Harbor镜像仓库user_guide
Visting Harbor
访问客户端配置hosts:IP reg.test.com
访问https://reg.test.com/,会提示“您的连接不是私密连接”,选择“继续访问”。
使用管理员账户admin,Harbor12345登录仓库。
Managing projects(管理项目)
A project in Harbor contains all repositories of an application. No images can be pushed to Harbor before the project is created. RBAC is applied to a project. There are two types of projects in Harbor:
-
Public: All users have the read privilege to a public project, it's convenient for you to share some repositories with others in this way.
-
Private: A private project can only be accessed by users with proper privileges.
You can create a project after you signed in. Check on the "Access Level" checkbox will make this project public.
After the project is created, you can browse repositories, members, logs, replication and configuration using the navigation tab.
There are two views to show repositories, listview, and cardview, you can switch between them by click correspond icon.
All logs can be listed by clicking "Logs". You can apply a filter by username, or operations and dates under "Advanced Search".
Project properties can be changed by clicking "Configuration".
-
To make all repositories under the project accessible to everyone, select the
Public
checkbox. -
To prevent un-signed images under the project from being pulled, select the
Enable content trust
checkbox. -
To prevent vulnerable images under the project from being pulled, select the
Prevent vulnerable images from running
checkbox and change the severity level of vulnerabilities. Images cannot be pulled if their level equals to or higher than the currently selected level. -
To activate an immediate vulnerability scan on new images that are pushed to the project, select the
Automatically scan images on push
checkbox.
Managing members of a project(管理项目成员)
Adding members(添加成员)
You can add members with different roles to an existing project. You can add a LDAP/AD user to project members under LDAP/AD authentication mode.
Updating and removing members
You can check one or more members, then click MEMBER ACTION
, choose one role to batch switch checked members's roles. You can also click MEMBER.REMOVE
to batch remove checked members.
Images Demo
-
创建用户,不同的用户管理不同的项目。
-
创建项目并为其添加成员,被加成员对该项目就有响应权限了。
-
上传、下拉镜像
# docker login -u jianghy -p Jiang123 reg.gisnci.com WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
# docker login reg.gisnci.com Username (jianghy): jianghy Password: Login Succeeded
-
-
将harbor主机上的reg.gisnci.com.crt证书传到docker主机的/etc/docker/certs.d/reg.gisnci.com目录以做认证。
-
mkdir /etc/docker/certs.d/reg.gisnci.com –p创建存放证书的目录。
-
docker login reg.gisnci.com登录Harbor(第一种方便,第二种安全,实际中请使用第二种)
-
给本地busybox:latest镜像打tag并上传至Harbor。
-
docker tag busybox:latest reg.gisnci.com/test/busybox:latest或者docker tag IMAGEID Registry/Project/image:tag
-
docker push reg.gisnci.com/test/busybox:latest
-
-
拉取镜像
-
docker rmi -f busybox:latest
-
docker pull reg.gisnci.com/test/busybox:latest
-
-
附:
停止Harbor
# cd harbor # docker-compose stop
启动Harbor
# cd harbor # docker-compose start
官方安装文档
https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
https官方配置指南
https://github.com/vmware/harbor/blob/master/docs/configure_https.md