/log-search-advanced.png)
|
||||
|
||||
1. Use the **Operations** drop-down menu to filter by operation type.
|
||||
|
||||
![Search logs by operation type](../../img/new-project-log.png)
|
||||
![Search logs by operation type](../../../img/new-project-log.png)
|
||||
|
||||
1. Click the calendar icons to enter dates between which to search for logs of the types you set in the **Operations** drop-down menu.
|
||||
|
||||
![Filter logs by date](../../img/log-search-advanced-date.png)
|
||||
![Filter logs by date](../../../img/log-search-advanced-date.png)
|
||||
|
@ -5,17 +5,17 @@ weight: 50
|
||||
|
||||
When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. You can create whitelists of CVEs to ignore during vulnerability scanning.
|
||||
|
||||
Harbor administrators can set a system-wide CVE whitelist. For information about site-wide CVE whitelists, see [Configure System-Wide CVE Whitelists](../administration/vulnerability-scanning/configure-system-whitelist.md). By default, the system whitelist is applied to all projects. You can configure different CVE whitelists for individual projects, that override the system whitelist.
|
||||
Harbor administrators can set a system-wide CVE whitelist. For information about site-wide CVE whitelists, see [Configure System-Wide CVE Whitelists](../../administration/vulnerability-scanning/configure-system-whitelist.md). By default, the system whitelist is applied to all projects. You can configure different CVE whitelists for individual projects, that override the system whitelist.
|
||||
|
||||
1. Go to **Projects**, select a project, and select **Configuration**.
|
||||
1. Under **CVE whitelist**, select **Project whitelist**.
|
||||
|
||||
![Project CVE whitelist](../../img/cve-whitelist5.png)
|
||||
![Project CVE whitelist](../../../img/cve-whitelist5.png)
|
||||
|
||||
1. Optionally click **Copy From System** to add all of the CVE IDs from the system CVE whitelist to this project whitelist.
|
||||
1. Click **Add** and enter a list of additional CVE IDs to ignore during vulnerability scanning of this project.
|
||||
|
||||
![Add project CVEs](../../img/cve-whitelist6.png)
|
||||
![Add project CVEs](../../../img/cve-whitelist6.png)
|
||||
|
||||
Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
|
||||
|
||||
|
@ -66,13 +66,13 @@ You can configure your continuous integration and development infrastructure so
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Webhooks**.
|
||||
|
||||
![Webhooks option](../../img/webhooks1.png)
|
||||
![Webhooks option](../../../img/webhooks1.png)
|
||||
|
||||
1. Enter the URL for your webhook endpoint listener.
|
||||
1. If your webhook listener implements authentication, enter the authentication header.
|
||||
1. To implement `HTTPS POST` instead of `HTTP POST`, select the **Verifiy Remote Certficate** check box.
|
||||
|
||||
![Webhook URL](../../img/webhooks2.png)
|
||||
![Webhook URL](../../../img/webhooks2.png)
|
||||
|
||||
1. Click **Test Endpoint** to make sure that Harbor can connect to the listener.
|
||||
1. Click **Continue** to create the webhook.
|
||||
@ -83,7 +83,7 @@ When you have created the webhook, you see the status of the different notificat
|
||||
You can only disable and reenable all notifications. You cannot disable and enable selected notifications.
|
||||
{{< /note >}}
|
||||
|
||||
![Webhook Status](../../img/webhooks3.png)
|
||||
![Webhook Status](../../../img/webhooks3.png)
|
||||
|
||||
If a webhook notification fails to send, or if it receives an HTTP error response with a code other than `2xx`, the notification is re-sent based on the configuration that you set in `harbor.yml`.
|
||||
|
||||
@ -94,4 +94,4 @@ As a Harbor system administrator, you can enable and disable webhook notificatio
|
||||
1. Go to **Configuration** > **System Settings**.
|
||||
1. Scroll down and check or uncheck the **Webhooks enabled** check box.
|
||||
|
||||
![Enable/disable webhooks](../../img/webhooks4.png)
|
||||
![Enable/disable webhooks](../../../img/webhooks4.png)
|
||||
|
@ -13,7 +13,7 @@ You can create robot accounts to run automated operations. Robot accounts have t
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Robot Accounts**.
|
||||
|
||||
![Robot accounts](../../img/add-robot-account.png)
|
||||
![Robot accounts](../../../img/add-robot-account.png)
|
||||
|
||||
1. Click **New Robot Account**.
|
||||
1. Enter a name and an optional description for this robot account.
|
||||
@ -21,12 +21,12 @@ You can create robot accounts to run automated operations. Robot accounts have t
|
||||
|
||||
Robot accounts can always pull images, so you cannot deselect this option.
|
||||
|
||||
![Add a robot account](../../img/add-robot-account-2.png)
|
||||
![Add a robot account](../../../img/add-robot-account-2.png)
|
||||
|
||||
1. Click **Save**.
|
||||
1. In the confirmation window, click **Export to File** to download the access token as a JSON file, or click the clipboard icon to copy its contents to the clipboard.
|
||||
|
||||
![copy_robot_account_token](../../img/copy-robot-account-token.png)
|
||||
![copy_robot_account_token](../../../img/copy-robot-account-token.png)
|
||||
|
||||
{{< important >}}
|
||||
Harbor does not store robot account tokens, so you must either download the token JSON or copy and paste its contents into a text file. There is no way to get the token from Harbor after you have created the robot account.
|
||||
@ -34,11 +34,11 @@ You can create robot accounts to run automated operations. Robot accounts have t
|
||||
|
||||
The new robot account appears as `robot$account_name` in the list of robot accounts. The `robot$` prefix makes it easily distinguishable from a normal Harbor user account.
|
||||
|
||||
![New robot account](../../img/new-robot-account.png)
|
||||
![New robot account](../../../img/new-robot-account.png)
|
||||
|
||||
1. To delete or disable a robot account, select the account in the list, and select **Disable account** or **Delete** from the Action drop-down menu.
|
||||
|
||||
![Disable or delete a robot account](../../img/disable-delete-robot-account.png)
|
||||
![Disable or delete a robot account](../../../img/disable-delete-robot-account.png)
|
||||
|
||||
### Configure the Expiry Period of Robot Accounts
|
||||
|
||||
@ -48,7 +48,7 @@ By default, robot accounts expire after 30 days. You can set a longer or shorter
|
||||
1. Go to **Configuration** and select **System Settings**.
|
||||
1. In the **Robot Token Expiration (Days)** row, modify the number of days after which robot account tokens expire.
|
||||
|
||||
![Set robot account token expiry](../../img/set-robot-account-token-duration.png)
|
||||
![Set robot account token expiry](../../../img/set-robot-account-token-duration.png)
|
||||
|
||||
### Authenticate with a Robot Account
|
||||
|
||||
|
@ -25,4 +25,4 @@ Replace "10.117.169.182" with the IP address or domain name of your Harbor node.
|
||||
|
||||
When an image is signed, it has a tick shown in UI; otherwise, a cross sign(X) is displayed instead.
|
||||
|
||||
![browse project](../../img/content-trust.png)
|
||||
![browse project](../../../img/content-trust.png)
|
||||
|
@ -2,12 +2,12 @@
|
||||
title: Using the API Explorer
|
||||
---
|
||||
|
||||
Harbor integrated swagger UI from 1.8. That means all apis can be invoked through UI. Normally, user have 2 ways to navigate to API Explorer.
|
||||
Harbor integrated swagger UI from 1.8. That means all APIs can be invoked through the Harbor interface. You can navigate to the API Explorer in two ways.
|
||||
|
||||
1. User can login harbor, and click the "API EXPLORER" button.All apis will be invoked with current user authorization.
|
||||
![navigation bar](../../img/api-explorer-btn.png)
|
||||
1. Log in to Harbor and click the "API EXPLORER" button. All APIs will be invoked with the current user's authorization.
|
||||
![navigation bar](../../../img/api-explorer-btn.png)
|
||||
|
||||
|
||||
2. User can navigate to swagger page by ip address by router "devcenter". For example: https://10.192.111.118/devcenter. After go to the page, need to click "authorize" button to give basic authentication to all apis. All apis will be invoked with the authorized user authorization.
|
||||
![authentication](../../img/authorize.png)
|
||||
2. Navigate to the Swagger page by using the IP address of your Harbor instance and adding the router "devcenter". For example: https://10.192.111.118/devcenter. Then click the **Authorize** button to give basic authentication to all APIs. All APIs will be invoked with the authorized user's authorization.
|
||||
![authentication](../../../img/authorize.png)
|
||||
|
||||
|
@ -4,10 +4,3 @@ weight: 40
|
||||
---
|
||||
|
||||
This section describes how to work with images and tags in Harbor.
|
||||
|
||||
- [Pulling and Pushing Images](pulling-pushing-images.md)
|
||||
- [Create Labels](create-labels.md)
|
||||
- [Retag Images](retagging-images.md)
|
||||
- [Create Tag Retention Rules](create-tag-retention-rules.md)
|
||||
- [Create Tag Immutability Rules](create-tag-immutability-rules.md)
|
||||
- [Manage Kubernetes Packages with Helm Charts](managing-helm-charts.md)
|
||||
|
@ -11,19 +11,19 @@ Harbor provides two kinds of labels to isolate different kinds of resources:
|
||||
## Managing Global Labels
|
||||
The Harbor system administrators can list, create, update and delete the global level labels under `Administration->Configuration->Labels`:
|
||||
|
||||
![manage global level labels](../../img/manage-global-level-labels.png)
|
||||
![manage global level labels](../../../img/manage-global-level-labels.png)
|
||||
|
||||
## Managing Project-Level Labels
|
||||
The project administrators and Harbor system administrators can list, create, update and delete the project level labels under `Labels` tab of the project detail page:
|
||||
|
||||
![manage project level labels](../../img/manage-project-level-labels.png)
|
||||
![manage project level labels](../../../img/manage-project-level-labels.png)
|
||||
|
||||
## Adding and Removing Labels to and from Images
|
||||
Users who have Harbor system administrator, project administrator or project developer role can click the `ADD LABELS` button to add labels to or remove labels from images. The label list contains both globel level labels(come first) and project level labels:
|
||||
|
||||
![add labels to images](../../img/add-labels-to-images.png)
|
||||
![add labels to images](../../../img/add-labels-to-images.png)
|
||||
|
||||
## Filtering Images by Label
|
||||
The images can be filtered by labels:
|
||||
|
||||
![filter images by labels](../../img/filter-images-by-label.png)
|
||||
![filter images by labels](../../../img/filter-images-by-label.png)
|
||||
|
@ -27,14 +27,14 @@ In this case, you cannot delete `hello-world:v2` because it shares the sha256 di
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Tag Immutability**.
|
||||
|
||||
![Add an immutability rule](../../img/tag-immutability.png)
|
||||
![Add an immutability rule](../../../img/tag-immutability.png)
|
||||
|
||||
1. Click **Add Rule**.
|
||||
|
||||
- In the **Respositories** row, enter a comma-separated list of repositories to which to either apply or exclude from the rule by selecting either **matching** or **excluding** from the drop-down menu.
|
||||
- In the **Tags** row, enter a comma-separated list of tags to which to either apply or exclude from the rule by selecting either **matching** or **excluding** from the drop-down menu.
|
||||
|
||||
![Add an immutability rule](../../img/add-immutability-rule.png)
|
||||
![Add an immutability rule](../../../img/add-immutability-rule.png)
|
||||
1. Click **Add** to save the rule.
|
||||
|
||||
You can add a maximum of 15 immutability rules per project.
|
||||
@ -42,7 +42,7 @@ In this case, you cannot delete `hello-world:v2` because it shares the sha256 di
|
||||
After you add a rule, any tags that are identified by the rule are marked **Immutable** in the Repositories tab.
|
||||
1. To modify an existing rule, use the **Action** drop-down menu next to a rule to disable, edit, or delete that rule.
|
||||
|
||||
![Immutability rules](../../img/edit-tag-immutability.png)
|
||||
![Immutability rules](../../../img/edit-tag-immutability.png)
|
||||
|
||||
## Example
|
||||
|
||||
|
@ -96,7 +96,7 @@ In this example, the rules are applied to the following 7 tags:
|
||||
|
||||
## How Tag Retention Rules Interact with Project Quotas
|
||||
|
||||
The Harbor system administrator can set a maximum on the number of tags that a project can contain and the amount of storage that it can consume. For information about project quotas, see [Configure Project Quotas](../administration/configure-project-quotas.md).
|
||||
The Harbor system administrator can set a maximum on the number of tags that a project can contain and the amount of storage that it can consume. For information about project quotas, see [Configure Project Quotas](../../administration/configure-project-quotas/_index.md).
|
||||
|
||||
If you set a quota on a project, this quota cannot be exceeded. The quota is applied to a project even if you set a retention rule that would exceed it. In other words, you cannot use retention rules to bypass quotas.
|
||||
|
||||
@ -105,10 +105,10 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Tag Retention**.
|
||||
|
||||
![Tag options](../../img/tag-retention1.png)
|
||||
![Tag options](../../../img/tag-retention1.png)
|
||||
1. Click **Add Rule** to add a rule.
|
||||
1. In the **Repositories** drop-down menu, select **matching** or **excluding**.
|
||||
![Select repositories](../../img/tag-retention2.png)
|
||||
![Select repositories](../../../img/tag-retention2.png)
|
||||
1. In the **Repositories** text box, identify the repositories on which to apply the rule.
|
||||
|
||||
You can define the repositories on which to apply the rule by entering the following information:
|
||||
@ -120,7 +120,7 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
|
||||
If you selected **matching**, the rule is applied to the repositories you identified. If you selected **excluding**, the rule is applied to all of the repositories in the project except for the ones that you identified.
|
||||
1. In the **By image count or number of days** drop-down menu, define how many tags to retain or the period to retain tags.
|
||||
![Select retention criteria](../../img/tag-retention3.png)
|
||||
![Select retention criteria](../../../img/tag-retention3.png)
|
||||
|
||||
|Option|Description|
|
||||
|---|---|
|
||||
@ -145,7 +145,7 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
1. (Optional) Click **Add Rule** to add more rules, up to a maximum of 15 per project.
|
||||
1. (Optional) Under Schedule, click **Edit** and select how often to run the rule.
|
||||
|
||||
![Select retention criteria](../../img/tag-retention4.png)
|
||||
![Select retention criteria](../../../img/tag-retention4.png)
|
||||
|
||||
If you select **Custom**, enter a cron job command to schedule the rule.
|
||||
|
||||
@ -157,4 +157,4 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
|
||||
To modify an existing rule, use the **Action** drop-down menu next to a rule to disable, edit, or delete that rule.
|
||||
|
||||
![Modify tag retention rules](../../img/tag-retention5.png)
|
||||
![Modify tag retention rules](../../../img/tag-retention5.png)
|
||||
|
@ -15,7 +15,7 @@ Click your project to enter the project detail page after successful logging in.
|
||||
* The count of chart versions
|
||||
* The created time of the chart
|
||||
|
||||
![list charts](../../img/list-charts.png)
|
||||
![list charts](../../../img/list-charts.png)
|
||||
|
||||
You can click the icon buttons on the top right to switch views between card view and list view.
|
||||
|
||||
@ -23,7 +23,7 @@ You can click the icon buttons on the top right to switch views between card vie
|
||||
|
||||
Click the `UPLOAD` button on the top left to open the chart uploading dialog. Choose the uploading chart from your filesystem. Click the `UPLOAD` button to upload it to the chart repository server.
|
||||
|
||||
![upload charts](../../img/upload-charts.png)
|
||||
![upload charts](../../../img/upload-charts.png)
|
||||
|
||||
If the chart is signed, you can choose the corresponding provenance file from your filesystem and Click the `UPLOAD` button to upload them together at once.
|
||||
|
||||
@ -37,7 +37,7 @@ Clicking the chart name from the chart list will show all the available versions
|
||||
* the template engine used (default is gotpl)
|
||||
* the created timestamp of the chart version
|
||||
|
||||
![list charts versions](../../img/list-chart-versions.png)
|
||||
![list charts versions](../../../img/list-chart-versions.png)
|
||||
|
||||
Obviously, there will be at least 1 version for each of the charts in the top chart list. Same with chart list view, you can also click the icon buttons on the top right to switch views between card view and list view.
|
||||
|
||||
@ -49,13 +49,13 @@ Check the checkbox at the 1st column to select the specified chart versions:
|
||||
### Adding Labels to and Removing Labels from Chart Versions
|
||||
Users who have Harbor system administrator, project administrator or project developer role can click the `ADD LABELS` button to add labels to or remove labels from chart versions.
|
||||
|
||||
![add labels to chart versions](../../img/add-labels-to-chart-versions.png)
|
||||
![add labels to chart versions](../../../img/add-labels-to-chart-versions.png)
|
||||
|
||||
|
||||
### Filtering Chart Versions by Label
|
||||
The chart versions can be filtered by labels:
|
||||
|
||||
![filter chart versions by labels](../../img/filter-chart-versions-by-label.png)
|
||||
![filter chart versions by labels](../../../img/filter-chart-versions-by-label.png)
|
||||
|
||||
### View Chart Version Details
|
||||
Clicking the chart version number link will open the chart version details view. You can see more details about the specified chart version here. There are three content sections:
|
||||
@ -63,14 +63,14 @@ Clicking the chart version number link will open the chart version details view.
|
||||
* readme of the chart
|
||||
* overall metadata like home, created timestamp and application version
|
||||
* related helm commands for reference, such as `helm add repo` and `helm install` etc.
|
||||
![chart details](../../img/chart-details.png)
|
||||
![chart details](../../../img/chart-details.png)
|
||||
* **Dependencies:**
|
||||
* list all the dependant sun charts with 'name', 'version' and 'repository' fields
|
||||
![chart dependencies](../../img/chart-dependencies.png)
|
||||
![chart dependencies](../../../img/chart-dependencies.png)
|
||||
* **Values:**
|
||||
* display the content from `values.yaml` file with highlight code preview
|
||||
* clicking the icon buttons on the top right to switch the yaml file view to k-v value pair list view
|
||||
![chart values](../../img/chart-values.png)
|
||||
![chart values](../../../img/chart-values.png)
|
||||
|
||||
Clicking the `DOWNLOAD` button on the top right will start the downloading process.
|
||||
|
||||
@ -97,9 +97,9 @@ Before working, Harbor should be added into the repository list with `helm repo
|
||||
helm repo add --ca-file ca.crt --username=admin --password=Passw0rd myrepo https://xx.xx.xx.xx/chartrepo
|
||||
```
|
||||
|
||||
{{< note >}}
|
||||
Providing both a CA file and cert files is necessary due to an issue in Helm.
|
||||
{{< /note >}}
|
||||
{{< note >}}
|
||||
Providing both a CA file and cert files is necessary due to an issue in Helm.
|
||||
{{< /note >}}
|
||||
|
||||
* Add Harbor project as separate index entry point
|
||||
|
||||
|
@ -9,7 +9,7 @@ Harbor optionally supports HTTP connections, however the Docker client always at
|
||||
Error response from daemon: Get https://<i>myregistrydomain.com</i>/v1/users/: dial tcp <i>myregistrydomain.com</i>:443 getsockopt: connection refused.
|
||||
</pre>
|
||||
|
||||
For information about how to add insecure registries to your Docker client, see [Connecting to Harbor via HTTP](../install-config/run-installer-script.md#connect_http).
|
||||
For information about how to add insecure registries to your Docker client, see [Connecting to Harbor via HTTP](../../install-config/run-installer-script.md#connect-http).
|
||||
|
||||
You also see this error if Harbor uses HTTPS with an unknown CA certificate. In this case, obtain the registry's CA certificate, and copy it to <code>/etc/docker/certs.d/<i>myregistrydomain.com</i>/ca.crt</code>.
|
||||
|
||||
@ -63,13 +63,13 @@ After pushing an image, the project administrator can add information to describ
|
||||
|
||||
Go into the repository and select the **Info** tab, and click the **Edit** button. Enter a description and click **Save** to save the description.
|
||||
|
||||
![edit info](../../img/edit-description.png)
|
||||
![edit info](../../../img/edit-description.png)
|
||||
|
||||
## Download the Harbor Certificate
|
||||
|
||||
Users can click the **Registry Certificate** button to download the registry certificate.
|
||||
|
||||
![browse project](../../img/download-harbor-certs.png)
|
||||
![browse project](../../../img/download-harbor-certs.png)
|
||||
|
||||
## Deleting Repositories
|
||||
|
||||
@ -77,14 +77,14 @@ Deleting repositories involves two steps.
|
||||
|
||||
First, you delete a repository in the Harbor interface. This is soft deletion. You can delete the entire repository or just one of its tags. After the soft deletion, the repository is no longer managed by Harbor, however, the repository files remain in the Harbor storage.
|
||||
|
||||
![browse project](../../img/new-delete-repo.png)
|
||||
![browse project](../../img/new-delete-tag.png)
|
||||
![browse project](../../../img/new-delete-repo.png)
|
||||
![browse project](../../../img/new-delete-tag.png)
|
||||
|
||||
{{< danger >}}
|
||||
If both tag A and tag B refer to the same image, after deleting tag A, B will also get deleted. if you enabled content trust, you need to use notary command line tool to delete the tag's signature before you delete an image.
|
||||
{{< /danger >}}
|
||||
|
||||
Next, delete the repository files by running [garbage collection](../administration/garbage-collection.md) in the Harbor interface.
|
||||
Next, delete the repository files by running [garbage collection](../../administration/garbage-collection/_index.md) in the Harbor interface.
|
||||
|
||||
## Pulling Images from Harbor in Kubernetes
|
||||
Kubernetes users can easily deploy pods with images stored in Harbor. The settings are similar to those of any other private registry. There are two issues to be aware of:
|
||||
@ -94,7 +94,7 @@ Kubernetes users can easily deploy pods with images stored in Harbor. The settin
|
||||
|
||||
## Configure Notary Content Trust
|
||||
|
||||
Make sure that `https` is enabled in `harbor.yml` and the attributes `ssl_cert` and `ssl_cert_key` point to valid certificates. For more information about generating a HTTPS certificate, see [Configure HTTPS Access to Harbor](../install-config/configure-https.md).
|
||||
Make sure that `https` is enabled in `harbor.yml` and the attributes `ssl_cert` and `ssl_cert_key` point to valid certificates. For more information about generating a HTTPS certificate, see [Configure HTTPS Access to Harbor](../../install-config/configure-https.md).
|
||||
|
||||
### Copy the Root Certificate
|
||||
|
||||
|
@ -12,6 +12,6 @@ To retag an image, you must have read permission (guest role or above) in the so
|
||||
|
||||
In the Harbor interface, select the image to retag, and click `Retag`.
|
||||
|
||||
![retag image](../../img/retag-image.png)
|
||||
![retag image](../../../img/retag-image.png)
|
||||
|
||||
In the Retag windown, enter the project name, repository name, the new tag name, and click **Confirm**.
|
||||
|
Loading…
Reference in New Issue
Block a user