Signed-off-by: wang yan <wangyan@vmware.com>
3.0 KiB
title | weight |
---|---|
Create Robot Accounts | 40 |
You can create robot accounts to run automated operations. Robot accounts have the following limitations:
- Robot Accounts cannot log in to the Harbor interface.
- Robot Accounts can only perform operations by using the Docker and Helm CLIs.
Add a Robot Account
-
Log in to the Harbor interface with an account that has at least project administrator privileges.
-
Go to Projects, select a project, and select Robot Accounts.
-
Click New Robot Account.
-
Enter a name and an optional description for this robot account.
-
Set expiration time for this robot account, you can also select checkbox Never Expired if you want to create a never expiring robot account. If not set, the expiration time of system configuration will be used for this robot account.
-
Grant permission to the robot account to push images and to push and pull Helm charts.
Robot accounts can always pull images, so you cannot deselect this option.
-
Click Save.
-
In the confirmation window, click Export to File to download the access token as a JSON file, or click the clipboard icon to copy its contents to the clipboard.
{{< important >}} Harbor does not store robot account tokens, so you must either download the token JSON or copy and paste its contents into a text file. There is no way to get the token from Harbor after you have created the robot account. {{< /important >}}
The new robot account appears as
robot$account_name
in the list of robot accounts. Therobot$
prefix makes it easily distinguishable from a normal Harbor user account. -
To delete or disable a robot account, select the account in the list, and select Disable account or Delete from the Action drop-down menu.
Configure the Expiry Period of Robot Accounts
By default, robot accounts expire after 30 days. You can set a longer or shorter lifespan for robot accounts by modifying the expiry period for robot account tokens. The expiry period applies to all robot accounts in all projects.
-
Log in to the Harbor interface with an account that has Harbor system administrator privileges.
-
Go to Configuration and select System Settings.
-
In the Robot Token Expiration (Days) row, modify the number of days after which robot account tokens expire.
Authenticate with a Robot Account
To use a robot account in an automated process, for example a script, use docker login
and provide the credentials of the robot account.
docker login harbor_address Username: robot$account_name Password: robot_account_token