upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2024-09-20 16:35:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Linking and minor rewrites

Browse Source
This commit is contained in:
Stuart Clements 2020-01-15 15:57:54 +01:00
parent 6916aab224
commit e4ee3bf126
12 changed files with 114 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/1.10/build_customize_contribute/compile_guide.md
View File

@ -1,3 +1,7 @@
[Back to table of contents](../index.md)
----------
# Build Harbor from Source Code
This guide provides instructions for developers to build and run Harbor from source code.
@ -176,3 +180,8 @@ The `Makefile` contains these configurable parameters:
$ make XXXX -e DEVFLAG=false
```
----------
[Back to table of contents](../index.md)

13
docs/1.10/build_customize_contribute/configure_swagger.md
View File

@ -1,13 +1,17 @@
[Back to table of contents](../index.md)
----------
# View and test Harbor REST API via Swagger
A Swagger file is provided for viewing and testing Harbor REST API.
### Viewing Harbor REST API
## Viewing Harbor REST API
* Open the file **swagger.yaml** under the _docs_ directory in Harbor project;
* Paste all its content into the online Swagger Editor at http://editor.swagger.io. The descriptions of Harbor API will be shown on the right pane of the page.
![Swagger Editor](img/swaggerEditor.png)
### Testing Harbor REST API
## Testing Harbor REST API
From time to time, you may need to mannually test Harbor REST API. You can deploy the Swagger file into Harbor's service node. Suppose you install Harbor through online or offline installer, you should have a Harbor directory after you un-tar the installer, such as **~/harbor**.
**Caution:** When using Swagger to send REST requests to Harbor, you may alter the data of Harbor accidentally. For this reason, it is NOT recommended using Swagger against a production Harbor instance.
@ -69,3 +73,8 @@ ui:
* You should see a Swagger UI page with Harbor API _swagger.yaml_ file loaded in the same domain, **be aware that your REST request submitted by Swagger may change the data of Harbor**.
![Harbor API](img/renderedSwagger.png)
----------
[Back to table of contents](../index.md)

12
docs/1.10/build_customize_contribute/customize_look_feel.md
View File

@ -1,3 +1,7 @@
[Back to table of contents](../index.md)
----------
# Customize the look & feel of Harbor
The primary look & feel of Harbor supports to be customized with several simple steps. All the relevant customization in configurations are saved in the `setting.json` file under `$HARBOR_DIR/src/portal/src` folder with `json` format and will be loaded when Harbor is launched.
@ -35,4 +39,10 @@ Change the values of configuration if you want to override the default style to
## Build
Once the `setting.json` configurations has been updated, re-[build](#configure) your product to apply the new changes.
Once the `setting.json` configurations has been updated, re-[build](#configure) your product to apply the new changes.
----------
[Back to table of contents](../index.md)

13
docs/1.10/build_customize_contribute/developer_guide_i18n.md
View File

@ -1,8 +1,12 @@
## Developing for Internationalization
[Back to table of contents](../index.md)
----------
# Developing for Internationalization
*NOTE: All the files you created should use UTF-8 encoding.*
### Steps to localize the UI in your language
Steps to localize the UI in your language
1. In the folder `src/portal/src/i18n/lang`, copy json file `en-us-lang.json` to a new file and rename it to `<language>-<locale>-lang.json` .
@ -56,3 +60,8 @@
```
4. Next, please refer [compile guideline](compile_guide.md) to rebuild and restart Harbor.
----------
[Back to table of contents](../index.md)

11
docs/1.10/build_customize_contribute/index.md
View File

@ -1,11 +0,0 @@
# Build, Customize, and Contribute to Harbor
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project.
- [Build Harbor from Source Code](compile_guide.md)
- [Developing the Harbor Frontend](ui_contribution_get_started.md)
- [Customize the Harbor Look & Feel ](customize_look_feel.md)
- [Developing for Internationalization](developer_guide_i18n.md)
- [Using Make](use_make.md)
- [View and test Harbor REST API via Swagger](configure_swagger.md)
- [Registry Landscape](registry_landscape.md)

10
docs/1.10/build_customize_contribute/registry_landscape.md
View File

@ -1,4 +1,9 @@
[Back to table of contents](../index.md)
----------
# Registry Landscape
The cloud native ecosystem is moving rapidlyregistries and their feature sets are no exception. We've made our best effort to survey the container registry landscape and compare to our core feature set.
If you find something outdated or outright erroneous, please submit a PR and we'll fix it right away.
@ -30,3 +35,8 @@ Table updated on 10/21/2019 against Harbor 1.9.
| Vulnerability Scanning Plugin Framework | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Vulnerability Whitelisting | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Webhooks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
----------
[Back to table of contents](../index.md)

9
docs/1.10/build_customize_contribute/ui_contribution_get_started.md
View File

@ -1,3 +1,7 @@
[Back to table of contents](../index.md)
----------
# Harbor frontend environment get started guide
If you already have a harbor backend environment, you can build a frontend development environment with the following configuration.
@ -92,3 +96,8 @@ If you already have a harbor backend environment, you can build a frontend devel
4. Then you can visit the Harbor by address: https://localhost:4200.
----------
[Back to table of contents](../index.md)

20
docs/1.10/build_customize_contribute/use_make.md
View File

@ -1,4 +1,10 @@
### Variables
[Back to table of contents](../index.md)
----------
# Using Make
## Variables
Variable | Description
-------------------|-------------
BASEIMAGE | Container base image, default: photon
@ -8,7 +14,8 @@ GOBUILDIMAGE | Golang image to compile harbor go source code.
NOTARYFLAG | Whether to enable notary in harbor, default:false
HTTPPROXY | Clarity proxy to build UI.
### Targets
## Targets
Target | Description
--------------------|-------------
all | prepare env, compile binaries, build images and install images
@ -33,9 +40,9 @@ cleanversiontag | remove specific version tag
cleanpackage | remove online/offline install package
version | set harbor version
#### EXAMPLE:
## Examples
#### Build and run harbor from source code.
### Build and run harbor from source code.
make install GOBUILDIMAGE=golang:1.13.4 COMPILETAG=compile_golangimage NOTARYFLAG=true
### Package offline installer
@ -46,3 +53,8 @@ make -e NOTARYFLAG=true start
### Stop harbor with notary
make -e NOTARYFLAG=true down
----------
[Back to table of contents](../index.md)

1
docs/1.10/index.md
View File

@ -74,7 +74,6 @@ This section describes how users with the developer, master, and project adminis
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project.
- [Introduction](build_customize_contribute/index.md)
- [Build Harbor from Source Code](build_customize_contribute/compile_guide.md)
- [Developing the Harbor Frontend](build_customize_contribute/ui_contribution_get_started.md)
- [Customize the Harbor Look & Feel ](build_customize_contribute/customize_look_feel.md)

2
docs/1.10/working_with_projects/create_tag_retention_rules.md
View File

@ -97,7 +97,7 @@ In this example, the rules are applied to the following 7 tags:
## How Tag Retention Rules Interact with Project Quotas
The Harbor system administrator can set a maximum on the number of tags that a project can contain and the amount of storage that it can consume. For information about project quotas, see [Set Project Quotas](#set-project-quotas).
The Harbor system administrator can set a maximum on the number of tags that a project can contain and the amount of storage that it can consume. For information about project quotas, see [Configure Project Quotas](../administration/configure_project_quotas.md).
If you set a quota on a project, this quota cannot be exceeded. The quota is applied to a project even if you set a retention rule that would exceed it. In other words, you cannot use retention rules to bypass quotas.

62
docs/1.10/working_with_projects/pulling_pushing_images.md
View File

@ -4,118 +4,114 @@
# Pulling and Pushing Images in the Docker Client
**NOTE**: Harbor only supports the Registry V2 API. You must use Docker client 1.6.0 or higher.
Harbor optionally supports HTTP connections, however the Docker client always attempts to connect to registries by first using HTTPS. If Harbor is configured for HTTP, you must configure your Docker client so that it can connect to insecure registries. In your Docker client is not configured for insecure registries, you will see the following error when you attempt to pull or push images to Harbor:
<pre>
Error response from daemon: Get https://<i>myregistrydomain.com</i>/v1/users/: dial tcp <i>myregistrydomain.com</i>:443 getsockopt: connection refused.
</pre>
For information about how to add insecure registries to your Docker client, see [Connecting to Harbor via HTTP](installation_guide.md#connect_http) in the *Harbor Installation and Configuration Guide*.
For information about how to add insecure registries to your Docker client, see [Connecting to Harbor via HTTP](../install_config/run_installer_script.md#connect_http).
You also see this error if Harbor uses HTTPS with an unknown CA certificate. In this case, obtain the registry's CA certificate, and copy it to <code>/etc/docker/certs.d/<i>myregistrydomain.com</i>/ca.crt</code>.
**NOTE**: Harbor only supports the Registry V2 API. You must use Docker client 1.6.0 or higher when pushing and pulling images.
## Pulling Images
If the project that the image belongs to is private, you should sign in first:
If the project that the image belongs to is private, you must sign in first:
```
sh
$ docker login 10.117.169.182
$ docker login <harbor_address>
```
You can now pull the image:
You can now pull an image:
```
sh
$ docker pull 10.117.169.182/library/ubuntu:14.04
$ docker pull <harbor_address>/library/ubuntu:14.04
```
**Note**: Replace "10.117.169.182" with the IP address or domain name of your Harbor node. You cannot pull an unsigned image if you enabled content trust.
**NOTE**: You cannot pull an unsigned image if you have enabled content trust.
## Pushing Images
Before pushing an image, you must create a corresponding project on Harbor web UI.
Before you can push an image to Harbor, you must create a corresponding project in the Harbor interface. For information about how to create a project, see [Create Projects](create_projects.md).
First, log in from Docker client:
```
sh
$ docker login 10.117.169.182
$ docker login <harbor_address>
```
Tag the image:
```
sh
$ docker tag ubuntu:14.04 10.117.169.182/demo/ubuntu:14.04
$ docker tag ubuntu:14.04 <harbor_address>/demo/ubuntu:14.04
```
Push the image:
```
sh
$ docker push 10.117.169.182/demo/ubuntu:14.04
$ docker push <harbor_address>/demo/ubuntu:14.04
```
**Note: Replace "10.117.169.182" with the IP address or domain name of your Harbor node.**
## Add Descriptions to Repositories
After pushing an image, an Information can be added by project admin to describe this repository.
After pushing an image, the project administrator can add information to describe the repository.
Go into the repository and select the "Info" tab, and click the "EDIT" button. An textarea will appear and enter description here. Click "SAVE" button to save this information.
Go into the repository and select the **Info** tab, and click the **Edit** button. Enter a description and click **Save** to save the description.
![edit info](../img/edit_description.png)
## Download the Harbor Certificate
Users can click the "registry certificate" link to download the registry certificate.
Users can click the **Registry Certificate** button to download the registry certificate.
![browse project](../img/download_harbor_certs.png)
## Deleting Repositories
Repository deletion runs in two steps.
Deleting repositories involves two steps.
First, delete a repository in Harbor's UI. This is soft deletion. You can delete the entire repository or just a tag of it. After the soft deletion,
the repository is no longer managed in Harbor, however, the files of the repository still remain in Harbor's storage.
First, you delete a repository in the Harbor interface. This is soft deletion. You can delete the entire repository or just one of its tags. After the soft deletion, the repository is no longer managed by Harbor, however, the repository files remain in the Harbor storage.
![browse project](../img/new_delete_repo.png)
![browse project](../img/new_delete_tag.png)
**CAUTION: If both tag A and tag B refer to the same image, after deleting tag A, B will also get deleted. if you enabled content trust, you need to use notary command line tool to delete the tag's signature before you delete an image.**
Next, delete the actual files of the repository using the [garbage collection](#online-garbage-collection) in Harbor's UI.
Next, delete the repository files by running [garbage collection](../administration/garbage_collection.md) in the Harbor interface.
## Pulling Images from Harbor in Kubernetes
Kubernetes users can easily deploy pods with images stored in Harbor. The settings are similar to that of another private registry. There are two major issues:
Kubernetes users can easily deploy pods with images stored in Harbor. The settings are similar to those of any other private registry. There are two issues to be aware of:
1. When your Harbor instance is hosting http and the certificate is self signed. You need to modify daemon.json on each work node of your cluster, for details please refer to: https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry
2. If your pod references an image under private project, you need to create a secret with the credentials of user who has permission to pull image from this project, for details refer to: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1. When your Harbor instance is hosting HTTP and the certificate is self-signed, you must modify `daemon.json` on each work node of your cluster. For information, see https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry.
2. If your pod references an image under a private project, you must create a secret with the credentials of a user who has permission to pull images from the project. For information, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.
## Configure Notary Content Trust
In harbor.yml, make sure https is enabled, and the attributes `ssl_cert` and `ssl_cert_key` are pointed to valid certificates. For more information about generating https certificate please refer to: [Configuring HTTPS for Harbor](configure_https.md)
Make sure that `https` is enabled in `harbor.yml` and the attributes `ssl_cert` and `ssl_cert_key` point to valid certificates. For more information about generating a HTTPS certificate, see [Configure HTTPS Access to Harbor](../install_config/configure_https.md).
### Copy Root Certificate
### Copy the Root Certificate
Suppose the Harbor instance is hosted on a machine `192.168.0.5`
If you are using a self-signed certificate, make sure to copy the CA root cert to `/etc/docker/certs.d/192.168.0.5/` and `~/.docker/tls/192.168.0.5:4443/`
If Harbor instance is hosted at 192.168.0.5, ff you are using a self-signed certificate, copy the Harbor CA root cert to `/etc/docker/certs.d/192.168.0.5/` and `~/.docker/tls/192.168.0.5:4443/` on the machine on which you run the Docker client.
### Enable Docker Content Trust
It can be done via setting environment variables:
You can enable content trust by setting the following environment variables on the machine on which you run the Docker client.
```
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5:4443
```
### Set alias for notary (optional)
### Set Alias for Notary (optional)
Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort:
By default the local directory for storing meta files for the Notary client is different from the one for the Docker client. To simplify the use of the Notary client to manipulate the keys/meta files that are generated by Docker content trust, you can set an alias.
```
alias notary="notary -s https://192.168.0.5:4443 -d ~/.docker/trust --tlscacert /etc/docker/certs.d/192.168.0.5/ca.crt"

15
docs/1.10/working_with_projects/retagging_images.md
View File

@ -4,19 +4,18 @@
# Retagging Images
Images retag helps users to tag images in Harbor, images can be tagged to different repositories and projects, as long as the users have sufficient permissions. For example,
You can retag images in Harbor. Users with sufficient privileges can retag images to different repositories and projects. For example, you can retag images as follows:
```
release/app:stg --> release/app:prd
develop/app:v1.0 --> release/app:v1.0
```
To retag an image, users should have read permission (guest role or above) to the source project and write permission (developer role or above) to the target project.
- `release/app:stg` --> `release/app:prd`
- `develop/app:v1.0` --> `release/app:v1.0`
In Harbor portal, select the image you'd like to retag, and click the enabled `Retag` button to open the retag dialog.
To retag an image, you must have read permission (guest role or above) in the source project and write permission (developer role or above) in the target project.
In the Harbor interface, select the image to retag, and click `Retag`.
![retag image](../img/retag_image.png)
In the retag dialog, project name, repository name and the new tag should be specified. On click the `CONFIRM` button, the new tag would be created instantly. You can check the new tag in the corresponding project.
In the Retag windown, enter the project name, repository name, the new tag name, and click **Confirm**.
----------