Add instructions pulling image via kubernetes

This commit is contained in:
Daniel Jiang 2017-09-29 16:20:34 +08:00 committed by GitHub
parent b2420c035f
commit 9a7660596d

View File

@ -15,6 +15,7 @@ This guide walks you through the fundamentals of using Harbor. You'll learn how
* Delete repositories and images.
* Content trust.
* Vulnerability scanning via Clair.
* Pull image from Harbor in Kubernetes.
## Role Based Access Control(RBAC)
@ -320,4 +321,10 @@ You can set policies to control the vulnerability analysis process. Currently, t
* **Daily:** Policy is activated daily. It means an analysis job is scheduled to be executed at the specified time everyday. The scheduled job will scan all the images in Harbor.
![browse project](img/scan_policy.png)
**NOTES: Once the scheduled job is executed, the completion time of scanning all images will be updated accordingly. Please be aware that the completion time of the images may be different because the execution of analysis for each image may be carried out at different time.**
**NOTES: Once the scheduled job is executed, the completion time of scanning all images will be updated accordingly. Please be aware that the completion time of the images may be different because the execution of analysis for each image may be carried out at different time.**
### Pull image from Harbor in Kubernetes
Kubernetes users can easily deploy pods with images stored in Harbor. The settings are similar to that of another private registry. There are two major issues:
1. When your Harbor instance is hosting http and the certificate is self signed. You need to modify daemon.json on each work node of your cluster, for details please refer to: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
2. If your pod references an image under private project, you need to create a secret with the crendentials of user who has permission to pull image from this project, for details refer to: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/