ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

docs: update harbor integration status and remove hardcoded credentials

Browse Source
This commit is contained in:
Username
2026-01-18 09:57:27 +01:00
parent 0fc45587cd
commit 9eee14e918
5 changed files with 33 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
documentation/harbor-registry.md
View File

@@ -23,7 +23,8 @@ vulnerability scanning, image signing, and role-based access control.
### Harbor Details
```
Registry: 192.168.122.154:30443
Internal: 192.168.122.154:30443 (K8s cluster access)
External: harbor.mymx.me (CI/CD, remote access)
Project: library (public)
Repository: library/flaskpaste
```
@@ -31,11 +32,14 @@ Repository: library/flaskpaste
### Authentication
```bash
# Default credentials (change in production!)
Username: admin
Password: Harbor12345
Username: <harbor-username>
Password: <harbor-password>
```
For CI/CD automation, configure Gitea Actions secrets:
- `HARBOR_USER` - Harbor username (e.g., `ansible` automation account)
- `HARBOR_PASS` - Harbor password
---
## Building Images
@@ -73,7 +77,7 @@ podman manifest add flaskpaste:latest flaskpaste:arm64
```bash
# Login to Harbor (skip TLS verify for self-signed certs)
podman login 192.168.122.154:30443 \
-u admin -p Harbor12345 \
-u "$HARBOR_USER" -p "$HARBOR_PASS" \
--tls-verify=false
# Tag for Harbor
@@ -94,7 +98,7 @@ When Harbor is on an internal network:
ssh -f -N -L 30443:192.168.122.154:30443 jumphost
# Login and push via localhost
podman login localhost:30443 -u admin -p Harbor12345 --tls-verify=false
podman login localhost:30443 -u "$HARBOR_USER" -p "$HARBOR_PASS" --tls-verify=false
podman tag localhost/flaskpaste:latest localhost:30443/library/flaskpaste:latest
podman push localhost:30443/library/flaskpaste:latest --tls-verify=false
```
@@ -117,7 +121,7 @@ ssh user@k8s-master '
localhost/flaskpaste:latest \
192.168.122.154:30443/library/flaskpaste:latest
sudo ctr -n k8s.io images push --skip-verify \
--user admin:Harbor12345 \
--user <harbor-username>:<harbor-password> \
192.168.122.154:30443/library/flaskpaste:latest
'
```
@@ -137,7 +141,7 @@ podman pull 192.168.122.154:30443/library/flaskpaste:latest \
```bash
sudo ctr -n k8s.io images pull --skip-verify \
--user admin:Harbor12345 \
--user <harbor-username>:<harbor-password> \
192.168.122.154:30443/library/flaskpaste:latest
```
@@ -157,8 +161,8 @@ For nodes to pull from Harbor with self-signed certificates:
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.122.154:30443".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.122.154:30443".auth]
username = "admin"
password = "Harbor12345"
username = "<harbor-username>"
password = "<harbor-password>"
```
Restart containerd after changes:
@@ -171,9 +175,9 @@ sudo systemctl restart containerd
```bash
kubectl create secret docker-registry harbor-creds \
--docker-server=192.168.122.154:30443 \
--docker-username=admin \
--docker-password=Harbor12345 \
--docker-email=admin@example.com
--docker-username=<harbor-username> \
--docker-password=<harbor-password> \
--docker-email=<your-email>
```
### Deployment Manifest
@@ -322,7 +326,7 @@ jobs:
### Check Image Exists
```bash
curl -k -s -u admin:Harbor12345 \
curl -k -s -u <harbor-username>:<harbor-password> \
"https://192.168.122.154:30443/api/v2.0/projects/library/repositories/flaskpaste/artifacts" \
| jq '.[] | {digest: .digest, tags: [.tags[].name], size: .size}'
```
@@ -330,7 +334,7 @@ curl -k -s -u admin:Harbor12345 \
### List Tags
```bash
curl -k -s -u admin:Harbor12345 \
curl -k -s -u <harbor-username>:<harbor-password> \
"https://192.168.122.154:30443/api/v2.0/projects/library/repositories/flaskpaste/artifacts" \
| jq -r '.[].tags[].name'
```
@@ -339,7 +343,7 @@ curl -k -s -u admin:Harbor12345 \
```bash
# Delete specific tag
curl -k -X DELETE -u admin:Harbor12345 \
curl -k -X DELETE -u <harbor-username>:<harbor-password> \
"https://192.168.122.154:30443/api/v2.0/projects/library/repositories/flaskpaste/artifacts/v1.0.0"
```
@@ -364,11 +368,11 @@ curl -k https://192.168.122.154:30443/api/v2.0/health
```bash
# Verify credentials via API
curl -k -u admin:Harbor12345 \
curl -k -u <harbor-username>:<harbor-password> \
https://192.168.122.154:30443/api/v2.0/users/current
# Check if project exists
curl -k -u admin:Harbor12345 \
curl -k -u <harbor-username>:<harbor-password> \
https://192.168.122.154:30443/api/v2.0/projects
```

6
documentation/kubernetes-deployment.md
View File

@@ -50,9 +50,9 @@ kubectl create namespace flaskpaste
kubectl create secret docker-registry harbor-creds \
--namespace flaskpaste \
--docker-server=192.168.122.154:30443 \
--docker-username=admin \
--docker-password=Harbor12345 \
--docker-email=admin@example.com
--docker-username=<harbor-username> \
--docker-password=<harbor-password> \
--docker-email=<your-email>
```
### 2. Apply Manifest