# Harbor Registry Integration Complete ✅ ## Registry Access - **URL**: https://registry.bk.glpx.pro - **Registry Endpoint**: `registry.bk.glpx.pro` - **Username**: `admin` - **Password**: `nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=` ## Local Docker Configuration ### Login to Harbor ```bash docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=" ``` ### Test Push/Pull ```bash # Pull test image docker pull alpine:latest # Tag for Harbor docker tag alpine:latest registry.bk.glpx.pro/turash/test:latest # Push to Harbor docker push registry.bk.glpx.pro/turash/test:latest ``` ## Woodpecker CI/CD Configuration ### Registry Configuration ✅ **Registry Added**: `registry.bk.glpx.pro` - Hostname: `registry.bk.glpx.pro` - Username: `admin` - Password: Configured ### Secrets Configured ✅ **Docker Credentials**: - `docker_username`: `admin` - `docker_password`: `nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=` ### Verify Configuration ```bash # List registries woodpecker-cli repo registry ls SamyRai/turash # List secrets woodpecker-cli repo secret ls SamyRai/turash ``` ### Pipeline Usage The `.woodpecker.yml` is already configured to use Harbor: ```yaml variables: - &harbor_registry "registry.bk.glpx.pro" steps: frontend-build: settings: registry: *harbor_registry repo: *harbor_registry/turash/turash-frontend secrets: [docker_username, docker_password] ``` ## ArgoCD Configuration ### Image Pull Secrets ✅ **Secret Created**: `harbor-registry-argocd` in `argocd` namespace ✅ **Service Accounts Updated**: - `argocd-repo-server` - `argocd-application-controller` - `argocd-server` ### Application Configuration ArgoCD applications will automatically use Harbor registry for image pulls. ### Verify Configuration ```bash # Check secret exists kubectl get secret harbor-registry-argocd -n argocd # Check service account kubectl get serviceaccount argocd-repo-server -n argocd -o yaml | grep imagePullSecrets ``` ## Kubernetes Application Configuration ### Turash Namespace ✅ **Secret Created**: `harbor-registry-secret` in `turash` namespace ✅ **Service Account Updated**: `default` service account patched ### Deployment Images All deployments are configured to pull from Harbor: - Backend: `registry.bk.glpx.pro/turash/turash-backend:latest` - Frontend: `registry.bk.glpx.pro/turash/turash-frontend:latest` ## Harbor Project Setup ### Create Project in Harbor UI 1. Login to https://registry.bk.glpx.pro 2. Go to **Projects** → **New Project** 3. Create project: `turash` 4. Set as **Public** (or configure access as needed) ### Project Settings - **Name**: `turash` - **Public**: Yes (for CI/CD access) - **Vulnerability Scanning**: Enabled (Trivy) - **Content Trust**: Optional ## Complete CI/CD Flow ### 1. Code Push Triggers Woodpecker ```bash git push origin master ``` ### 2. Woodpecker Pipeline - Lints and tests code - Builds Docker images - Pushes to Harbor: `registry.bk.glpx.pro/turash/turash-{frontend|backend}:{tag}` ### 3. ArgoCD Sync - Monitors Git repository - Detects new image tags - Deploys to Kubernetes - Pulls images from Harbor ### 4. Application Access - Frontend: https://turash.bk.glpx.pro - Backend API: https://turash-api.bk.glpx.pro ## Verification Commands ### Check Harbor Status ```bash # Harbor pods kubectl get pods -n harbor # Harbor ingress kubectl get ingress -n harbor # Test Harbor API curl -k https://registry.bk.glpx.pro/api/v2.0/health ``` ### Check Woodpecker Integration ```bash # List registries woodpecker-cli repo registry ls SamyRai/turash # Test pipeline woodpecker-cli pipeline start SamyRai/turash ``` ### Check ArgoCD Integration ```bash # List applications argocd app list # Check image pull secrets kubectl get serviceaccount -n argocd -o yaml | grep imagePullSecrets ``` ### Check Kubernetes Integration ```bash # Verify secrets kubectl get secret harbor-registry-secret -n turash # Check service account kubectl get serviceaccount default -n turash -o yaml | grep imagePullSecrets # Test image pull kubectl run test-pull --image=registry.bk.glpx.pro/turash/test:latest --rm -it --restart=Never -n turash ``` ## Troubleshooting ### Harbor Login Fails ```bash # Check Harbor is running kubectl get pods -n harbor | grep core # Check ingress kubectl get ingress -n harbor # Test connectivity curl -k https://registry.bk.glpx.pro ``` ### Woodpecker Can't Push ```bash # Verify registry credentials woodpecker-cli repo registry ls SamyRai/turash # Check secrets woodpecker-cli repo secret ls SamyRai/turash # Test manually docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=" ``` ### ArgoCD Can't Pull Images ```bash # Check image pull secret kubectl get secret harbor-registry-argocd -n argocd # Verify service account kubectl describe serviceaccount argocd-repo-server -n argocd # Check pod events kubectl describe pod -n | grep -i "pull\|image" ``` ## Security Notes ⚠️ **IMPORTANT**: - Passwords are stored in Kubernetes secrets - Change default passwords in production - Use RBAC to restrict Harbor access - Enable audit logging - Configure retention policies - Use private projects for sensitive images ## Next Steps 1. ✅ Harbor deployed and accessible 2. ✅ Database configured and migrated 3. ✅ Woodpecker configured 4. ✅ ArgoCD configured 5. ✅ Kubernetes configured 6. ⏭️ Create Harbor project `turash` 7. ⏭️ Push first images via Woodpecker 8. ⏭️ Deploy via ArgoCD **Everything is ready for CI/CD!** 🚀