devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update ports to use for running Harbor
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-29 12:36:40 -04:00
parent 3bb04786b2
commit ce423cbf62
1 changed files with 23 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -638,10 +638,10 @@ cd /opt/APP_NAME/harbor
docker compose ps
# Test Harbor API (HTTPS)
curl -k https://localhost:8080/api/v2.0/health
curl -k https://localhost/api/v2.0/health
# Test Harbor UI (HTTPS)
curl -k -I https://localhost:8080
curl -k -I https://localhost
# Expected output: HTTP/1.1 200 OK
```
@ -650,7 +650,7 @@ curl -k -I https://localhost:8080
#### 5.9 Access Harbor Web UI
1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP:8080`
1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP`
2. **Login with default credentials**:
- Username: `admin`
- Password: `Harbor12345` (or your configured password)
@ -682,7 +682,7 @@ curl -k -I https://localhost:8080
```bash
# Test Docker login to Harbor
docker login YOUR_CI_CD_IP:8080
docker login YOUR_CI_CD_IP
# Enter: ci-user and your-secure-password
# Create a test image
@ -690,26 +690,26 @@ echo "FROM alpine:latest" > /tmp/test.Dockerfile
echo "RUN echo 'Hello from Harbor test image'" >> /tmp/test.Dockerfile
# Build and tag test image for public project
docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP:8080/public/test:latest /tmp
docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP/public/test:latest /tmp
# Push to Harbor (requires authentication)
docker push YOUR_CI_CD_IP:8080/public/test:latest
docker push YOUR_CI_CD_IP/public/test:latest
# Verify image is in Harbor
curl -k https://localhost:8080/v2/_catalog
curl -k https://localhost/v2/_catalog
# Test public pull (no authentication required)
docker logout YOUR_CI_CD_IP:8080
docker pull YOUR_CI_CD_IP:8080/public/test:latest
docker logout YOUR_CI_CD_IP
docker pull YOUR_CI_CD_IP/public/test:latest
# Clean up test image
docker rmi YOUR_CI_CD_IP:8080/public/test:latest
docker rmi YOUR_CI_CD_IP/public/test:latest
```
**Expected behavior**:
- ✅ **Push requires authentication**: `docker push` only works when logged in
- ✅ **Pull works without authentication**: `docker pull` works without login for public projects
- ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP:8080`
- ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP`
#### 5.12 Harbor Access Model Summary
@ -742,7 +742,7 @@ sudo update-ca-certificates
# Configure Docker to trust Harbor registry
sudo tee /etc/docker/daemon.json << EOF
{
"insecure-registries": ["YOUR_CI_CD_IP:8080"],
"insecure-registries": ["YOUR_CI_CD_IP"],
"registry-mirrors": []
}
EOF
@ -764,26 +764,26 @@ Your Harbor registry is now configured with the following access model:
Anyone can pull images from public projects without authentication:
```bash
# From any machine (public access to public projects)
docker pull YOUR_CI_CD_IP:8080/public/backend:latest
docker pull YOUR_CI_CD_IP:8080/public/frontend:latest
docker pull YOUR_CI_CD_IP/public/backend:latest
docker pull YOUR_CI_CD_IP/public/frontend:latest
```
#### **Authenticated Write Access**
Only authenticated users can push images:
```bash
# Login to Harbor first
docker login YOUR_CI_CD_IP:8080
docker login YOUR_CI_CD_IP
# Enter: ci-user and your-secure-password
# Then push to Harbor
docker push YOUR_CI_CD_IP:8080/public/backend:latest
docker push YOUR_CI_CD_IP:8080/public/frontend:latest
docker push YOUR_CI_CD_IP/public/backend:latest
docker push YOUR_CI_CD_IP/public/frontend:latest
```
#### **Harbor Web UI Access**
Modern web interface for managing images:
```
https://YOUR_CI_CD_IP:8080
https://YOUR_CI_CD_IP
```
#### **Client Configuration**
@ -791,7 +791,7 @@ For other machines to pull images from public projects, they only need:
```bash
# Add to /etc/docker/daemon.json on client machines
{
"insecure-registries": ["YOUR_CI_CD_IP:8080"]
"insecure-registries": ["YOUR_CI_CD_IP"]
}
# No authentication needed for pulls from public projects
```
@ -800,8 +800,8 @@ For other machines to pull images from public projects, they only need:
For automated deployments, use the `ci-user` credentials:
```bash
# In CI/CD pipeline
echo "ci-user:your-secure-password" | docker login YOUR_CI_CD_IP:8080 --username ci-user --password-stdin
docker push YOUR_CI_CD_IP:8080/public/backend:latest
echo "ci-user:your-secure-password" | docker login YOUR_CI_CD_IP --username ci-user --password-stdin
docker push YOUR_CI_CD_IP/public/backend:latest
```
### Step 7: Set Up SSH for Production Communication
@ -1008,11 +1008,11 @@ sudo ufw --force enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 8080/tcp # Harbor registry (public read access)
sudo ufw allow 443/tcp # Harbor registry (public read access)
```
**Security Model**:
- **Port 8080 (Harbor)**: Public read access for public projects, authenticated write access
- **Port 443 (Harbor)**: Public read access for public projects, authenticated write access
- **SSH**: Restricted to your IP addresses
- **All other ports**: Blocked