mukimovd/turash
1
0
Fork 0
mirror of https://github.com/SamyRai/turash.git synced 2025-12-26 23:01:33 +00:00
Code Issues 1 Actions Packages Projects Releases Wiki Activity
9416a80006
turash/k8s/registry/INTEGRATION_COMPLETE.md
Damir Mukimov 78d87ae345
Configure CI/CD pipeline with Harbor registry
2025-12-24 19:17:14 +01:00

263 lines
5.5 KiB
Markdown
Raw Blame History

# Harbor Registry Integration Complete ✅
## Registry Access
- **URL**: https://registry.bk.glpx.pro
- **Registry Endpoint**: `registry.bk.glpx.pro`
- **Username**: `admin`
- **Password**: `nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=`
## Local Docker Configuration
### Login to Harbor
```bash
docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="
```
### Test Push/Pull
```bash
# Pull test image
docker pull alpine:latest
# Tag for Harbor
docker tag alpine:latest registry.bk.glpx.pro/turash/test:latest
# Push to Harbor
docker push registry.bk.glpx.pro/turash/test:latest
```
## Woodpecker CI/CD Configuration
### Registry Configuration
**Registry Added**: `registry.bk.glpx.pro`
- Hostname: `registry.bk.glpx.pro`
- Username: `admin`
- Password: Configured
### Secrets Configured
**Docker Credentials**:
- `docker_username`: `admin`
- `docker_password`: `nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=`
### Verify Configuration
```bash
# List registries
woodpecker-cli repo registry ls SamyRai/turash
# List secrets
woodpecker-cli repo secret ls SamyRai/turash
```
### Pipeline Usage
The `.woodpecker.yml` is already configured to use Harbor:
```yaml
variables:
- &harbor_registry "registry.bk.glpx.pro"
steps:
frontend-build:
settings:
registry: *harbor_registry
repo: *harbor_registry/turash/turash-frontend
secrets: [docker_username, docker_password]
```
## ArgoCD Configuration
### Image Pull Secrets
**Secret Created**: `harbor-registry-argocd` in `argocd` namespace
**Service Accounts Updated**:
- `argocd-repo-server`
- `argocd-application-controller`
- `argocd-server`
### Application Configuration
ArgoCD applications will automatically use Harbor registry for image pulls.
### Verify Configuration
```bash
# Check secret exists
kubectl get secret harbor-registry-argocd -n argocd
# Check service account
kubectl get serviceaccount argocd-repo-server -n argocd -o yaml | grep imagePullSecrets
```
## Kubernetes Application Configuration
### Turash Namespace
**Secret Created**: `harbor-registry-secret` in `turash` namespace
**Service Account Updated**: `default` service account patched
### Deployment Images
All deployments are configured to pull from Harbor:
- Backend: `registry.bk.glpx.pro/turash/turash-backend:latest`
- Frontend: `registry.bk.glpx.pro/turash/turash-frontend:latest`
## Harbor Project Setup
### Create Project in Harbor UI
1. Login to https://registry.bk.glpx.pro
2. Go to **Projects****New Project**
3. Create project: `turash`
4. Set as **Public** (or configure access as needed)
### Project Settings
- **Name**: `turash`
- **Public**: Yes (for CI/CD access)
- **Vulnerability Scanning**: Enabled (Trivy)
- **Content Trust**: Optional
## Complete CI/CD Flow
### 1. Code Push Triggers Woodpecker
```bash
git push origin master
```
### 2. Woodpecker Pipeline
- Lints and tests code
- Builds Docker images
- Pushes to Harbor: `registry.bk.glpx.pro/turash/turash-{frontend|backend}:{tag}`
### 3. ArgoCD Sync
- Monitors Git repository
- Detects new image tags
- Deploys to Kubernetes
- Pulls images from Harbor
### 4. Application Access
- Frontend: https://turash.bk.glpx.pro
- Backend API: https://turash-api.bk.glpx.pro
## Verification Commands
### Check Harbor Status
```bash
# Harbor pods
kubectl get pods -n harbor
# Harbor ingress
kubectl get ingress -n harbor
# Test Harbor API
curl -k https://registry.bk.glpx.pro/api/v2.0/health
```
### Check Woodpecker Integration
```bash
# List registries
woodpecker-cli repo registry ls SamyRai/turash
# Test pipeline
woodpecker-cli pipeline start SamyRai/turash
```
### Check ArgoCD Integration
```bash
# List applications
argocd app list
# Check image pull secrets
kubectl get serviceaccount -n argocd -o yaml | grep imagePullSecrets
```
### Check Kubernetes Integration
```bash
# Verify secrets
kubectl get secret harbor-registry-secret -n turash
# Check service account
kubectl get serviceaccount default -n turash -o yaml | grep imagePullSecrets
# Test image pull
kubectl run test-pull --image=registry.bk.glpx.pro/turash/test:latest --rm -it --restart=Never -n turash
```
## Troubleshooting
### Harbor Login Fails
```bash
# Check Harbor is running
kubectl get pods -n harbor | grep core
# Check ingress
kubectl get ingress -n harbor
# Test connectivity
curl -k https://registry.bk.glpx.pro
```
### Woodpecker Can't Push
```bash
# Verify registry credentials
woodpecker-cli repo registry ls SamyRai/turash
# Check secrets
woodpecker-cli repo secret ls SamyRai/turash
# Test manually
docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="
```
### ArgoCD Can't Pull Images
```bash
# Check image pull secret
kubectl get secret harbor-registry-argocd -n argocd
# Verify service account
kubectl describe serviceaccount argocd-repo-server -n argocd
# Check pod events
kubectl describe pod <pod-name> -n <namespace> | grep -i "pull\|image"
```
## Security Notes
⚠️ **IMPORTANT**:
- Passwords are stored in Kubernetes secrets
- Change default passwords in production
- Use RBAC to restrict Harbor access
- Enable audit logging
- Configure retention policies
- Use private projects for sensitive images
## Next Steps
1. ✅ Harbor deployed and accessible
2. ✅ Database configured and migrated
3. ✅ Woodpecker configured
4. ✅ ArgoCD configured
5. ✅ Kubernetes configured
6. ⏭️ Create Harbor project `turash`
7. ⏭️ Push first images via Woodpecker
8. ⏭️ Deploy via ArgoCD
**Everything is ready for CI/CD!** 🚀
Reference in New Issue View Git Blame Copy Permalink