devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update ports to use for running Harbor
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-29 12:36:40 -04:00
parent 3bb04786b2
commit ce423cbf62
1 changed files with 23 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -638,10 +638,10 @@ cd /opt/APP_NAME/harbor
docker compose ps docker compose ps
# Test Harbor API (HTTPS) # Test Harbor API (HTTPS)
curl -k https://localhost:8080/api/v2.0/health curl -k https://localhost/api/v2.0/health
# Test Harbor UI (HTTPS) # Test Harbor UI (HTTPS)
curl -k -I https://localhost:8080 curl -k -I https://localhost
# Expected output: HTTP/1.1 200 OK # Expected output: HTTP/1.1 200 OK
``` ```
@ -650,7 +650,7 @@ curl -k -I https://localhost:8080
#### 5.9 Access Harbor Web UI #### 5.9 Access Harbor Web UI
1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP:8080` 1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP`
2. **Login with default credentials**: 2. **Login with default credentials**:
- Username: `admin` - Username: `admin`
- Password: `Harbor12345` (or your configured password) - Password: `Harbor12345` (or your configured password)
@ -682,7 +682,7 @@ curl -k -I https://localhost:8080
```bash ```bash
# Test Docker login to Harbor # Test Docker login to Harbor
docker login YOUR_CI_CD_IP:8080 docker login YOUR_CI_CD_IP
# Enter: ci-user and your-secure-password # Enter: ci-user and your-secure-password
# Create a test image # Create a test image
@ -690,26 +690,26 @@ echo "FROM alpine:latest" > /tmp/test.Dockerfile
echo "RUN echo 'Hello from Harbor test image'" >> /tmp/test.Dockerfile echo "RUN echo 'Hello from Harbor test image'" >> /tmp/test.Dockerfile
# Build and tag test image for public project # Build and tag test image for public project
docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP:8080/public/test:latest /tmp docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP/public/test:latest /tmp
# Push to Harbor (requires authentication) # Push to Harbor (requires authentication)
docker push YOUR_CI_CD_IP:8080/public/test:latest docker push YOUR_CI_CD_IP/public/test:latest
# Verify image is in Harbor # Verify image is in Harbor
curl -k https://localhost:8080/v2/_catalog curl -k https://localhost/v2/_catalog
# Test public pull (no authentication required) # Test public pull (no authentication required)
docker logout YOUR_CI_CD_IP:8080 docker logout YOUR_CI_CD_IP
docker pull YOUR_CI_CD_IP:8080/public/test:latest docker pull YOUR_CI_CD_IP/public/test:latest
# Clean up test image # Clean up test image
docker rmi YOUR_CI_CD_IP:8080/public/test:latest docker rmi YOUR_CI_CD_IP/public/test:latest
``` ```
**Expected behavior**: **Expected behavior**:
- ✅ **Push requires authentication**: `docker push` only works when logged in - ✅ **Push requires authentication**: `docker push` only works when logged in
- ✅ **Pull works without authentication**: `docker pull` works without login for public projects - ✅ **Pull works without authentication**: `docker pull` works without login for public projects
- ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP:8080` - ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP`
#### 5.12 Harbor Access Model Summary #### 5.12 Harbor Access Model Summary
@ -742,7 +742,7 @@ sudo update-ca-certificates
# Configure Docker to trust Harbor registry # Configure Docker to trust Harbor registry
sudo tee /etc/docker/daemon.json << EOF sudo tee /etc/docker/daemon.json << EOF
{ {
"insecure-registries": ["YOUR_CI_CD_IP:8080"], "insecure-registries": ["YOUR_CI_CD_IP"],
"registry-mirrors": [] "registry-mirrors": []
} }
EOF EOF
@ -764,26 +764,26 @@ Your Harbor registry is now configured with the following access model:
Anyone can pull images from public projects without authentication: Anyone can pull images from public projects without authentication:
```bash ```bash
# From any machine (public access to public projects) # From any machine (public access to public projects)
docker pull YOUR_CI_CD_IP:8080/public/backend:latest docker pull YOUR_CI_CD_IP/public/backend:latest
docker pull YOUR_CI_CD_IP:8080/public/frontend:latest docker pull YOUR_CI_CD_IP/public/frontend:latest
``` ```
#### **Authenticated Write Access** #### **Authenticated Write Access**
Only authenticated users can push images: Only authenticated users can push images:
```bash ```bash
# Login to Harbor first # Login to Harbor first
docker login YOUR_CI_CD_IP:8080 docker login YOUR_CI_CD_IP
# Enter: ci-user and your-secure-password # Enter: ci-user and your-secure-password
# Then push to Harbor # Then push to Harbor
docker push YOUR_CI_CD_IP:8080/public/backend:latest docker push YOUR_CI_CD_IP/public/backend:latest
docker push YOUR_CI_CD_IP:8080/public/frontend:latest docker push YOUR_CI_CD_IP/public/frontend:latest
``` ```
#### **Harbor Web UI Access** #### **Harbor Web UI Access**
Modern web interface for managing images: Modern web interface for managing images:
``` ```
https://YOUR_CI_CD_IP:8080 https://YOUR_CI_CD_IP
``` ```
#### **Client Configuration** #### **Client Configuration**
@ -791,7 +791,7 @@ For other machines to pull images from public projects, they only need:
```bash ```bash
# Add to /etc/docker/daemon.json on client machines # Add to /etc/docker/daemon.json on client machines
{ {
"insecure-registries": ["YOUR_CI_CD_IP:8080"] "insecure-registries": ["YOUR_CI_CD_IP"]
} }
# No authentication needed for pulls from public projects # No authentication needed for pulls from public projects
``` ```
@ -800,8 +800,8 @@ For other machines to pull images from public projects, they only need:
For automated deployments, use the `ci-user` credentials: For automated deployments, use the `ci-user` credentials:
```bash ```bash
# In CI/CD pipeline # In CI/CD pipeline
echo "ci-user:your-secure-password" | docker login YOUR_CI_CD_IP:8080 --username ci-user --password-stdin echo "ci-user:your-secure-password" | docker login YOUR_CI_CD_IP --username ci-user --password-stdin
docker push YOUR_CI_CD_IP:8080/public/backend:latest docker push YOUR_CI_CD_IP/public/backend:latest
``` ```
### Step 7: Set Up SSH for Production Communication ### Step 7: Set Up SSH for Production Communication
@ -1008,11 +1008,11 @@ sudo ufw --force enable
sudo ufw default deny incoming sudo ufw default deny incoming
sudo ufw default allow outgoing sudo ufw default allow outgoing
sudo ufw allow ssh sudo ufw allow ssh
sudo ufw allow 8080/tcp # Harbor registry (public read access) sudo ufw allow 443/tcp # Harbor registry (public read access)
``` ```
**Security Model**: **Security Model**:
- **Port 8080 (Harbor)**: Public read access for public projects, authenticated write access - **Port 443 (Harbor)**: Public read access for public projects, authenticated write access
- **SSH**: Restricted to your IP addresses - **SSH**: Restricted to your IP addresses
- **All other ports**: Blocked - **All other ports**: Blocked