Skip to content

Commit

Permalink
Add examples to harbor project docs (goharbor#1066)
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Löwel <[email protected]>
  • Loading branch information
ChristianLoewel authored Aug 28, 2023
1 parent 4989936 commit 75d9fb7
Showing 1 changed file with 87 additions and 0 deletions.
87 changes: 87 additions & 0 deletions docs/day2/day2-harborprojects.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,90 @@ Harbor projects can be managed by deploying a `HarborProject` resource to your K
* `severity`: If an image's vulnerablilities are higher than the severity defined here, the image can't be pulled. Can be either `none`, `low`, `medium`, `high` or `critical`.
* `projectName`: The name of the harbor project. Has to match harbor's naming rules.
* `storageQuota`: The project's storage quota in human-readable format, like in Kubernetes memory requests/limits (Ti, Gi, Mi, Ki). The Harbor's default value is used if empty.

## Examples

### Metadata

```yaml
apiVersion: goharbor.io/v1beta1
kind: HarborProject
metadata:
name: metadata-enabled
spec:
harborServerConfig: harborcluster
metadata:
autoScan: true
enableContentTrust: true
enableContentTrustCosign: true
preventVulnerable: true
public: true
reuseSysCveAllowlist: true
severity: "critical"
projectName: metadata-enabled
storageQuota: 10Gi
```
### Users and groups
```yaml
apiVersion: goharbor.io/v1beta1
kind: HarborProject
metadata:
name: users-and-groups
spec:
harborServerConfig: harborcluster
memberships:
- name: admin
role: projectAdmin
type: user
- name: testgroupA
role: maintainer
type: group
- name: testgroupB
role: developer
type: group
- name: testgroupC
role: guest
type: group
projectName: users-and-groups
storageQuota: 10Gi
```
### CVE allowlist
```yaml
apiVersion: goharbor.io/v1beta1
kind: HarborProject
metadata:
name: cve-allowlist
spec:
cveAllowList:
- CVE-2021-3121
- CVE-2021-43816
- CVE-2022-31836
- CVE-2023-25173
harborServerConfig: harborcluster
metadata:
reuseSysCveAllowlist: false
projectName: cve-allowlist
storageQuota: 10Gi
```
```yaml
apiVersion: goharbor.io/v1beta1
kind: HarborProject
metadata:
name: cve-allowlist-syscve
spec:
cveAllowList:
- CVE-2021-3121
- CVE-2021-43816
- CVE-2022-31836
- CVE-2023-25173
harborServerConfig: harborcluster
metadata:
reuseSysCveAllowlist: true # will overwrite project cveAllowlist if set
projectName: cve-allowlist-syscve
storageQuota: 10Gi
```

0 comments on commit 75d9fb7

Please sign in to comment.