turash/k8s/registry/SETUP_COMPLETE.md

# Harbor Registry Setup Complete ✅

## Access Information

### Harbor Web UI
- **URL**: https://registry.bk.glpx.pro
- **Username**: `admin`
- **Password**: `nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0=`

### Registry Endpoint
- **Registry**: `registry.bk.glpx.pro`
- **Docker Login**: 
  ```bash
  docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="
  ```

## Configuration Summary

### Database
- **Type**: External PostgreSQL
- **Host**: `infra-postgres-rw.data.svc.cluster.local`
- **Database**: `harbor`
- **Username**: `app`

### Storage
- **Storage Class**: `longhorn-fast`
- **Registry**: 50Gi
- **Job Service**: 1Gi
- **Redis**: 2Gi
- **Trivy**: 5Gi

### Security
- **Admin Password**: Generated secure password
- **Secret Key**: Generated secure key
- **TLS**: Enabled via cert-manager

## Next Steps

### 1. Create Harbor Project

1. Login to https://registry.bk.glpx.pro
2. Go to **Projects** → **New Project**
3. Create project: `turash`
4. Set as **Public** (or configure access as needed)

### 2. Configure Woodpecker

```bash
# Add registry to Woodpecker repository
woodpecker-cli repo registry add <repo-id> \
  --hostname registry.bk.glpx.pro \
  --username admin \
  --password "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="

# Add secrets
woodpecker-cli repo secret add <repo-id> \
  --name docker_username \
  --value admin

woodpecker-cli repo secret add <repo-id> \
  --name docker_password \
  --value "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="
```

### 3. Test Registry Access

```bash
# Login
docker login registry.bk.glpx.pro -u admin -p "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="

# Pull test image
docker pull alpine:latest

# Tag for Harbor
docker tag alpine:latest registry.bk.glpx.pro/turash/test:latest

# Push to Harbor
docker push registry.bk.glpx.pro/turash/test:latest
```

### 4. Verify Kubernetes Integration

```bash
# Check image pull secret
kubectl get secret harbor-registry-secret -n turash

# Test pod can pull images
kubectl run test-pull --image=registry.bk.glpx.pro/turash/test:latest --rm -it --restart=Never
```

## Security Notes

⚠️ **IMPORTANT**: 
- Passwords are stored in `harbor-secrets.yaml.template` (DO NOT COMMIT!)
- Change passwords regularly
- Use Kubernetes secrets for production
- Enable RBAC and access controls
- Configure retention policies

## Troubleshooting

### Can't Login to Harbor
- Check if Harbor core pods are running: `kubectl get pods -n harbor`
- Verify password in values: `helm get values harbor -n harbor | grep harborAdminPassword`
- Check logs: `kubectl logs -n harbor deployment/harbor-core`

### Can't Push/Pull Images
- Verify Docker login: `docker login registry.bk.glpx.pro`
- Check project exists and is accessible
- Verify network connectivity to registry

### Database Connection Issues
- Check PostgreSQL is running: `kubectl get pods -n data | grep postgres`
- Verify database exists: Connect to PostgreSQL and check for `harbor` database
- Check connection string in Harbor values