当前位置:网站首页>How can I easily manage harbor in multi-user scenarios!
How can I easily manage harbor in multi-user scenarios!
2022-04-21 15:45:00 【Key guest Li Dabai】
Blogger introduction : Hello everyone ! I'm Li Dabai , An O & M engineer , Love sharing knowledge , Nice to meet you here
Be good at the field : Cloud native 、 database 、 Automatic operation and maintenance
If this article is helpful to all of you , Focus on + give the thumbs-up + Comment on + Collection , I'll pay a return visit, too , Help each other !!!
In addition, my level is limited , Designed to create easy to understand articles , If there is any mistake in the description of the article , Please correct me , In this thank you !!!
Fallen leaves and know autumn , Knowledgeable and knowledgeable !
Boutique column : Harbor vernacular ( Enterprise class )
What this article shares is Harbor The mirror warehouse is in the actual business scenario , How to manage multiple users .
One 、 Environmental statement
This article is based on Harbor 2.3.1 The version is demo environment , For other versions, please refer to .
DevOps In the environment Harbor Application scenarios of .
Two 、Harbor Several roles in
System administrator (admin)
namely admin user ,Harbor System administrator ” Have the most permissions ( Maximum authority ), It can list all items 、 Set ordinary users as administrators 、 Delete users and set vulnerability scanning policies for all images . All items are also owned by the Administrator .
Project manager
When the system administrator (admin) To a user “ Project manager ” After your role , The user can ” Project manager “ Manage the project as , Other unassigned items have no permission ,” Project manager “ The project administrator has image upload / Pull 、 add to / Delete members 、Helm Chart Upload / download 、 Configuration management and other permissions . This role is usually assigned to the person in charge of a project in the actual business scenario .
developer
The developer has access to the project , That is, upload the image to the project and pull the image from the project 、 Upload / download HelmChart、 Check the log , No other permissions .
maintenance staff ( Maintainer )
Defenders have the power to transcend “ developer ” Authority , Including scanning images 、 View replication tasks and delete mirrors and Helm Chart Upload / download 、 Ability to delete .
visitor
The guest has read-only access to the specified item . They can pull and relabel images , But you can't push , You can also log in Harbor UI Interface .
Restricted visitors
Restricted visitors do not have full access to the item . They can pull images, but they can't push , And they don't see logs or other members of the project . for example , You can create restricted visitors for users with shared project access from different organizations .
Restricted visitors can also log in Harbor, However, it only has the permission to pull images , Unable to view log and other permissions .
3、 ... and 、Harbor UI The management interface assigns roles to users
If you want to assign a project to (Project) Assigned to a user role , You need to be in 【 System management 】——【 User management 】——【 Create user 】 To create users ; Then go to the specified project ,【 member 】——【+ user 】 To assign permissions to users .
Four 、Harbor Manage users in API
GET |
/users/search |
Search for users by user name |
GET |
/users/current/permissions |
Get the permission of the current user |
GET |
/users/current |
Get current user information |
GET |
/users |
List users |
GET |
/users/{user_id} |
Get information about a user |
PUT |
/users/{user_id}/cli_secret |
/users/{user_id}/cli_secret |
PUT |
/users/{user_id}/sysadmin |
Update the registered user to Harbor The administrator of . |
PUT |
/users/{user_id}/password |
Modify the password of an existing user . |
PUT |
/users/{user_id} |
Update user profile . |
DELETE |
/users/{user_id} |
Delete the specified user |
POST |
/users |
Create local users , The API Only when the authentication method is local DB When using . When self registration is disabled . |
5、 ... and 、 adopt Harbor API Automatic management of users
obtain Harbor User information in
//192.168.2.250:443/api/v2.0/users \
-
k
|
python
-
m
json.
tool
[
{
"admin_role_in_auth":
false,
#
Whether it is admin Role permissions
"creation_time":
"2022-04-14T02:39:08.053Z",
#
User creation time
"email":
"[email protected]",
#
mailbox
"realname":
"libai",
#
Full Name
"sysadmin_flag":
false,
#
System administrator tab (false Indicates that you are not a system administrator )
"update_time":
"2022-04-14T02:39:08.053Z",
#
Update time
"user_id":
5,
#
user ID( Globally unique )
"username":
"libai"
#
user name
},
{
"admin_role_in_auth":
false,
"creation_time":
"2022-04-14T01:18:47.260Z",
"email":
"[email protected]",
"realname":
"lidabai",
"sysadmin_flag":
true,
#
true Indicates that the user is a system administrator
"update_time":
"2022-04-14T01:18:47.260Z",
"user_id":
4,
"username":
"lidabai"
}
]
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
:-u Specify user name and password ;
Delete the specified user
[
root
@Over
~]
#
curl
-
u
admin:
Harbor12345
\
-
H
"Content-Type: application/json"
-
X
DELETE
\
https:
//192.168.2.250:443/api/v2.0/users/5 -k
- 1.
- 2.
- 3.
Check again and find that just now ID by 5 Your user has been successfully deleted .
Find the specified user
lookup lidabai This user , adopt ?username= User name criteria to find users , The result will show the user's ID And the user name , If the user doesn't exist , Return null value .
[
root
@Over
~]
#
curl
-
u
admin:
Harbor12345
\
-
H
"Content-Type: application/json"
-
X
GET
\
https:
//192.168.2.250:443/api/v2.0/users/search?username=lidabai \
-
k
|
python
-
m
json.
tool
%
Total
%
Received
%
Xferd
Average
Speed
Time
Time
Time
Current
Dload
Upload
Total
Spent
Left
Speed
100
37
100
37
0
0
1468
0
--:
--:
--
--:
--:
--
--:
--:
--
1480
[
{
"user_id":
4,
"username":
"lidabai"
}
]
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
Query the details of the current user
Current user refers to the current connected user .
[
root
@Over
~]
#
curl
-
u
admin:
Harbor12345
\
-
H
"Content-Type: application/json"
-
X
GET
\
https:
//192.168.2.250:443/api/v2.0/users/current \
-
k
|
python
-
m
json.
tool
{
"admin_role_in_auth":
false,
"comment":
"admin user",
#
describe
/
notes , That is, the user is admin role
"creation_time":
"2021-11-05T07:45:36.052Z",
"realname":
"system admin",
#
System users
"sysadmin_flag":
true,
#
yes ( no ) It's the administrator
"update_time":
"2022-04-13T09:02:08.704Z",
"user_id":
1,
"username":
"admin"
}
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
Command line creation Harbor user
The API Only when the authentication method is local DB When using . When self registration is disabled .
[
root
@Over
~]
#
curl
-
X
POST
"http://192.168.2.250/api/v2.0/users"
\
-
H
"accept: application/json"
\
-
H
"Content-Type: application/json"
\
-
d
"{ \
"
comment
\
": \"hanxin\", \
"
username
\
": \"hanxin\", \
"
password
\
": \"Harbor12345\", \
"
email
\
": \"[email protected]\", \
"
realname
\
": \"hanxin\"}"
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
版权声明
本文为[Key guest Li Dabai]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204211500275172.html
边栏推荐
- 6 IMPORTANT JOB SKILLS YOU NEED AS A NETWORK CABLE TECHNICIAN
- Interpretation of SMTP protocol and how to send e-mail using SMTP protocol
- Application of food safety law and relevant laws in patent examination
- [unity note] l2unity shader Foundation
- 小程序简介和开发工具
- SMTP协议解读以及如何使用SMTP协议发送电子邮件
- LeetCode 654:最大二叉树
- Mark, 365 fans in two years
- PHP 零基础入门笔记(11):字符串 String
- MySQL通过Binlog恢复数据
猜你喜欢
Obsidian 自动上传图片到图床——安装PicGo插件并配置
Betterscroll source code, reading and learning typescript
AcWing1800. 不做最后一个(枚举)
【常见问题】anaconda prompt报错solving environment:failed
Interpretation of SMTP protocol and how to send e-mail using SMTP protocol
Spark综合练习——电影评分数据分析
58页西门子机床行业数字化解决方案
AcWing 1812. Square pasture (enumeration)
许远东受邀上海管理科技论坛做《LTD数字化经营方法论》分享
全国降雨侵蚀力因子R值
随机推荐
「查缺补漏」,DDD 核心概念梳理
LeetCode 566、重塑矩阵
LeetCode 1572、矩阵对角线元素的和
AcWing1800. 不做最后一个(枚举)
Deltix Round, Summer 2021 E. Equilibrium
季更47/90
易语言CEF3获取请求返回的源码
全国降雨侵蚀力因子R值
LeetCode 203、移除链表元素
C语言进阶第42式:内存操作经典问题分析二
Oracle 官宣:腾讯 JDK 18 国内第一!
swap自动套利机器人生态系统开发模式详解
LeetCode 386、字典序排数
提取CNN模型中间层输出方法
从全内存、全本地磁盘缓存、一半缓存,一半OSS的测试结果来看,有什么结论?
Obsidian 自动上传图片到图床——安装PicGo插件并配置
C语言进阶第41式:内存操作经典问题分析一
How should businesses establish private domain traffic?
AcWing1800. Do not do the last (enumeration)
China Database ranking in April 2022: the spring breeze blows the face, the spring is warm, and the score rises in April