Commit e7d1563c authored by jonasrosland's avatar jonasrosland
Browse files

Moving docs from the harbor to the website repo


Signed-off-by: default avatarjonasrosland <jrosland@vmware.com>
parent 112e38a0
name: Build and Deploy to Netlify
on:
push:
paths:
- 'docs/**'
branches:
- master
jobs:
build:
runs-on: ubuntu-18.04
steps:
- name: Deploy new-site to Netlify
run: curl -X POST -d {} ${{ secrets.NETLIFY_BUILD_HOOK }}
# Harbor Adopters
Below is a list of adopters of Harbor in **production environments** that have
publicly shared the details of their usage as well as the benefits provided by
Harbor that their business relies on. There are some unreferenceable users that
......@@ -8,34 +9,35 @@ publicly at this time.
There are many additional adopters of Harbor in the evaluating phase that will
be added to this list as they transition to production deployments.
<a href="https://www.jd.com" border="0" target="_blank"><img alt="JD.com" src="docs/img/adopters/jd.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.trendmicro.com" border="0" target="_blank"><img alt="trendmicro" src="docs/img/adopters/trendmicro.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.datayes.com" border="0" target="_blank"><img alt="DataYes" src="docs/img/adopters/datayes.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.axatp.com" border="0" target="_blank"><img alt="axatp" src="docs/img/adopters/axatp.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="https://www.360totalsecurity.com/en/" target="_blank" border="0"><img alt="360 Total Security" src="docs/img/adopters/360.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.talkingdata.com" border="0" target="_blank"><img alt="talkingdata" src="docs/img/adopters/talkingdata.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.boericasa.com/index.html" border="0" target="_blank"><img alt="BoerSmart" src="docs/img/adopters/boer.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.open.com.cn" border="0" target="_blank"><img alt="OpenEdutainment" src="docs/img/adopters/openedutainment.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.ifre.com.cn" border="0" target="_blank"><img alt="iFRE" src="docs/img/adopters/ifre.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="http://www.boco.com.cn:8080/bocoit/" border="0" target="_blank"><img alt="BOCOIT" src="docs/img/adopters/bocoit.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.wise2c.com/" border="0" target="_blank"><img alt="wise2c" src="docs/img/adopters/wise2c.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.hydsoft.com/" border="0" target="_blank"><img alt="HYDSoft" src="docs/img/adopters/hydsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloud-star.com.cn/" border="0" target="_blank"><img alt="CloudStar" src="docs/img/adopters/cloudstar.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.beyondsoft.com/" border="0" target="_blank"><img alt="BeyondSoft" src="docs/img/adopters/beyondsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.chinamobileltd.com/" border="0" target="_blank"><img alt="ChinaMobile" src="docs/img/adopters/china-mobile.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.caicloud.io" target="_blank" border="0"><img alt="CaiCloud" src="docs/img/adopters/caicloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://rancher.com/" target="_blank" border="0"><img alt="Rancher" src="docs/img/adopters/rancher.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.tenxcloud.com/" target="_blank" border="0"><img alt="TenxCloud" src="docs/img/adopters/tenxcloud.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.bingocc.com/" target="_blank" border="0"><img alt="BingoCloud" src="docs/img/adopters/bingocloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.jd.com" border="0" target="_blank"><img alt="JD.com" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/jd.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.trendmicro.com" border="0" target="_blank"><img alt="trendmicro" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/trendmicro.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.datayes.com" border="0" target="_blank"><img alt="DataYes" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/datayes.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.axatp.com" border="0" target="_blank"><img alt="axatp" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/axatp.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="https://www.360totalsecurity.com/en/" target="_blank" border="0"><img alt="360 Total Security" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/360.png" height="50"></a>&nbsp; &nbsp; &nbsp;
<a href="https://www.talkingdata.com" border="0" target="_blank"><img alt="talkingdata" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/talkingdata.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.boericasa.com/index.html" border="0" target="_blank"><img alt="BoerSmart" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/boer.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.open.com.cn" border="0" target="_blank"><img alt="OpenEdutainment" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/openedutainment.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.ifre.com.cn" border="0" target="_blank"><img alt="iFRE" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/ifre.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp; <br/><br/>
<a href="http://www.boco.com.cn:8080/bocoit/" border="0" target="_blank"><img alt="BOCOIT" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/bocoit.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.wise2c.com/" border="0" target="_blank"><img alt="wise2c" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/wise2c.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.hydsoft.com/" border="0" target="_blank"><img alt="HYDSoft" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/hydsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloud-star.com.cn/" border="0" target="_blank"><img alt="CloudStar" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/cloudstar.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.beyondsoft.com/" border="0" target="_blank"><img alt="BeyondSoft" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/beyondsoft.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.chinamobileltd.com/" border="0" target="_blank"><img alt="ChinaMobile" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/china-mobile.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.caicloud.io" target="_blank" border="0"><img alt="CaiCloud" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/caicloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://rancher.com/" target="_blank" border="0"><img alt="Rancher" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/rancher.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.tenxcloud.com/" target="_blank" border="0"><img alt="TenxCloud" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/tenxcloud.png" height="70"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.bingocc.com/" target="_blank" border="0"><img alt="BingoCloud" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/bingocloud.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<br/><br/>
<a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/adopters/slamtec.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloudchef.io/" target="_blank" border="0"><img alt="CloudChef" src="docs/img/adopters/cloudchef.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://pivotal.io/" target="_blank" border="0"><img alt="Pivotal" src="docs/img/adopters/pivotal.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.163yun.com" target="_blank" border="0"><img alt="Netease Cloud" src="docs/img/adopters/wangyi.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.yanrongyun.com" target="_blank" border="0"><img alt="Yanrongyun" src="docs/img/adopters/Yanrong.jpg" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://anchore.com" target="_blank" border="0"><img alt="Anchore" src="docs/img/adopters/anchore_logo.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/slamtec.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.cloudchef.io/" target="_blank" border="0"><img alt="CloudChef" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/cloudchef.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://pivotal.io/" target="_blank" border="0"><img alt="Pivotal" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/pivotal.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://www.163yun.com" target="_blank" border="0"><img alt="Netease Cloud" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/wangyi.png" height="50"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="http://www.yanrongyun.com" target="_blank" border="0"><img alt="Yanrongyun" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/Yanrong.jpg" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
<a href="https://anchore.com" target="_blank" border="0"><img alt="Anchore" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/adopters/anchore_logo.png" height="40"></a>&nbsp; &nbsp; &nbsp; &nbsp;
## Success Stories
**JD.com:** Harbor is the registry service of JD.com’s JDOS
platform. Harbor has been used for over 2 years in production with tens of
thousands of nodes and managing millions of container images.
......@@ -82,5 +84,6 @@ feature within Harbor before deploying images into production.
and scan customized container images for different business applications, like
ELK stack, as part of their CI/CD pipeline.
# Adding a logo
If you would like to add your logo to the `Users and Partners of Harbor` section of the website, add a PNG version of your logo to the docs/img/adopters directory in this repo and submit a pull request with your change. Name the image file something that reflects your company (e.g., if your company is called Acme, name the image acme.png). We will follow up and make the change in the goharbor.io website as well.
## Adding your logo
If you would like to add your logo here and to the `Users and Partners of Harbor` section of the website, add a PNG or SVG version of your logo to the [adopters](https://github.com/goharbor/website/tree/master/docs/img/adopters) directory of the [website](https://github.com/goharbor/website) and submit a pull request with your change. Name the image file something that reflects your company (e.g., if your company is called Acme, name the image acme.png). We will follow up and make the change in the goharbor.io website as well.
......@@ -43,7 +43,7 @@ git fetch $USER
```
**NOTES:** Note that GOPATH can be any directory, the example above uses $HOME/go. Change $USER above to your own GitHub username.
To build the project, please refer the [build](docs/build-customize-contribute/compile-guide.md) guideline.
To build the project, please refer the [build](https://goharbor.io/docs/2.0.0/build-customize-contribute/compile-guide/) guideline.
### Repository Structure
......@@ -52,7 +52,6 @@ Here is the basic structure of the harbor code base. Some of the key folders / f
.
...
├── contrib # Contain documents, scripts, and other helpful things which are contributed by the community
├── docs # Keep documents here
├── make # Resource for building and setting up Harbor environment
...
├── src # Source code folder
......@@ -170,8 +169,7 @@ cd $REPO_DIR/src/portal/lib
npm install
```
To run the code, please refer to the [build](docs/compile_guide.md) guideline.
To run the code, please refer to the [build](https://goharbor.io/docs/2.0.0/build-customize-contribute/compile-guide/) guideline.
## Contribute Workflow
......@@ -181,9 +179,6 @@ Please submit a PR broken down into small changes bit by bit. A PR consisting of
Note: If you split your pull request to small changes, please make sure any of the changes goes to master will not break anything. Otherwise, it can not be merged until this feature complete.
The graphic shown below describes the overall workflow about how to contribute code to Harbor repository.
![contribute workflow](docs/img/workflow.png)
### Fork and clone
Fork the Harbor repository and clone the code to your local workspace. Per Go's [workspace instructions](https://golang.org/doc/code.html#Workspaces), place Harbor's code on your `GOPATH`. Refer to section [Fork Repository](#fork-repository) for details.
......@@ -252,7 +247,7 @@ Run UI library test cases:
npm run test
```
To build the code, please refer to [build](docs/build-customize-contribute/compile-guide.md) guideline.
To build the code, please refer to [build](https://goharbor.io/docs/2.0.0/build-customize-contribute/compile-guide/) guideline.
### Keep sync with upstream
......@@ -336,9 +331,9 @@ Be sure to include the steps to reproduce the problem if applicable. It can help
Update the documentation if you are creating or changing features. Good documentation is as important as the code itself.
The main location for the document is the `docs/` folder. The images referred in documents can be placed in `docs/img`.
The main location for the documentation is the [website repository](https://github.com/goharbor/website). The images referred to in documents can be placed in `docs/img` in that repo.
Documents are written with Markdown text. See [Writing on GitHub](https://help.github.com/categories/writing-on-github/) for more details.
Documents are written with Markdown. See [Writing on GitHub](https://help.github.com/categories/writing-on-github/) for more details.
## Design new features
......
......@@ -10,7 +10,7 @@
![CONFORMANCE_TEST](https://github.com/goharbor/harbor/workflows/CONFORMANCE_TEST/badge.svg)
</br>
|![notification](docs/img/readme/bell-outline-badged.svg)Community Meeting|
|![notification](https://raw.githubusercontent.com/goharbor/website/master/docs/img/readme/bell-outline-badged.svg)Community Meeting|
|------------------|
|The Harbor Project holds bi-weekly community calls in two different timezones. To join the community calls or to watch previous meeting notes and recordings, please visit the [meeting schedule](https://github.com/goharbor/community/blob/master/MEETING_SCHEDULE.md).|
......@@ -19,7 +19,7 @@
**Note**: The `master` branch may be in an *unstable or even broken state* during development.
Please use [releases](https://github.com/vmware/harbor/releases) instead of the `master` branch in order to get a stable set of binaries.
<img alt="Harbor" src="docs/img/readme/harbor_logo.png">
<img alt="Harbor" src="https://raw.githubusercontent.com/goharbor/website/master/docs/img/readme/harbor_logo.png">
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.
......@@ -39,7 +39,7 @@ Harbor is hosted by the [Cloud Native Computing Foundation](https://cncf.io) (CN
* **Graphical user portal**: User can easily browse, search repositories and manage projects.
* **Auditing**: All the operations to the repositories are tracked through logs.
* **RESTful API**: RESTful APIs are provided to facilitate administrative operations, and are easy to use for integration with external systems. An embedded Swagger UI is available for exploring and testing the API.
* **Easy deployment**: Harbor can be deployed via Docker compose as well Helm Chart. A Harbor Operator was added recently as well - https://goharbor.io/docs/1.10/build-customize-contribute/e2e_api_python_based_scripting_guide/
* **Easy deployment**: Harbor can be deployed via Docker compose as well Helm Chart. A Harbor Operator was added recently as well - https://goharbor.io/docs/2.0.0/build-customize-contribute/e2e_api_python_based_scripting_guide/
## Architecture
......@@ -57,11 +57,11 @@ For learning the architecture design of Harbor, check the document [Architecture
**On a Linux host:** docker 17.06.0-ce+ and docker-compose 1.18.0+ .
Download binaries of **[Harbor release ](https://github.com/vmware/harbor/releases)** and follow **[Installation & Configuration Guide](docs/install-config/_index.md)** to install Harbor.
Download binaries of **[Harbor release ](https://github.com/vmware/harbor/releases)** and follow **[Installation & Configuration Guide](https://goharbor.io/docs/2.0.0/install-config/)** to install Harbor.
If you want to deploy Harbor on Kubernetes, please use the **[Harbor chart](https://github.com/goharbor/harbor-helm)**.
Refer to **[User Guide](docs/user_guide.md)** for more details on how to use Harbor.
Refer to the **[documentation](https://goharbor.io/docs/)** for more details on how to use Harbor.
## OCI Distribution Conformance Tests
......@@ -69,11 +69,11 @@ Check the OCI distribution conformance tests [report](https://storage.googleapis
## Compatibility
The [compatibility list](./docs/install-config/harbor-compatibility-list.md) document provides compatibility information for the Harbor components.
The [compatibility list](https://goharbor.io/docs/2.0.0/install-config/harbor-compatibility-list/) document provides compatibility information for the Harbor components.
* [Replication adapters](./docs/install-config/harbor-compatibility-list.md#Replication-Adapters)
* [OIDC adapters](./docs/install-config/harbor-compatibility-list.md#OIDC-Adapters)
* [Scanner adapters](./docs/install-config/harbor-compatibility-list.md#Scanner-Adapters)
* [Replication adapters](https://goharbor.io/docs/2.0.0/install-config/harbor-compatibility-list/#replication-adapters)
* [OIDC adapters](https://goharbor.io/docs/2.0.0/install-config/harbor-compatibility-list/#oidc-adapters)
* [Scanner adapters](https://goharbor.io/docs/2.0.0/install-config/harbor-compatibility-list/#scanner-adapters)
## Community
......@@ -84,7 +84,7 @@ The [compatibility list](./docs/install-config/harbor-compatibility-list.md) doc
## Demos
* **[Live Demo](https://demo.goharbor.io)** - A demo environment with the latest Harbor stable build installed. For additional information please refer to [this page](docs/demo_server.md).
* **[Live Demo](https://demo.goharbor.io)** - A demo environment with the latest Harbor stable build installed. For additional information please refer to [this page](https://goharbor.io/docs/2.0.0/install-config/demo-server/).
* **[Video Demos](https://github.com/goharbor/harbor/wiki/Video-demos-for-Harbor)** - Demos for Harbor features and continuously updated.
## Partners and Users
......@@ -95,7 +95,7 @@ For a list of users, please refer to [ADOPTERS.md](ADOPTERS.md).
### Security Audit
A third party security audit was performed by Cure53 in October of 2019. You can see the full report [here](docs/security/Harbor_Security_Audit_Oct2019.pdf).
A third party security audit was performed by Cure53 in October of 2019. You can see the full report [here](https://goharbor.io/docs/2.0.0/security/Harbor_Security_Audit_Oct2019.pdf).
### Reporting security vulnerabilities
......
Harbor Documentation
# Harbor Documentation
This is the main table of contents for the Harbor 1.10.x documentation.
All Harbor documentation is presented on [goharbor.io/docs](https://goharbor.io/docs).
## Harbor Installation and Configuration
This section describes how to install Harbor and perform the required initial configurations. These day 1 operations are performed by the Harbor Administrator.
- [Introduction](install-config/_index.md)
- [Test Harbor with the Demo Server](install-config/demo-server.md)
- [Harbor Compatibility List](install-config/harbor-compatibility-list.md)
- [Harbor Installation Prerequisites](install-config/installation-prereqs.md)
- [Download the Harbor Installer](install-config/download-installer.md)
- [Configure HTTPS Access to Harbor](install-config/configure-https.md)
- [Configure the Harbor YML File](install-config/configure-yml-file.md)
- [Run the Installer Script](install-config/run-installer-script.md)
- [Deploying Harbor with High Availability via Helm](install-config/harbor-ha-helm.md)
- [Deploy Harbor with the Quick Installation Script](install-config/quick-install-script.md)
- [Troubleshooting Harbor Installation](install-config/troubleshoot-installation.md)
- [Reconfigure Harbor and Manage the Harbor Lifecycle](install-config/reconfigure-manage-lifecycle.md)
- [Customize the Harbor Token Service](install-config/customize-token-service.md)
- [Configure Harbor User Settings at the Command Line](install-config/configure-user-settings-cli.md)
## Harbor Administration
This section describes how to use and maintain Harbor after deployment. These day 2 operations are performed by the Harbor Administrator.
- [Introduction](administration/_index.md)
- [Configuring Authentication](administration/configure-authentication/_index.md)
- [Configure Database Authentication](administration/configure-authentication/db-auth.md)
- [Configure LDAP/Active Directory Authentication](administration/configure-authentication/ldap-auth.md)
- [Configure OIDC Provider Authentication](administration/configure-authentication/oidc-auth.md)
- [Managing Users](administration/managing-users/_index.md)
- [User Permissions By Role](administration/managing-users/user-permissions-by-role.md)
- [Create User Accounts in Database Mode](administration/managing-users/create-users-db.md)
- [Configure Global Settings](administration/general-settings/_index.md)
- [Configure Project Quotas](administration/configure-project-quotas/_index.md)
- [Configuring Replication](administration/configuring-replication/_index.md)
- [Create Replication Endpoints](administration/configuring-replication/create-replication-endpoints.md)
- [Create Replication Rules](administration/configuring-replication/create-replication-rules.md)
- [Manage Replications](administration/configuring-replication/manage-replications.md)
- [Vulnerability Scanning](administration/vulnerability-scanning/_index.md)
- [Connect Harbor to Additional Vulnerability Scanners](administration/vulnerability-scanning/pluggable-scanners.md)
- [Scan Individual Images](administration/vulnerability-scanning/scan-individual-image.md)
- [Scan All Images](administration/vulnerability-scanning/scan-all-images.md)
- [Schedule Scans](administration/vulnerability-scanning/schedule-scans.md)
- [Import Vulnerability Data to an Offline Harbor instance](administration/vulnerability-scanning/import-vulnerability-data.md)
- [Configure System-Wide CVE Allowlists](administration/vulnerability-scanning/configure-system-allowlist.md)
- [Garbage Collection](administration/garbage-collection/_index.md)
- [Upgrade Harbor and Migrate Data](administration/upgrade/upgrade-migrate-data.md)
- [Upgrading Harbor Deployed with Helm](administration/upgrade/helm-upgrade.md)
- [Roll Back an Upgrade](administration/upgrade/roll-back-upgrade.md)
- [Test Harbor Upgrade](administration/upgrade/upgrade-test.md)
## Working with Harbor Projects
This section describes how users with the developer, master, and project administrator roles manage and participate in Harbor projects.
- [Introduction](working-with-projects/_index.md)
- [Create Projects](working-with-projects/create-projects/_index.md)
- [Assign Users to a Project](working-with-projects/add-users.md)
- [Project Configuration](working-with-projects/project-configuration/_index.md)
- [Access and Search Project Logs](working-with-projects/access-project-logs.md)
- [Create Robot Accounts](working-with-projects/create-robot-accounts.md)
- [Configure Webhook Notifications](working-with-projects/configure-webhooks.md)
- [Configure a Per-Project CVE Allowlist](working-with-projects/configure-project-allowlist.md)
- [Implementing Content Trust](working-with-projects/implementing-content-trust.md)
- [Working with Images, Tags, and Helm Charts](working-with-projects/working-with-images.md)
- [Pulling and Pushing Images](working-with-projects/pulling-pushing-images.md)
- [Create Labels](working-with-projects/create-labels.md)
- [Retag Images](working-with-projects/retagging-images.md)
- [Create Tag Retention Rules](working-with-projects/create-tag-retention-rules.md)
- [Create Tag Immutability Rules](working-with-projects/create-tag-immutability-rules.md)
- [Manage Kubernetes Packages with Helm Charts](working-with-projects/managing-helm-charts.md)
- [Using API Explorer](working-with-projects/using-api-explorer/_index.md)
## Build, Customize, and Contribute to Harbor
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project.
- [Build Harbor from Source Code](build-customize-contribute/compile-guide.md)
- [Developing the Harbor Frontend](build-customize-contribute/ui-contribution-get-started.md)
- [Customize the Harbor Look & Feel ](build-customize-contribute/customize-look-feel.md)
- [Developing for Internationalization](build-customize-contribute/developer-guide-i18n.md)
- [Using Make](build-customize-contribute/use-make.md)
- [View and test Harbor REST API via Swagger](build-customize-contribute/configure-swagger.md)
- [Registry Landscape](build-customize-contribute/registry-landscape.md)
- [E2E Test Scripting Guide](build-customize-contribute/e2e_api_python_based_scripting_guide.md)
See also the list of [Articles from the Harbor Community](https://github.com/goharbor/harbor/blob/master/docs/README.md#articles-from-the-community).
To contribute to the documentation, please head over to the [website repository](https://github.com/goharbor/website).
---
title: Harbor 2.0 Documentation
---
Welcome to the Harbor 2.0.x documentation. This documentation includes all of the information that you need to install, configure, and use Harbor.
## Harbor Installation and Configuration
This section describes how to install Harbor and perform the required initial configuration. These day 1 operations are performed by the Harbor Administrator. [Read more](install-config/_index.md)
## Harbor Administration
This section describes how to use and maintain your Harbor registry instance after deployment. These day 2 operations are performed by the Harbor Administrator. [Read more](administration/_index.md)
## Working with Harbor Projects
This section describes how users with the developer, master, and project administrator roles manage users, and create, configure, and participate in Harbor projects. [Read more](working-with-projects/_index.md)
## Building, Customizing, and Contributing to Harbor
This section describes how developers can build from Harbor source code, customize their deployments, and contribute to the open-source Harbor project. [Read more](build-customize-contribute/_index.md)
## Access the Documentation Source Files
The source files for this documentation set are located in the [Harbor repository on Github](https://github.com/goharbor/harbor/tree/release-2.0.0/docs).
For versions of the docs before 2.0.x, go to the [`docs` folder in the Github repository](https://github.com/goharbor/harbor/tree/master/docs) and select the appropriate `release-1.xx.x` branch.
\ No newline at end of file
---
title: Harbor Administration
weight: 10
---
This section describes how to configure and maintain Harbor after deployment. These operations are performed by the Harbor system administrator. The Harbor system administrator performs global configuration operations that apply to the whole Harbor instance.
The operations that are performed by the Harbor system administrator are the following.
- Select database, LDAP/Active Directory, or OIDC based authentication. For information, see [Configuring Authentication](configure-authentication).
- Add users in database authentication mode and assign the system administrator role to other users. For information, see [Managing Users](managing-users).
- Configure global settings, such as configuring an email server, setting the registry to read-only mode, and restriction who can create projects. For information, see [Configure Global Settings](general-settings).
- Apply resource quotas to projects. For information, see [Configure Project Quotas](configure-project-quotas).
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](configuring-replication).
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](vulnerability-scanning).
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](garbage-collection).
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](upgrade/upgrade-migrate-data.md).
---
title: Configuring Authentication
weight: 10
---
Harbor supports different modes for authenticating users and managing user accounts. You should select an authentication mode as soon as you deploy Harbor.
{{< important >}}
If you create user accounts in the Harbor database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
{{< /important >}}
- [Database Authentication](db-auth.md): You create and manage user accounts directly in Harbor. The user accounts are stored in the Harbor database.
- [LDAP/Active Directory Authentication](ldap-auth.md): You connect Harbor to an external LDAP/Active Directory server. The user accounts are created and managed by your LDAP/AD provider.
- [OIDC Provider Authentication](oidc-auth.md): You connect Harbor to an external OIDC provider. The user accounts are created and managed by your OIDC provider.
The Harbor interface offers an option to configure UAA authentication. This authentication mode is not recommended and is not documented in this guide.
---
title: Configure Database Authentication
weight: 15
---
In database authentication mode, user accounts are stored in the local database. By default, only the Harbor system administrator can create user accounts to add users to Harbor. You can optionally configure Harbor to allow self-registration.
{{< important >}}
If you create users in the database, Harbor is locked in database mode. You cannot change to a different authentication mode after you have created local users.
{{< /important >}}
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
1. Leave **Auth Mode** set to the default **Database** option.
![Database authentication](../../../img/db-auth.png)
1. Optionally select the **Allow Self-Registration** check box.
![Enable self-registration](../../../img/new-self-reg.png)
If you enable the self registration option, users can register themselves in Harbor. Self-registration is disabled by default. If you enable self-registration, unregistered users can sign up for a Harbor account by clicking **Sign up for an account** in the Harbor log in page.
![Enable self-registration](../../../img/self-registration-login.png)
## What to Do Next
For information about how to create users in database authentication mode, see [Create User Accounts in Database Mode](../managing-users/create-users-db.md).
---
title: Configure LDAP/Active Directory Authentication
weight: 20
---
If you select LDAP/AD authentication, users whose credentials are stored in an external LDAP or AD server can log in to Harbor directly. In this case, you do not create user accounts in Harbor.
{{< important >}}
You can change the authentication mode from database to LDAP only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
{{< /important >}}
Because the users are managed by LDAP or AD, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in LDAP/AD authentication mode.
If you want to manage user authentication by using LDAP groups, you must enable the `memberof` feature on the LDAP/AD server. With the `memberof` feature, the LDAP/AD user entity's `memberof` attribute is updated when the group entity's `member` attribute is updated, for example by adding or removing an LDAP/AD user from the LDAP/AD group. This feature is enabled by default in Active Directory. For information about how to enable and verify `memberof` overlay in OpenLDAP, see [this technical note](https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay).
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
1. Use the **Auth Mode** drop-down menu to select **LDAP**.
![LDAP authentication](../../../img/select-ldap-auth.png)
1. Enter the address of your LDAP server, for example `ldaps://10.162.16.194`.
1. Enter information about your LDAP server.
- **LDAP Search DN** and **LDAP Search Password**: When a user logs in to Harbor with their LDAP username and password, Harbor uses these values to bind to the LDAP/AD server. For example, `cn=admin,dc=example.com`.
- **LDAP Base DN**: Harbor looks up the user under the LDAP Base DN entry, including the subtree. For example, `dc=example.com`.
- **LDAP Filter**: The filter to search for LDAP/AD users. For example, `objectclass=user`.
- **LDAP UID**: An attribute, for example `uid`, or `cn`, that is used to match a user with the username. If a match is found, the user's password is verified by a bind request to the LDAP/AD server.
- **LDAP Scope**: The scope to search for LDAP/AD users. Select from **Subtree**, **Base**, and **OneLevel**.
![Basic LDAP configuration](../../../img/ldap-auth.png)
1. If you want to manage user authentication with LDAP groups, configure the group settings.
- **LDAP Group Base DN**: The base DN from which to lookup a group in LDAP/AD. For example, `ou=groups,dc=example,dc=com`.
- **LDAP Group Filter**: The filter to search for LDAP/AD groups. For example, `objectclass=groupOfNames`.
- **LDAP Group GID**: The attribute used to name an LDAP/AD group. For example, `cn`.
- **LDAP Group Admin DN**: All LDAP/AD users in this group DN have Harbor system administrator privileges.
- **LDAP Group Membership**: The user attribute usd to identify a user as a member of a group. By default this is `memberof`.
- **LDAP Scope**: The scope to search for LDAP/AD groups. Select from **Subtree**, **Base**, and **OneLevel**.
![LDAP group configuration](../../../img/ldap-groups.png)
1. Uncheck **LDAP Verify Cert** if the LDAP/AD server uses a self-signed or untrusted certificate.
![LDAP certificate verification](../../../img/ldap-cert-test.png)
1. Click **Test LDAP Server** to make sure that your configuration is correct.
1. Click **Save** to complete the configuration.
---
title: Configure OIDC Provider Authentication
weight: 25
---
If you select OpenID Connect (OIDC) authentication, users log in to the Harbor interface via an OIDC single sign-on (SSO) provider, such as Okta, KeyCloak, or dex. In this case, you do not create user accounts in Harbor.
{{< important >}}
You can change the authentication mode from database to OIDC only if no local users have been added to the database. If there is at least one user other than `admin` in the Harbor database, you cannot change the authentication mode.
{{< /important >}}
Because the users are managed by the OIDC provider, self-registration, creating users, deleting users, changing passwords, and resetting passwords are not supported in OIDC authentication mode.
### Configure Your OIDC Provider
You must configure your OIDC provider so that you can use it with Harbor. For precise information about how to perform these configurations, see the documentation for your OIDC provider.
- Set up the users and groups that will use the OIDC provider to log in to Harbor. You do not need to assign any specific OIDC roles to users or groups as these do not get mapped to Harbor roles.
- The URL of the OIDC provider endpoint, known as the Authorization Server in OAuth terminology, must service the well-known URI for its configuration document. For more information about the configuration document, see the [OpenID documentation](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest).
- To manage users by using OIDC groups, create a custom group claim that contains all of the user groups that you want to register in Harbor. The group claim must be mapped in the ID token that is sent to Harbor when users log in. You can enable the `memberof` feature on the OIDC provider. With the `memberof` feature, the OIDC user entity's `memberof` attribute is updated when the group entity's `member` attribute is updated, for example by adding or removing an OIDC user from the OIDC group.
- Register Harbor as a client application with the OIDC provider. Associate Harbor's callback URI to the client application as a `redirectURI`. This is the address to which the OIDC provider sends ID tokens.
### Configure an OIDC Provider in Harbor
Before configuring an OIDC provider in Harbor, make sure that your provider is configured correctly according to the preceding section.
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Under **Administration**, go to **Configuration** and select the **Authentication** tab.
1. Use the **Auth Mode** drop-down menu to select **OIDC**.
![LDAP authentication](../../../img/select-oidc-auth.png)
1. Enter information about your OIDC provider.
- **OIDC Provider Name**: The name of the OIDC provider.
- **OIDC Provider Endpoint**: The URL of the endpoint of the OIDC provider.
- **OIDC Client ID**: The client ID with which Harbor is registered as client application with the OIDC provider.
- **OIDC Client Secret**: The secret for the Harbor client application.
- **Group Claim Name**: The name of a custom group claim that you have configured in your OIDC provider, that includes the groups to add to Harbor.
- **OIDC Scope**: A comma-separated string listing the scopes to be used during authentication.
The OIDC scope must contain `openid` and usually also contains `profile` and `email`. To obtain refresh tokens it should also contain `offline_access`. If you are using OIDC groups, a scope must identify the group claim. Check with your OIDC provider administrator for precise details of how to identify the group claim scope, as this differs from vendor to vendor.
![OIDC settings](../../../img/oidc-auth-setting.png)
1. Uncheck **Verify Certificate** if the OIDC Provider uses a self-signed or untrusted certificate.
1. Verify that the Redirect URI that you configured in your OIDC provider is the same as the one displayed at the bottom of the page.
![OIDC certificate verification, URI, and test ](../../../img/oidc-cert-verification.png)
1. Click **Test OIDC Server** to make sure that your configuration is correct.
1. Click **Save** to complete the configuration.
### Log In to Harbor via an OIDC Provider
When the Harbor system administrator has configured Harbor to authenticate via OIDC a **Login via OIDC Provider** button appears on the Harbor login page.
![oidc_login](../../../img/oidc-login.png)
**NOTE:** When Harbor is configured authentication via OIDC, the **Username** and **Password** fields are reserved for the local Harbor system administrator to log in.
1. As a Harbor user, click the **Login via OIDC Provider** button.
This redirects you to the OIDC Provider for authentication.
1. If this is the first time that you are logging in to Harbor with OIDC, specify a user name for Harbor to associate with your OIDC username.
![Specify Harbor username for OIDC](../../../img/oidc-onboard-dlg.png)
This is the user name by which you are identified in Harbor, which is used when adding you to projects, assigning roles, and so on. If the username is already taken, you are prompted to choose another one.
1. After the OIDC provider has authenticated you, you are redirected back to Harbor.
### Using OIDC from the Docker or Helm CLI
After you have authenticated via OIDC and logged into the Harbor interface for the first time, you can use the Docker or Helm CLI to access Harbor.
The Docker and Helm CLIs cannot handle redirection for OIDC, so Harbor provides a CLI secret for use when logging in from Docker or Helm. This is only available when Harbor uses OIDC authentication.
1. Log in to Harbor with an OIDC user account.
1. Click your username at the top of the screen and select **User Profile**.
![Access user profile](../../../img/user-profile.png)
1. Click the clipboard icon to copy the CLI secret associated with your account.
![Copy CLI secret](../../../img/profile-dlg.png)
1. Optionally click the **...** icon in your user profile to display buttons for automatically generating or manually creating a new CLI secret.
![Copy CLI secret](../../../img/generate-create-new-secret.png)
A user can only have one CLI secret, so when a new secret is generated or create, the old one becomes invalid.
1. If you generated a new CLI secret, click the clipboard icon to copy it.
You can now use your CLI secret as the password when logging in to Harbor from the Docker or Helm CLI.
<pre>
docker login -u testuser -p <i>cli_secret</i> jt-test.local.goharbor.io
</pre>
{{< note >}}
The CLI secret is associated with the OIDC ID token. Harbor will try to refresh the token, so the CLI secret will be valid after the ID token expires. However, if the OIDC Provider does not provide a refresh token or the refresh fails, the CLI secret becomes invalid. In this case, log out and log back in to Harbor via your OIDC provider so that Harbor can get a new ID token. The CLI secret will then work again.
{{< /note >}}
---
title: Configure Project Quotas
weight: 25
---
To exercise control over resource use, as a Harbor system administrator you can set quotas on projects. You can limit the amount of storage capacity that a project can consume. You can set default quotas that apply to all projects globally.
{{< note >}}
Default quotas apply to projects that are created after you set or change the default quota. The default quota is not applied to projects that already existed before you set it.
{{< /note >}}
You can also set quotas on individual projects. If you set a global default quota and you set different quotas on individual projects, the per-project quotas are applied.
By default, all projects have unlimited quotas for storage use.
1. Select the **Project Quotas** view.
![Project quotas](../../img/project-quota1.png)
1. To set global default quotas on all projects, click **Edit**.
![Project quotas](../../img/project-quota2.png)
1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.
![Project quotas](../../img/project-quota3.png)
1. Click **OK**.
1. To set quotas on an individual project, select the project and then click **Edit**.
![Project quotas](../../img/project-quota4.png)
1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
After you set quotas, you can see how much of their quotas each project has consumed.
![Project quotas](../../img/project-quota5.png)
### How Harbor Calculates Resource Usage
When setting project quotas, it is useful to know how Harbor calculates storage use, especially in relation to image pushing, retagging, and garbage collection.
- Har