mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 13:45:20 +01:00
Fix image links to match Hugo conventions
Signed-off-by: lucperkins <lucperkins@gmail.com>
This commit is contained in:
parent
384086c5ad
commit
c73bc0e80a
@ -15,24 +15,24 @@ By default, all projects have unlimited quotas for both tags and storage use.
|
||||
|
||||
1. Select the **Project Quotas** view.
|
||||
|
||||
![Project quotas](../img/project-quota1.png)
|
||||
![Project quotas](../../img/project-quota1.png)
|
||||
1. To set global default quotas on all projects, click **Edit**.
|
||||
|
||||
![Project quotas](../img/project-quota2.png)
|
||||
![Project quotas](../../img/project-quota2.png)
|
||||
|
||||
1. For **Default artifact count**, enter the maximum number of tags that any project can contain at a given time, or enter `-1` to set the default to unlimited.
|
||||
1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.
|
||||
![Project quotas](../img/project-quota3.png)
|
||||
![Project quotas](../../img/project-quota3.png)
|
||||
|
||||
1. Click **OK**.
|
||||
1. To set quotas on an individual project, click the 3 vertical dots next to a project and select **Edit**.
|
||||
![Project quotas](../img/project-quota4.png)
|
||||
![Project quotas](../../img/project-quota4.png)
|
||||
1. For **Default artifact count**, enter the maximum number of tags that this individual project can contain, or enter `-1` to set the default to unlimited.
|
||||
1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
|
||||
|
||||
After you set quotas, you can see how much of their quotas each project has consumed.
|
||||
|
||||
![Project quotas](../img/project-quota5.png)
|
||||
![Project quotas](../../img/project-quota5.png)
|
||||
|
||||
### How Harbor Calculates Resource Usage
|
||||
|
||||
|
@ -11,7 +11,7 @@ When you delete images from Harbor, space is not automatically freed up. You mus
|
||||
1. Expand **Administration**, and select **Garbage Collection**.
|
||||
1. Select the **'Garbage Collection'** tab.
|
||||
|
||||
![Garbage collection](../img/garbage-collection.png)
|
||||
![Garbage collection](../../img/garbage-collection.png)
|
||||
|
||||
1. To run garbage collection immediately, click **GC Now**.
|
||||
|
||||
@ -25,7 +25,7 @@ To avoid triggering the garbage collection process too frequently, the availabil
|
||||
1. Select the **'Garbage Collection'** tab.
|
||||
1. Use the drop down-menu to select how often to run garbage collection.
|
||||
|
||||
![Schedule garbage collection](../img/gc-policy.png)
|
||||
![Schedule garbage collection](../../img/gc-policy.png)
|
||||
|
||||
* **None**: No garbage collection is scheduled.
|
||||
* **Hourly**: Run garbage collection at the beginning of every hour.
|
||||
@ -35,6 +35,6 @@ To avoid triggering the garbage collection process too frequently, the availabil
|
||||
1. Click **Save**.
|
||||
1. Select the **History** tab to view records of the 10 most recent garbage collection runs.
|
||||
|
||||
![Garbage collection history](../img/gc-history.png)
|
||||
![Garbage collection history](../../img/gc-history.png)
|
||||
|
||||
1. Click on the **Logs** link to view the related logs.
|
||||
|
@ -9,17 +9,17 @@ You can configure Harbor to connect to an email server, set the registry in read
|
||||
|
||||
You can configure Harbor to connect to an email server. The email server is only used to send out responses to users who request to reset their password.
|
||||
|
||||
![browse project](../img/new-config-email.png)
|
||||
![browse project](../../img/new-config-email.png)
|
||||
|
||||
## Make the Registry Read Only
|
||||
|
||||
You can set Harbor to read-only mode. In read-only mode, Harbor allows `docker pull` but prevents `docker push` and the deletion of repositories and tags.
|
||||
|
||||
![Read-only mode](../img/read-only.png)
|
||||
![Read-only mode](../../img/read-only.png)
|
||||
|
||||
If it set to true, deleting repositories, tags and pushing images are not permitted.
|
||||
|
||||
![browse project](../img/read-only-enable.png)
|
||||
![browse project](../../img/read-only-enable.png)
|
||||
|
||||
```sh
|
||||
docker push 10.117.169.182/demo/ubuntu:14.04
|
||||
@ -32,4 +32,4 @@ denied: The system is in read only mode. Any modification is prohibited.
|
||||
|
||||
Use the **Project Creation** drop-down menu to set which users can create projects. Select **Everyone** to allow all users to create projects. Select **Admin Only** to allow only users with the Harbor system administrator role to create projects.
|
||||
|
||||
![browse project](../img/new-proj-create.png)
|
||||
![browse project](../../img/new-proj-create.png)
|
||||
|
@ -11,16 +11,16 @@ System-wide CVE whitelists apply to all of the projects in a Harbor instance.
|
||||
|
||||
1. Go to **Configuration** > **System Settings**.
|
||||
1. Under **Deployment security**, click **Add**.
|
||||
![System-wide CVE whitelist](../../img/cve-whitelist1.png)
|
||||
![System-wide CVE whitelist](../../../img/cve-whitelist1.png)
|
||||
1. Enter the list of CVE IDs to ignore during vulnerability scanning.
|
||||
![Add system CVE whitelist](../../img/cve-whitelist2.png)
|
||||
![Add system CVE whitelist](../../../img/cve-whitelist2.png)
|
||||
|
||||
Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
|
||||
1. Click **Add** at the bottom of the window to add the list.
|
||||
1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
|
||||
![Add system CVEs](../../img/cve-whitelist3.png)
|
||||
![Add system CVEs](../../../img/cve-whitelist3.png)
|
||||
1. Click **Save** at the bottom of the page to save your settings.
|
||||
|
||||
After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
|
||||
|
||||
![Add and remove system CVEs](../../img/cve-whitelist4.png)
|
||||
![Add and remove system CVEs](../../../img/cve-whitelist4.png)
|
||||
|
@ -7,15 +7,15 @@ To connect Harbor to additional vulnerability scanners, you must install and con
|
||||
|
||||
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
|
||||
1. Expand **Administration**, and select **Interrogation Services**.
|
||||
![Interrogation Services](../../img/interrogation-services.png)
|
||||
![Interrogation Services](../../../img/interrogation-services.png)
|
||||
1. Click the **New Scanner** button.
|
||||
1. Enter the information to identify the scanner.
|
||||
- A unique name for this scanner instance, to display in the Harbor interface.
|
||||
- An optional description of this scanner instance.
|
||||
- The address of the API endpoint that the scanner exposes to Harbor.
|
||||
![Add scanner](../../img/add-scanner.png)
|
||||
![Add scanner](../../../img/add-scanner.png)
|
||||
1. Select how to connect to the scanner from the **Authorization** drop-down menu.
|
||||
![Select scanner authentication method](../../img/scanner-auth.png)
|
||||
![Select scanner authentication method](../../../img/scanner-auth.png)
|
||||
- **None**: The scanner allows all connections without any security.
|
||||
- **Basic**: Enter a username and password for an account that can connect to the scanner.
|
||||
- **Bearer**: Paste the contents of a bearer token in the **Token** text box.
|
||||
@ -25,7 +25,7 @@ To connect Harbor to additional vulnerability scanners, you must install and con
|
||||
|
||||
**NOTE**: To use this option, the scanner must be deployed in a network that allows the scanner to reach Harbor via Harbor's internal network.
|
||||
1. Click **Test Connection** to make sure that Harbor can connect successfully to the scanner.
|
||||
![Test scanner connection](../../img/test-scanner-connection.png)
|
||||
![Test scanner connection](../../../img/test-scanner-connection.png)
|
||||
1. Click **Add** to connect Harbor to the scanner.
|
||||
1. Optionally repeat the procedure to add more scanners.
|
||||
1. If you configure multiple scanners, select one and click **Set as Default** to designate it as the default scanner.
|
||||
@ -35,7 +35,7 @@ To connect Harbor to additional vulnerability scanners, you must install and con
|
||||
Vulnerability scanners depend on the vulnerability metadata to complete the analysis process. After the first initial installation, the vulnerability scanner automatically starts to update the metadata database from different vulnerability repositories. The database update might take a while, based on the data size and network connection.
|
||||
|
||||
Depending on the scanner that you use, once the database is ready, the timestamp of the last update is shown in the **Interrogation Services** > **Vulnerability** tab. Currently, only Clair and Anchore provide timestamp information.
|
||||
![browse project](../../img/clair-ready.png)
|
||||
![browse project](../../../img/clair-ready.png)
|
||||
|
||||
Until the database has been fully populated, the timestamp is replaced by a warning symbol. When the database is ready, you can scan images individually or scan all images across all projects.
|
||||
|
||||
|
@ -9,6 +9,6 @@ In addition to scanning individual images in projects, you can run global scans
|
||||
1. Expand **Administration**, and select **Interrogation Services**.
|
||||
1. Select the **Vulnerability** tab and click **Scan Now** to scan all of the images in all projects.
|
||||
|
||||
![Scan all images](../../img/scan-all.png)
|
||||
![Scan all images](../../../img/scan-all.png)
|
||||
|
||||
Scanning requires intensive resource consumption. If scanning is in progress, the **Scan Now** button is unavailable.
|
||||
|
@ -9,11 +9,11 @@ weight: 30
|
||||
|
||||
The **Scanner** tab shows the details of the scanner that is currently set as the scanner to use for this project.
|
||||
|
||||
![Project scanner tab](../../img/project-scanners.png)
|
||||
![Project scanner tab](../../../img/project-scanners.png)
|
||||
|
||||
1. Click **Edit** to select a different scanner from the list of scanners that are connected to this Harbor instance, and click **OK**.
|
||||
|
||||
![Project scanner tab](../../img/select-scanner.png)
|
||||
![Project scanner tab](../../../img/select-scanner.png)
|
||||
|
||||
{{< note >}}
|
||||
If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
|
||||
@ -23,11 +23,11 @@ weight: 30
|
||||
|
||||
For each tag in the repository, the **Vulnerabilities** column displays the vulnerability scanning status and related information.
|
||||
|
||||
![Tag vulnerability status](../../img/tag-vulnerability-status.png)
|
||||
![Tag vulnerability status](../../../img/tag-vulnerability-status.png)
|
||||
|
||||
1. Select a tag, or use the check box at the top to select all tags in the repository, and click the **Scan** button to run the vulnerability scan on this image.
|
||||
|
||||
![Scan an image](../../img/scan-image.png)
|
||||
![Scan an image](../../../img/scan-image.png)
|
||||
|
||||
**NOTE**: You can start a scan at any time, unless the status is **Queued** or **Scanning**. If the database has not been fully populated, you should not run a scan. The following statuses are displayed in the **Vulnerabilities** column:
|
||||
|
||||
@ -39,7 +39,7 @@ weight: 30
|
||||
|
||||
If the process completes successfully, the result indicates the overall severity level, with the total number of vulnerabilities found for each severity level, and the number of fixable vulnerabilities.
|
||||
|
||||
![Scan result](../../img/scan-result.png)
|
||||
![Scan result](../../../img/scan-result.png)
|
||||
|
||||
* **Red:** At least one critical vulnerability found
|
||||
* **Orange:** At least one high level vulnerability found
|
||||
@ -50,10 +50,10 @@ weight: 30
|
||||
|
||||
1. Hover over the number of fixable vulnerabilities to see a summary of the vulnerability report.
|
||||
|
||||
![Vulnerability summary](../../img/vulnerability-summary.png)
|
||||
![Vulnerability summary](../../../img/vulnerability-summary.png)
|
||||
|
||||
1. Click on the tag name to see a detailed vulnerability report.
|
||||
|
||||
![Vulnerability report](../../img/tag-detail.png)
|
||||
![Vulnerability report](../../../img/tag-detail.png)
|
||||
|
||||
In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag.
|
||||
|
@ -10,7 +10,7 @@ You can set policies to control when vulnerability scanning should run.
|
||||
1. Select the **Vulnerability** tab and click the **Edit** button next to **Schedule to scan all**.
|
||||
1. Use the drop down-menu to select how often to run scans.
|
||||
|
||||
![browse project](../../img/scan-policy.png)
|
||||
![browse project](../../../img/scan-policy.png)
|
||||
|
||||
* **None**: No scans are scheduled.
|
||||
* **Hourly**: Run a scan at the beginning of every hour.
|
||||
|
@ -22,7 +22,7 @@ Most of Harbor's components are stateless now. So we can simply increase the re
|
||||
|
||||
As for storage layer, it is expected that the user provide high available PostgreSQL, Redis cluster for application data and PVCs or object storage for storing images and charts.
|
||||
|
||||
![HA](../img/ha.png)
|
||||
![HA](../../img/ha.png)
|
||||
|
||||
## Usage
|
||||
|
||||
|
@ -13,22 +13,22 @@ Log in to Harbor with a Harbor administrator, project administrator, master, dev
|
||||
|
||||
1. Go to **Projects**, select a project, and select **Logs**.
|
||||
|
||||
![View logs](../img/project-logs.png)
|
||||
![View logs](../../img/project-logs.png)
|
||||
|
||||
All logs for the project are displayed.
|
||||
|
||||
1. Click the **Search** icon and start typing to filter the logs by name.
|
||||
|
||||
![Filter logs](../img/log-filter.png)
|
||||
![Filter logs](../../img/log-filter.png)
|
||||
|
||||
1. Click **Advanced**.
|
||||
|
||||
![Advanced log search](../img/log-search-advanced.png)
|
||||
![Advanced log search](../../img/log-search-advanced.png)
|
||||
|
||||
1. Use the **Operations** drop-down menu to filter by operation type.
|
||||
|
||||
![Search logs by operation type](../img/new-project-log.png)
|
||||
![Search logs by operation type](../../img/new-project-log.png)
|
||||
|
||||
1. Click the calendar icons to enter dates between which to search for logs of the types you set in the **Operations** drop-down menu.
|
||||
|
||||
![Filter logs by date](../img/log-search-advanced-date.png)
|
||||
![Filter logs by date](../../img/log-search-advanced-date.png)
|
||||
|
@ -13,13 +13,13 @@ For more information about users and roles in Harbor, see [User Permissions By R
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Members** tab and click **+User**.
|
||||
|
||||
![browse project](../img/project-members.png)
|
||||
![browse project](../../img/project-members.png)
|
||||
1. Enter the name of an existing database, LDAP/AD, or OIDC user and select a role for this user.
|
||||
|
||||
![browse project](../img/new-add-member.png)
|
||||
![browse project](../../img/new-add-member.png)
|
||||
1. Optionally select one or more members, click **Action**, and select a different role for the user or users, or select **Remove** to remove them from the project.
|
||||
|
||||
![browse project](../img/new-remove-update-member.png)
|
||||
![browse project](../../img/new-remove-update-member.png)
|
||||
|
||||
## Add LDAP/AD Groups to Projects
|
||||
|
||||
@ -27,10 +27,10 @@ For more information about users and roles in Harbor, see [User Permissions By R
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Members** tab and click **+Group**.
|
||||
|
||||
![Add group](../img/add-group.png)
|
||||
![Add group](../../img/add-group.png)
|
||||
1. Select **Add an existing user group to project members** or **Add a group from LDAP to project member**.
|
||||
|
||||
![Screenshot of add group dialog](../img/ldap-group-addgroup-dialog.png)
|
||||
![Screenshot of add group dialog](../../img/ldap-group-addgroup-dialog.png)
|
||||
|
||||
- If you selected **Add an existing user group to project members**, enter the name of a group that you have already used in Harbor and assign a role to that group.
|
||||
- If you selected **Add a group from LDAP to project member**, enter the LDAP Group DN and assign a role to that group.
|
||||
@ -47,10 +47,10 @@ To be able to add OIDC groups to projects, your OIDC provider and Harbor instanc
|
||||
1. Go to **Projects** and select a project.
|
||||
1. Select the **Members** tab and click **+Group**.
|
||||
|
||||
![Add group](../img/add-group.png)
|
||||
![Add group](../../img/add-group.png)
|
||||
1. Enter the name of a group that already exists in your OIDC provider and assign a role to that group.
|
||||
|
||||
![Add group](../img/add-oidc-group.png)
|
||||
![Add group](../../img/add-oidc-group.png)
|
||||
|
||||
{{< note >}}
|
||||
Unlike with LDAP groups, Harbor cannot check whether OIDC groups exist when you add them to a project. If you mistype the group name, or if the group does not exist in your OIDC provider, Harbor still creates the group.
|
||||
|
@ -10,12 +10,12 @@ Harbor administrators can set a system-wide CVE whitelist. For information about
|
||||
1. Go to **Projects**, select a project, and select **Configuration**.
|
||||
1. Under **CVE whitelist**, select **Project whitelist**.
|
||||
|
||||
![Project CVE whitelist](../img/cve-whitelist5.png)
|
||||
![Project CVE whitelist](../../img/cve-whitelist5.png)
|
||||
|
||||
1. Optionally click **Copy From System** to add all of the CVE IDs from the system CVE whitelist to this project whitelist.
|
||||
1. Click **Add** and enter a list of additional CVE IDs to ignore during vulnerability scanning of this project.
|
||||
|
||||
![Add project CVEs](../img/cve-whitelist6.png)
|
||||
![Add project CVEs](../../img/cve-whitelist6.png)
|
||||
|
||||
Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
|
||||
|
||||
|
@ -66,13 +66,13 @@ You can configure your continuous integration and development infrastructure so
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Webhooks**.
|
||||
|
||||
![Webhooks option](../img/webhooks1.png)
|
||||
![Webhooks option](../../img/webhooks1.png)
|
||||
|
||||
1. Enter the URL for your webhook endpoint listener.
|
||||
1. If your webhook listener implements authentication, enter the authentication header.
|
||||
1. To implement `HTTPS POST` instead of `HTTP POST`, select the **Verifiy Remote Certficate** check box.
|
||||
|
||||
![Webhook URL](../img/webhooks2.png)
|
||||
![Webhook URL](../../img/webhooks2.png)
|
||||
|
||||
1. Click **Test Endpoint** to make sure that Harbor can connect to the listener.
|
||||
1. Click **Continue** to create the webhook.
|
||||
@ -83,7 +83,7 @@ When you have created the webhook, you see the status of the different notificat
|
||||
You can only disable and reenable all notifications. You cannot disable and enable selected notifications.
|
||||
{{< /note >}}
|
||||
|
||||
![Webhook Status](../img/webhooks3.png)
|
||||
![Webhook Status](../../img/webhooks3.png)
|
||||
|
||||
If a webhook notification fails to send, or if it receives an HTTP error response with a code other than `2xx`, the notification is re-sent based on the configuration that you set in `harbor.yml`.
|
||||
|
||||
@ -94,4 +94,4 @@ As a Harbor system administrator, you can enable and disable webhook notificatio
|
||||
1. Go to **Configuration** > **System Settings**.
|
||||
1. Scroll down and check or uncheck the **Webhooks enabled** check box.
|
||||
|
||||
![Enable/disable webhooks](../img/webhooks4.png)
|
||||
![Enable/disable webhooks](../../img/webhooks4.png)
|
||||
|
@ -11,19 +11,19 @@ Harbor provides two kinds of labels to isolate different kinds of resources:
|
||||
## Managing Global Labels
|
||||
The Harbor system administrators can list, create, update and delete the global level labels under `Administration->Configuration->Labels`:
|
||||
|
||||
![manage global level labels](../img/manage-global-level-labels.png)
|
||||
![manage global level labels](../../img/manage-global-level-labels.png)
|
||||
|
||||
## Managing Project-Level Labels
|
||||
The project administrators and Harbor system administrators can list, create, update and delete the project level labels under `Labels` tab of the project detail page:
|
||||
|
||||
![manage project level labels](../img/manage-project-level-labels.png)
|
||||
![manage project level labels](../../img/manage-project-level-labels.png)
|
||||
|
||||
## Adding and Removing Labels to and from Images
|
||||
Users who have Harbor system administrator, project administrator or project developer role can click the `ADD LABELS` button to add labels to or remove labels from images. The label list contains both globel level labels(come first) and project level labels:
|
||||
|
||||
![add labels to images](../img/add-labels-to-images.png)
|
||||
![add labels to images](../../img/add-labels-to-images.png)
|
||||
|
||||
## Filtering Images by Label
|
||||
The images can be filtered by labels:
|
||||
|
||||
![filter images by labels](../img/filter-images-by-label.png)
|
||||
![filter images by labels](../../img/filter-images-by-label.png)
|
||||
|
@ -24,17 +24,17 @@ Log in to Harbor with a Harbor administrator or project administrator account.
|
||||
|
||||
If you set the project to **Public**, any user can pull images from this project. If you leave the project set to **Private**, only users who are members of the project can pull images. You can toggle projects from public to private, or the reverse, at any moment after you create the project.
|
||||
|
||||
![create project](../img/new-create-project.png)
|
||||
![create project](../../img/new-create-project.png)
|
||||
|
||||
5. Click **OK**.
|
||||
|
||||
After the project is created, you can browse repositories, members, logs, replication and configuration using the navigation tab.
|
||||
|
||||
![browse project](../img/new-browse-project.png)
|
||||
![browse project](../../img/new-browse-project.png)
|
||||
|
||||
There are two views to show repositories, list view and card view, you can switch between them by clicking the corresponding icon.
|
||||
|
||||
![browse repositories](../img/browse-project-repositories.png)
|
||||
![browse repositories](../../img/browse-project-repositories.png)
|
||||
|
||||
Project properties can be changed by clicking "Configuration".
|
||||
|
||||
@ -42,13 +42,13 @@ Project properties can be changed by clicking "Configuration".
|
||||
|
||||
* To prevent un-signed images under the project from being pulled, select the `Enable content trust` checkbox. For more information about content trust, see [Implementing Content Trust](../implementing-content-trust.md).
|
||||
|
||||
![browse project](../img/project-configuration.png)
|
||||
![browse project](../../img/project-configuration.png)
|
||||
|
||||
|
||||
## Searching Projects and Repositories
|
||||
Entering a keyword in the search field at the top lists all matching projects and repositories. The search result includes both public and private repositories you have access to.
|
||||
|
||||
![browse project](../img/new-search.png)
|
||||
![browse project](../../img/new-search.png)
|
||||
|
||||
## What to Do Next
|
||||
|
||||
|
@ -13,7 +13,7 @@ You can create robot accounts to run automated operations. Robot accounts have t
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Robot Accounts**.
|
||||
|
||||
![Robot accounts](../img/add-robot-account.png)
|
||||
![Robot accounts](../../img/add-robot-account.png)
|
||||
|
||||
1. Click **New Robot Account**.
|
||||
1. Enter a name and an optional description for this robot account.
|
||||
@ -21,12 +21,12 @@ You can create robot accounts to run automated operations. Robot accounts have t
|
||||
|
||||
Robot accounts can always pull images, so you cannot deselect this option.
|
||||
|
||||
![Add a robot account](../img/add-robot-account-2.png)
|
||||
![Add a robot account](../../img/add-robot-account-2.png)
|
||||
|
||||
1. Click **Save**.
|
||||
1. In the confirmation window, click **Export to File** to download the access token as a JSON file, or click the clipboard icon to copy its contents to the clipboard.
|
||||
|
||||
![copy_robot_account_token](../img/copy-robot-account-token.png)
|
||||
![copy_robot_account_token](../../img/copy-robot-account-token.png)
|
||||
|
||||
{{< important >}}
|
||||
Harbor does not store robot account tokens, so you must either download the token JSON or copy and paste its contents into a text file. There is no way to get the token from Harbor after you have created the robot account.
|
||||
@ -34,11 +34,11 @@ You can create robot accounts to run automated operations. Robot accounts have t
|
||||
|
||||
The new robot account appears as `robot$account_name` in the list of robot accounts. The `robot$` prefix makes it easily distinguishable from a normal Harbor user account.
|
||||
|
||||
![New robot account](../img/new-robot-account.png)
|
||||
![New robot account](../../img/new-robot-account.png)
|
||||
|
||||
1. To delete or disable a robot account, select the account in the list, and select **Disable account** or **Delete** from the Action drop-down menu.
|
||||
|
||||
![Disable or delete a robot account](../img/disable-delete-robot-account.png)
|
||||
![Disable or delete a robot account](../../img/disable-delete-robot-account.png)
|
||||
|
||||
### Configure the Expiry Period of Robot Accounts
|
||||
|
||||
@ -48,7 +48,7 @@ By default, robot accounts expire after 30 days. You can set a longer or shorter
|
||||
1. Go to **Configuration** and select **System Settings**.
|
||||
1. In the **Robot Token Expiration (Days)** row, modify the number of days after which robot account tokens expire.
|
||||
|
||||
![Set robot account token expiry](../img/set-robot-account-token-duration.png)
|
||||
![Set robot account token expiry](../../img/set-robot-account-token-duration.png)
|
||||
|
||||
### Authenticate with a Robot Account
|
||||
|
||||
|
@ -27,14 +27,14 @@ In this case, you cannot delete `hello-world:v2` because it shares the sha256 di
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Tag Immutability**.
|
||||
|
||||
![Add an immutability rule](../img/tag-immutability.png)
|
||||
![Add an immutability rule](../../img/tag-immutability.png)
|
||||
|
||||
1. Click **Add Rule**.
|
||||
|
||||
- In the **Respositories** row, enter a comma-separated list of repositories to which to either apply or exclude from the rule by selecting either **matching** or **excluding** from the drop-down menu.
|
||||
- In the **Tags** row, enter a comma-separated list of tags to which to either apply or exclude from the rule by selecting either **matching** or **excluding** from the drop-down menu.
|
||||
|
||||
![Add an immutability rule](../img/add-immutability-rule.png)
|
||||
![Add an immutability rule](../../img/add-immutability-rule.png)
|
||||
1. Click **Add** to save the rule.
|
||||
|
||||
You can add a maximum of 15 immutability rules per project.
|
||||
@ -42,7 +42,7 @@ In this case, you cannot delete `hello-world:v2` because it shares the sha256 di
|
||||
After you add a rule, any tags that are identified by the rule are marked **Immutable** in the Repositories tab.
|
||||
1. To modify an existing rule, use the **Action** drop-down menu next to a rule to disable, edit, or delete that rule.
|
||||
|
||||
![Immutability rules](../img/edit-tag-immutability.png)
|
||||
![Immutability rules](../../img/edit-tag-immutability.png)
|
||||
|
||||
## Example
|
||||
|
||||
|
@ -105,10 +105,10 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
|
||||
1. Go to **Projects**, select a project, and select **Tag Retention**.
|
||||
|
||||
![Tag options](../img/tag-retention1.png)
|
||||
![Tag options](../../img/tag-retention1.png)
|
||||
1. Click **Add Rule** to add a rule.
|
||||
1. In the **Repositories** drop-down menu, select **matching** or **excluding**.
|
||||
![Select repositories](../img/tag-retention2.png)
|
||||
![Select repositories](../../img/tag-retention2.png)
|
||||
1. In the **Repositories** text box, identify the repositories on which to apply the rule.
|
||||
|
||||
You can define the repositories on which to apply the rule by entering the following information:
|
||||
@ -120,7 +120,7 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
|
||||
If you selected **matching**, the rule is applied to the repositories you identified. If you selected **excluding**, the rule is applied to all of the repositories in the project except for the ones that you identified.
|
||||
1. In the **By image count or number of days** drop-down menu, define how many tags to retain or the period to retain tags.
|
||||
![Select retention criteria](../img/tag-retention3.png)
|
||||
![Select retention criteria](../../img/tag-retention3.png)
|
||||
|
||||
|Option|Description|
|
||||
|---|---|
|
||||
@ -145,7 +145,7 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
1. (Optional) Click **Add Rule** to add more rules, up to a maximum of 15 per project.
|
||||
1. (Optional) Under Schedule, click **Edit** and select how often to run the rule.
|
||||
|
||||
![Select retention criteria](../img/tag-retention4.png)
|
||||
![Select retention criteria](../../img/tag-retention4.png)
|
||||
|
||||
If you select **Custom**, enter a cron job command to schedule the rule.
|
||||
|
||||
@ -157,4 +157,4 @@ If you set a quota on a project, this quota cannot be exceeded. The quota is app
|
||||
|
||||
To modify an existing rule, use the **Action** drop-down menu next to a rule to disable, edit, or delete that rule.
|
||||
|
||||
![Modify tag retention rules](../img/tag-retention5.png)
|
||||
![Modify tag retention rules](../../img/tag-retention5.png)
|
||||
|
@ -25,4 +25,4 @@ Replace "10.117.169.182" with the IP address or domain name of your Harbor node.
|
||||
|
||||
When an image is signed, it has a tick shown in UI; otherwise, a cross sign(X) is displayed instead.
|
||||
|
||||
![browse project](../img/content-trust.png)
|
||||
![browse project](../../img/content-trust.png)
|
||||
|
@ -15,7 +15,7 @@ Click your project to enter the project detail page after successful logging in.
|
||||
* The count of chart versions
|
||||
* The created time of the chart
|
||||
|
||||
![list charts](../img/list-charts.png)
|
||||
![list charts](../../img/list-charts.png)
|
||||
|
||||
You can click the icon buttons on the top right to switch views between card view and list view.
|
||||
|
||||
@ -23,7 +23,7 @@ You can click the icon buttons on the top right to switch views between card vie
|
||||
|
||||
Click the `UPLOAD` button on the top left to open the chart uploading dialog. Choose the uploading chart from your filesystem. Click the `UPLOAD` button to upload it to the chart repository server.
|
||||
|
||||
![upload charts](../img/upload-charts.png)
|
||||
![upload charts](../../img/upload-charts.png)
|
||||
|
||||
If the chart is signed, you can choose the corresponding provenance file from your filesystem and Click the `UPLOAD` button to upload them together at once.
|
||||
|
||||
@ -37,7 +37,7 @@ Clicking the chart name from the chart list will show all the available versions
|
||||
* the template engine used (default is gotpl)
|
||||
* the created timestamp of the chart version
|
||||
|
||||
![list charts versions](../img/list-chart-versions.png)
|
||||
![list charts versions](../../img/list-chart-versions.png)
|
||||
|
||||
Obviously, there will be at least 1 version for each of the charts in the top chart list. Same with chart list view, you can also click the icon buttons on the top right to switch views between card view and list view.
|
||||
|
||||
@ -49,13 +49,13 @@ Check the checkbox at the 1st column to select the specified chart versions:
|
||||
### Adding Labels to and Removing Labels from Chart Versions
|
||||
Users who have Harbor system administrator, project administrator or project developer role can click the `ADD LABELS` button to add labels to or remove labels from chart versions.
|
||||
|
||||
![add labels to chart versions](../img/add-labels-to-chart-versions.png)
|
||||
![add labels to chart versions](../../img/add-labels-to-chart-versions.png)
|
||||
|
||||
|
||||
### Filtering Chart Versions by Label
|
||||
The chart versions can be filtered by labels:
|
||||
|
||||
![filter chart versions by labels](../img/filter-chart-versions-by-label.png)
|
||||
![filter chart versions by labels](../../img/filter-chart-versions-by-label.png)
|
||||
|
||||
### View Chart Version Details
|
||||
Clicking the chart version number link will open the chart version details view. You can see more details about the specified chart version here. There are three content sections:
|
||||
@ -63,14 +63,14 @@ Clicking the chart version number link will open the chart version details view.
|
||||
* readme of the chart
|
||||
* overall metadata like home, created timestamp and application version
|
||||
* related helm commands for reference, such as `helm add repo` and `helm install` etc.
|
||||
![chart details](../img/chart-details.png)
|
||||
![chart details](../../img/chart-details.png)
|
||||
* **Dependencies:**
|
||||
* list all the dependant sun charts with 'name', 'version' and 'repository' fields
|
||||
![chart dependencies](../img/chart-dependencies.png)
|
||||
![chart dependencies](../../img/chart-dependencies.png)
|
||||
* **Values:**
|
||||
* display the content from `values.yaml` file with highlight code preview
|
||||
* clicking the icon buttons on the top right to switch the yaml file view to k-v value pair list view
|
||||
![chart values](../img/chart-values.png)
|
||||
![chart values](../../img/chart-values.png)
|
||||
|
||||
Clicking the `DOWNLOAD` button on the top right will start the downloading process.
|
||||
|
||||
|
@ -11,13 +11,13 @@ After the initial creation of a project, you can configure or reconfigure its pr
|
||||
1. To make all repositories under the project accessible to everyone, select the `Public` checkbox, or deselect this checkbox to make the project private.
|
||||
1. To prevent un-signed images under the project from being pulled, select the `Enable content trust` checkbox.
|
||||
|
||||
![browse project](../img/project-configuration.png)
|
||||
![browse project](../../img/project-configuration.png)
|
||||
|
||||
## Searching projects and repositories
|
||||
|
||||
Enter a keyword in the search field at the top to list all matching projects and repositories. The search result includes both public and private repositories you have access to.
|
||||
|
||||
![browse project](../img/new-search.png)
|
||||
![browse project](../../img/new-search.png)
|
||||
|
||||
## Configure Vulnerability Settings in Projects
|
||||
|
||||
@ -28,16 +28,16 @@ You can configure projects so that images with vulnerabilities cannot be run, an
|
||||
1. Select the **Configuration** tab.
|
||||
1. To prevent vulnerable images under the project from being pulled, select the **Prevent vulnerable images from running** checkbox.
|
||||
|
||||
![Prevent vulnerable images from running](../img/prevent-vulnerable-images.png)
|
||||
![Prevent vulnerable images from running](../../img/prevent-vulnerable-images.png)
|
||||
|
||||
1. Select the severity level of vulnerabilities to prevent images from running.
|
||||
|
||||
![Set vulnerability threshold](../img/set-vulnerability-threshold.png)
|
||||
![Set vulnerability threshold](../../img/set-vulnerability-threshold.png)
|
||||
|
||||
Images cannot be pulled if their level is equal to or higher than the selected level of severity. Harbor does not prevent images with a vulnerability severity of `negligible` from running.
|
||||
1. To activate an immediate vulnerability scan on new images that are pushed to the project, select the **Automatically scan images on push** check box.
|
||||
|
||||
![Automatically scan images on push](../img/scan-on-push.png)
|
||||
![Automatically scan images on push](../../img/scan-on-push.png)
|
||||
|
||||
## Build history
|
||||
|
||||
@ -45,4 +45,4 @@ Build history makes it easy to see the contents of a container image, find the c
|
||||
|
||||
In Harbor portal, enter your project, select the repository, click on the link of tag name you'd like to see its build history, the detail page will be opened. Then switch to `Build History` tab, you can see the build history information.
|
||||
|
||||
![build history](../img/build-history.png)
|
||||
![build history](../../img/build-history.png)
|
||||
|
@ -63,13 +63,13 @@ After pushing an image, the project administrator can add information to describ
|
||||
|
||||
Go into the repository and select the **Info** tab, and click the **Edit** button. Enter a description and click **Save** to save the description.
|
||||
|
||||
![edit info](../img/edit-description.png)
|
||||
![edit info](../../img/edit-description.png)
|
||||
|
||||
## Download the Harbor Certificate
|
||||
|
||||
Users can click the **Registry Certificate** button to download the registry certificate.
|
||||
|
||||
![browse project](../img/download-harbor-certs.png)
|
||||
![browse project](../../img/download-harbor-certs.png)
|
||||
|
||||
## Deleting Repositories
|
||||
|
||||
@ -77,8 +77,8 @@ Deleting repositories involves two steps.
|
||||
|
||||
First, you delete a repository in the Harbor interface. This is soft deletion. You can delete the entire repository or just one of its tags. After the soft deletion, the repository is no longer managed by Harbor, however, the repository files remain in the Harbor storage.
|
||||
|
||||
![browse project](../img/new-delete-repo.png)
|
||||
![browse project](../img/new-delete-tag.png)
|
||||
![browse project](../../img/new-delete-repo.png)
|
||||
![browse project](../../img/new-delete-tag.png)
|
||||
|
||||
{{< danger >}}
|
||||
If both tag A and tag B refer to the same image, after deleting tag A, B will also get deleted. if you enabled content trust, you need to use notary command line tool to delete the tag's signature before you delete an image.
|
||||
|
@ -12,6 +12,6 @@ To retag an image, you must have read permission (guest role or above) in the so
|
||||
|
||||
In the Harbor interface, select the image to retag, and click `Retag`.
|
||||
|
||||
![retag image](../img/retag-image.png)
|
||||
![retag image](../../img/retag-image.png)
|
||||
|
||||
In the Retag windown, enter the project name, repository name, the new tag name, and click **Confirm**.
|
||||
|
@ -5,9 +5,9 @@ title: Using the API Explorer
|
||||
Harbor integrated swagger UI from 1.8. That means all apis can be invoked through UI. Normally, user have 2 ways to navigate to API Explorer.
|
||||
|
||||
1. User can login harbor, and click the "API EXPLORER" button.All apis will be invoked with current user authorization.
|
||||
![navigation bar](../img/api-explorer-btn.png)
|
||||
![navigation bar](../../img/api-explorer-btn.png)
|
||||
|
||||
|
||||
2. User can navigate to swagger page by ip address by router "devcenter". For example: https://10.192.111.118/devcenter. After go to the page, need to click "authorize" button to give basic authentication to all apis. All apis will be invoked with the authorized user authorization.
|
||||
![authentication](../img/authorize.png)
|
||||
![authentication](../../img/authorize.png)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user