📚 Sync docs from alaudadevops/connectors-operator on f6ac686740365cb80e5714c63be8b7228b23a885

Source: docs: add using oci/harbor forward proxy in pipeline (#431)
Author: chengjingtao
Ref: refs/heads/main
Commit: f6ac686740365cb80e5714c63be8b7228b23a885

This commit automatically syncs documentation changes from the source-docs repository.

🔗 View source commit: AlaudaDevops/connectors-operator@f6ac686
🤖 Synced on 2025-12-11 06:06:47 UTC

Author: chengjingtao

.github/SYNC_INFO.md

@@ -1,10 +1,10 @@
 # Documentation Sync Information
 
-- **Last synced**: 2025-12-11 04:58:03 UTC
+- **Last synced**: 2025-12-11 06:06:47 UTC
 - **Source repository**: alaudadevops/connectors-operator
-- **Source commit**: [d00cb15366dc704098e0860f056012b27c423cce](https://github.com/alaudadevops/connectors-operator/commit/d00cb15366dc704098e0860f056012b27c423cce)
-- **Triggered by**: edge-katanomi-app2[bot]
-- **Workflow run**: [#59](https://github.com/alaudadevops/connectors-operator/actions/runs/20122467163)
+- **Source commit**: [f6ac686740365cb80e5714c63be8b7228b23a885](https://github.com/alaudadevops/connectors-operator/commit/f6ac686740365cb80e5714c63be8b7228b23a885)
+- **Triggered by**: chengjingtao
+- **Workflow run**: [#60](https://github.com/alaudadevops/connectors-operator/actions/runs/20123703939)
 
 ## Files synced:
 - docs/

docs/en/connectors-harbor/concepts/harbor_connectorclass.mdx

@@ -194,4 +194,7 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
 ## Further Reading
 
 - [Harbor Connector Quick Start](../quick_start)
-- [Harbor Connector How To Guides](../how_to)
+- [General Introduction to Using the Harbor Connector Proxy in K8S Workload](../how_to/using_harbor_connector_in_k8s.mdx)
+- [Building Images Using Harbor Connector in K8S Job](../how_to/using_harbor_connector_in_k8s_job.mdx)
+- [Building Images Using Harbor Connector in Tekton Pipeline](../how_to/using_harbor_connector_forward_proxy_in_tekton_pipeline.mdx)
+

docs/en/connectors-harbor/how_to/using_harbor_connector_forward_proxy_in_tekton_pipeline.mdx

@@ -0,0 +1,105 @@
+---
+weight: 35
+title: Using Harbor Connector Forward Proxy in Tekton Task
+---
+
+# Using Harbor Connector Forward Proxy in Tekton Task
+
+Using Harbor Connector Forward Proxy in Tekton Tasks enables centralized management of Harbor credentials and secure access to Harbor registries during Tekton Task execution.
+
+## Requirements for Tekton Task \{#requirements-for-tekton-task}
+
+Not all Tekton Tasks can use Harbor Connector Forward Proxy.
+
+Harbor Connector injects proxy configurations through a CSI Driver. It provides built-in configuration files for forward proxy usage:
+
+- `.env`: Environment variables file containing `http_proxy`, `https_proxy`, and `no_proxy` in `key=value` format
+- `http.proxy`: Forward proxy URL with authentication for HTTP
+- `https.proxy`: Forward proxy URL with authentication for HTTPS
+
+**Therefore, Tekton Tasks must meet the following requirements to use Harbor Connector Forward Proxy:**
+
+**1. The CLI tools used in the Task must support HTTP proxy environment variables**
+
+**2. The Task must support configuring HTTP proxy environment variables**.
+> This can be done by:
+> - Mounting a workspace containing a `.env` file
+> - Using custom commands to read environment variables from files
+
+**3. The Task must support configuring insecure registries**
+> This can be done by:
+> - Mounting a workspace containing a configuration file that supports insecure registries that connectorclass provides
+> - Using cli arguments to configure insecure registries
+
+## Usage Instructions
+
+### Using Forward Proxy with .env Workspace
+
+If the Task natively supports a workspace containing a `.env` file, and will expose the `.env` file to the environment variable, you can directly mount the Harbor Connector's configurations via CSI.
+
+In the following example, we use a `buildah` Task that accepts a `docker-config` workspace with a `.env` file containing `http_proxy`, `https_proxy`, and `no_proxy` environment variables:
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: buildah-build-my-repo
+spec:
+  taskRef:
+    name: buildah
+  params:
+    - name: IMAGES
+      value:
+        - harbor.example.com/my-repo/my-image
+    - name: TLS_VERIFY
+      value: "false"
+  workspaces:
+    - name: source
+      persistentVolumeClaim:
+        claimName: my-source
+    - name: docker-config
+      csi:
+        readOnly: true
+        driver: connectors-csi
+        volumeAttributes:
+          connector.name: "harbor-connector"
+          configuration.names: "config"
+```
+
+### Using Forward Proxy with Custom Commands
+
+If the Task does not natively support a `.env` workspace, but allows custom commands, you can source the `.env` file manually in the command.
+
+In the following example, we use a `buildah-cli` Task that accepts a `cmd` parameter for custom shell commands. The Task mounts the `docker-config` workspace to `/workspace/docker-config`:
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: buildah-build-my-repo
+spec:
+  taskRef:
+    name: buildah-cli
+  workspaces:
+    - name: docker-config
+      csi:
+        readOnly: true
+        driver: connectors-csi
+        volumeAttributes:
+          connector.name: "harbor-connector"
+          configuration.names: "config"
+  params:
+    - name: cmd
+      value: |
+        source /workspace/docker-config/.env
+        buildah push --tls-verify=false myimage harbor.example.com/library/myimage:v1
+```
+
+**Note:** The `--tls-verify=false` flag is required because the forward proxy intercepts and re-signs TLS traffic. Different CLI tools have different ways to configure insecure registries. Please refer to your CLI documentation for details.
+
+## Further Reading
+
+- [Using Harbor Connector Proxy in K8S Workload](./using_harbor_connector_in_k8s.mdx) - Learn about the general logic of using Harbor Connector proxy
+- [Harbor ConnectorClass Forward Proxy](../concepts/harbor_connectorclass.mdx#forward-proxy) - Learn about forward proxy configurations
+- [Connectors CSI Built-in Configurations](../../connectors/concepts/connectors_csi.mdx#built-in-configurations) - Learn about built-in configuration files
+- [Using CSI Volumes in Tekton](https://tekton.dev/docs/pipelines/workspaces/#csi) - Tekton CSI workspace documentation

docs/en/connectors-harbor/how_to/using_harbor_connector_in_k8s.mdx

@@ -18,15 +18,19 @@ If you already have a preliminary understanding, you can directly refer to more
 
 ## Utilizing Harbor Connector Proxy Capability
 
-Currently, there are two proxy modes supported:
-- Forward Proxy
-- Reverse Proxy
+The Harbor Connector supports two proxy modes:
+
+- **Forward Proxy** - Recommended for most cases. Less intrusive to client configurations and easier to use.
+- **Reverse Proxy** - Requires modifying the target image address and additional client configuration.
 
 ### Forward Proxy
 
-- Configure the forward proxy for the Harbor Connector, such as `http_proxy`, `https_proxy`, `no_proxy`, etc.
+Using Forward Proxy involves the following aspects:
 
-The `Harbor ConnectorClass` provides an out-of-the-box configuration that can be mounted through connector-csi.
+- Setting proxy environment variables for the client
+- Configuring the client to support insecure registries (if required)
+
+Mount the [built-in configurations](../../connectors/concepts/connectors_csi.mdx#built-in-configurations) through the Connectors CSI Driver:
 
 ```yaml
 volumes:
@@ -38,21 +42,24 @@ volumes:
       connector.name: "harbor"
 ```
 
-> Note: The configuration name don't need support, it will be mounted as `http.proxy` and `https.proxy`.
-
-Before using, configure the proxy according to different container registry clients. Most container registry clients support directly reading the HTTP_PROXY, HTTPS_PROXY, NO_PROXY, http_proxy, https_proxy, no_proxy environment variables.
+Most container registry clients support reading proxy settings from environment variables (`http_proxy`, `https_proxy`, `no_proxy`). You can configure them in two ways:
 
 ```bash
+# Option 1: Set proxy variables individually
 export http_proxy=$(cat /{mount-path}/http.proxy)
 export https_proxy=$(cat /{mount-path}/https.proxy)
 export HTTP_PROXY=$http_proxy
 export HTTPS_PROXY=$https_proxy
 export no_proxy=localhost,127.0.0.1
 export NO_PROXY=$no_proxy
+
+# Option 2: Source the environment file
+source /{mount-path}/.env
 ```
 
-Some clients need to specify the proxy in the software configuration file, the configuration method needs to refer to the specific documentation of the client.
+> Note: Some clients require specifying proxy settings in their configuration files.
 
+Since the forward proxy intercepts and re-signs TLS traffic (MITM), clients must be configured to trust the proxy's certificate or allow insecure connections. Refer to your CLI documentation for details, or see the [Harbor ConnectorClass Forward Proxy](../concepts/harbor_connectorclass.mdx#forward-proxy) for default configurations provided by the ConnectorClass.
 
 ### Reverse Proxy
 

docs/en/connectors-oci/how_to/using_oci_connector_forward_proxy_in_tekton_pipeline.mdx

@@ -0,0 +1,105 @@
+---
+weight: 35
+title: Using OCI Connector Forward Proxy in Tekton Task
+---
+
+# Using OCI Connector Forward Proxy in Tekton Task
+
+Using OCI Connector Forward Proxy in Tekton Tasks enables centralized management of OCI registry credentials and secure access to OCI registries during Tekton Task execution.
+
+## Requirements for Tekton Task \{#requirements-for-tekton-task}
+
+Not all Tekton Tasks can use OCI Connector Forward Proxy.
+
+OCI Connector injects proxy configurations through a CSI Driver. It provides built-in configuration files for forward proxy usage:
+
+- **`.env`**: Environment variables file containing `http_proxy`, `https_proxy`, and `no_proxy` in `key=value` format
+- **`http.proxy`**: Forward proxy URL with authentication for HTTP
+- **`https.proxy`**: Forward proxy URL with authentication for HTTPS
+
+**Therefore, Tekton Tasks must meet the following requirements to use OCI Connector Forward Proxy:**
+
+**1. The CLI tools used in the Task must support HTTP proxy environment variables**
+
+**2. The Task must support configuring HTTP proxy environment variables**.
+> This can be done by:
+> - Mounting a workspace containing a `.env` file
+> - Using custom commands to read environment variables from files
+
+**3. The Task must support configuring insecure registries**
+> This can be done by:
+> - Mounting a workspace containing a configuration file that supports insecure registries that connectorclass provides
+> - Using cli arguments to configure insecure registries
+
+## Usage Instructions
+
+### Using Forward Proxy with .env Workspace
+
+If the Task natively supports a workspace containing a `.env` file, you can directly mount the OCI Connector's built-in configurations via CSI.
+
+In the following example, we use a `buildah` Task that accepts a `docker-config` workspace with a `.env` file containing `http_proxy`, `https_proxy`, and `no_proxy` environment variables:
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: buildah-build-my-repo
+spec:
+  taskRef:
+    name: buildah
+  params:
+    - name: IMAGES
+      value:
+        - registry.example.com/my-repo/my-image
+    - name: TLS_VERIFY
+      value: "false"
+  workspaces:
+    - name: source
+      persistentVolumeClaim:
+        claimName: my-source
+    - name: docker-config
+      csi:
+        readOnly: true
+        driver: connectors-csi
+        volumeAttributes:
+          connector.name: "oci-connector"
+          configuration.names: "config"
+```
+
+### Using Forward Proxy with Custom Commands
+
+If the Task does not natively support a `.env` workspace, but allows custom commands, you can source the `.env` file manually in the command.
+
+In the following example, we use a `buildah-cli` Task that accepts a `cmd` parameter for custom shell commands. The Task mounts the `docker-config` workspace to `/workspace/docker-config`:
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: buildah-build-my-repo
+spec:
+  taskRef:
+    name: buildah-cli
+  workspaces:
+    - name: docker-config
+      csi:
+        readOnly: true
+        driver: connectors-csi
+        volumeAttributes:
+          connector.name: "oci-connector"
+          configuration.names: "config"
+  params:
+    - name: cmd
+      value: |
+        source /workspace/docker-config/.env
+        buildah push --tls-verify=false myimage registry.example.com/library/myimage:v1
+```
+
+> **Note:** The `--tls-verify=false` flag is required because the forward proxy intercepts and re-signs TLS traffic. Different CLI tools have different ways to configure insecure registries. Please refer to your CLI documentation for details.
+
+## Further Reading
+
+- [Using OCI Connector Proxy in K8S Workload](./using_oci_connector_in_k8s.mdx) - Learn about the general logic of using OCI Connector proxy
+- [OCI ConnectorClass Forward Proxy](../concepts/oci_connectorclass.mdx#forward-proxy) - Learn about forward proxy configurations
+- [Connectors CSI Built-in Configurations](../../connectors/concepts/connectors_csi.mdx#built-in-configurations) - Learn about built-in configuration files
+- [Using CSI Volumes in Tekton](https://tekton.dev/docs/pipelines/workspaces/#csi) - Tekton CSI workspace documentation

docs/en/connectors-oci/how_to/using_oci_connector_in_k8s.mdx

@@ -14,19 +14,23 @@ Currently, there are various OCI clients available in the community for accessin
 If you already have a preliminary understanding, you can directly refer to more specific cases:
 
 - [Using OCI Connector to Build Images in K8S Job](./using_oci_connector_in_k8s_job.mdx)
-- [Using OCI Connector to Build Images in Tekton Pipeline](./using_oci_connector_reverse_proxy_in_tekton_pipeline.mdx)
+- [Using OCI Connector Forward Proxy in Tekton Pipeline](./using_oci_connector_forward_proxy_in_tekton_pipeline.mdx)
 
 ## Utilizing OCI Connector Proxy Capability
 
-urrently, there are two proxy modes supported:
-- Forward Proxy
-- Reverse Proxy
+The OCI Connector supports two proxy modes:
+
+- **Forward Proxy** - Recommended for most cases. Less intrusive to client configurations and easier to use.
+- **Reverse Proxy** - Requires modifying the target image address and additional client configuration.
 
 ### Forward Proxy
 
-- Configure the forward proxy for the OCI Connector, such as `http_proxy`, `https_proxy`, `no_proxy`, etc.
+Using Forward Proxy involves the following aspects:
 
-The `OCI ConnectorClass` provides an out-of-the-box configuration that can be mounted through connector-csi.
+- Setting proxy environment variables for the client
+- Configuring the client to support insecure registries
+
+Mount the [built-in configurations](../../connectors/concepts/connectors_csi.mdx#built-in-configurations) through the Connectors CSI Driver:
 
 ```yaml
 volumes:
@@ -38,17 +42,24 @@ volumes:
       connector.name: "oci-connector"
 ```
 
-> Note: The configuration name don't need support, it will be mounted as `http.proxy` and `https.proxy`.
-
-Before using, configure the proxy according to different container registry clients. Most container registry clients support directly reading the HTTP_PROXY, HTTPS_PROXY, NO_PROXY, http_proxy, https_proxy, no_proxy environment variables.
+Most container registry clients support reading proxy settings from environment variables (`http_proxy`, `https_proxy`, `no_proxy`). You can configure them in two ways:
 
 ```bash
+# Option 1: Set proxy variables individually
 export http_proxy=$(cat /{mount-path}/http.proxy)
 export https_proxy=$(cat /{mount-path}/https.proxy)
+export HTTP_PROXY=$http_proxy
+export HTTPS_PROXY=$https_proxy
 export no_proxy=localhost,127.0.0.1
+export NO_PROXY=$no_proxy
+
+# Option 2: Source the environment file
+source /{mount-path}/.env
 ```
 
-Some clients need to specify the proxy in the software configuration file, the configuration method needs to refer to the specific documentation of the client.
+> Note: Some clients require specifying proxy settings in their configuration files.
+
+Since the forward proxy intercepts and re-signs TLS traffic (MITM), clients must be configured to trust the proxy's certificate or allow insecure connections. Refer to your CLI documentation for details, or see the [OCI ConnectorClass Forward Proxy](../concepts/oci_connectorclass.mdx#forward-proxy) for default configurations provided by the ConnectorClass.
 
 ### Reverse Proxy
 
@@ -121,5 +132,5 @@ For example:
 
 ## More
 
-- [Using OCI Connector to Build Images in K8S Job](./using_oci_connector_in_k8s_job.md)
-- [Using OCI Connector to Build Images in Tekton Pipeline](./using_oci_connector_in_tekton_pipeline.md)
+- [Using OCI Connector to Build Images in K8S Job](./using_oci_connector_in_k8s_job.mdx)
+- [Using OCI Connector Forward Proxy in Tekton Pipeline](./using_oci_connector_forward_proxy_in_tekton_pipeline.mdx)