mukimovd/turash
1
0
Fork 0
mirror of https://github.com/SamyRai/turash.git synced 2025-12-26 23:01:33 +00:00
Code Issues 1 Actions Packages Projects Releases Wiki Activity
9416a80006
turash/k8s/registry/INTEGRATION_COMPLETE.md
Damir Mukimov 78d87ae345
Configure CI/CD pipeline with Harbor registry
2025-12-24 19:17:14 +01:00

5.5 KiB
Raw Blame History

Harbor Registry Integration Complete

Registry Access

  • URL: https://registry.bk.glpx.pro
  • Registry Endpoint: registry.bk.glpx.pro
  • Username: admin
  • Password: nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=

Local Docker Configuration

Login to Harbor

docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="

Test Push/Pull

# Pull test image
docker pull alpine:latest

# Tag for Harbor
docker tag alpine:latest registry.bk.glpx.pro/turash/test:latest

# Push to Harbor
docker push registry.bk.glpx.pro/turash/test:latest

Woodpecker CI/CD Configuration

Registry Configuration

Registry Added: registry.bk.glpx.pro

  • Hostname: registry.bk.glpx.pro
  • Username: admin
  • Password: Configured

Secrets Configured

Docker Credentials:

  • docker_username: admin
  • docker_password: nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=

Verify Configuration

# List registries
woodpecker-cli repo registry ls SamyRai/turash

# List secrets
woodpecker-cli repo secret ls SamyRai/turash

Pipeline Usage

The .woodpecker.yml is already configured to use Harbor:

variables:
  - &harbor_registry "registry.bk.glpx.pro"

steps:
  frontend-build:
    settings:
      registry: *harbor_registry
      repo: *harbor_registry/turash/turash-frontend
    secrets: [docker_username, docker_password]

ArgoCD Configuration

Image Pull Secrets

Secret Created: harbor-registry-argocd in argocd namespace Service Accounts Updated:

  • argocd-repo-server
  • argocd-application-controller
  • argocd-server

Application Configuration

ArgoCD applications will automatically use Harbor registry for image pulls.

Verify Configuration

# Check secret exists
kubectl get secret harbor-registry-argocd -n argocd

# Check service account
kubectl get serviceaccount argocd-repo-server -n argocd -o yaml | grep imagePullSecrets

Kubernetes Application Configuration

Turash Namespace

Secret Created: harbor-registry-secret in turash namespace Service Account Updated: default service account patched

Deployment Images

All deployments are configured to pull from Harbor:

  • Backend: registry.bk.glpx.pro/turash/turash-backend:latest
  • Frontend: registry.bk.glpx.pro/turash/turash-frontend:latest

Harbor Project Setup

Create Project in Harbor UI

  1. Login to https://registry.bk.glpx.pro
  2. Go to ProjectsNew Project
  3. Create project: turash
  4. Set as Public (or configure access as needed)

Project Settings

  • Name: turash
  • Public: Yes (for CI/CD access)
  • Vulnerability Scanning: Enabled (Trivy)
  • Content Trust: Optional

Complete CI/CD Flow

1. Code Push Triggers Woodpecker

git push origin master

2. Woodpecker Pipeline

  • Lints and tests code
  • Builds Docker images
  • Pushes to Harbor: registry.bk.glpx.pro/turash/turash-{frontend|backend}:{tag}

3. ArgoCD Sync

  • Monitors Git repository
  • Detects new image tags
  • Deploys to Kubernetes
  • Pulls images from Harbor

4. Application Access

Verification Commands

Check Harbor Status

# Harbor pods
kubectl get pods -n harbor

# Harbor ingress
kubectl get ingress -n harbor

# Test Harbor API
curl -k https://registry.bk.glpx.pro/api/v2.0/health

Check Woodpecker Integration

# List registries
woodpecker-cli repo registry ls SamyRai/turash

# Test pipeline
woodpecker-cli pipeline start SamyRai/turash

Check ArgoCD Integration

# List applications
argocd app list

# Check image pull secrets
kubectl get serviceaccount -n argocd -o yaml | grep imagePullSecrets

Check Kubernetes Integration

# Verify secrets
kubectl get secret harbor-registry-secret -n turash

# Check service account
kubectl get serviceaccount default -n turash -o yaml | grep imagePullSecrets

# Test image pull
kubectl run test-pull --image=registry.bk.glpx.pro/turash/test:latest --rm -it --restart=Never -n turash

Troubleshooting

Harbor Login Fails

# Check Harbor is running
kubectl get pods -n harbor | grep core

# Check ingress
kubectl get ingress -n harbor

# Test connectivity
curl -k https://registry.bk.glpx.pro

Woodpecker Can't Push

# Verify registry credentials
woodpecker-cli repo registry ls SamyRai/turash

# Check secrets
woodpecker-cli repo secret ls SamyRai/turash

# Test manually
docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="

ArgoCD Can't Pull Images

# Check image pull secret
kubectl get secret harbor-registry-argocd -n argocd

# Verify service account
kubectl describe serviceaccount argocd-repo-server -n argocd

# Check pod events
kubectl describe pod <pod-name> -n <namespace> | grep -i "pull\|image"

Security Notes

⚠️ IMPORTANT:

  • Passwords are stored in Kubernetes secrets
  • Change default passwords in production
  • Use RBAC to restrict Harbor access
  • Enable audit logging
  • Configure retention policies
  • Use private projects for sensitive images

Next Steps

  1. Harbor deployed and accessible
  2. Database configured and migrated
  3. Woodpecker configured
  4. ArgoCD configured
  5. Kubernetes configured
  6. ⏭️ Create Harbor project turash
  7. ⏭️ Push first images via Woodpecker
  8. ⏭️ Deploy via ArgoCD

Everything is ready for CI/CD! 🚀