charts
charts copied to clipboard
bitnami
[bitnami/harbor] Redis Sentinel configuration does not work with registry but works with core
Name and Version
bitnami/harbor 15.0.0
What steps will reproduce the bug?
Check also: https://github.com/bitnami/charts/issues/11266 I am using same config, but had to switch off Sentinel authentication on Redis as it does not work.
Seems that harbor-core connects to Sentinels and gets Redis master. With the harbor-registry it does not work.
Are you using any custom parameters or values?
externalRedis:
host: ""
port: 6379
password: "rEdIs.PaS3"
coreDatabaseIndex: '10'
jobserviceDatabaseIndex: '11'
registryDatabaseIndex: '12'
chartmuseumDatabaseIndex: '13'
trivyAdapterDatabaseIndex: '14'
sentinel:
enabled: true
masterSet: 'k8s123'
hosts: "redis-sentinels-node-0.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-1.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379"
What is the expected behavior?
harbor-registry should connect to Redis
What do you see instead?
Registry logs:
time="2022-07-26T10:30:45.815625733Z" level=error msg="error connecting to redis instance redis-sentinels-node-0.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-1.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-
node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379/k8s123:6379: dial tcp: address redis-sentinels-node-0.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-1.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,red
is-sentinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379/k8s123:6379: too many colons in address" go.version=go1.18.3 instance.id=133ca8f6-b5d6-427d-b1e9-2625ec7883d8 service=registry version=v2.8.0
time="2022-07-26T10:30:45.815668259Z" level=error msg="redis: error connecting: dial tcp: address redis-sentinels-node-0.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-1.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-se
ntinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379/k8s123:6379: too many colons in address" go.version=go1.18.3 instance.id=133ca8f6-b5d6-427d-b1e9-2625ec7883d8 redis.connect.duration=67.4µs service=registry version=v2.8.0
Core logs:
redis: 2022/07/26 10:22:28 sentinel.go:329: sentinel: discovered new sentinel="284f1849d88c699f7562170b7b7605d7924ba077" for master="k8s123"
redis: 2022/07/26 10:22:28 sentinel.go:329: sentinel: discovered new sentinel="a8572a372df3e9c9eb92368fee7cd1720c920b2e" for master="k8s123"
redis: 2022/07/26 10:22:28 sentinel.go:296: sentinel: new master="k8s123" addr="redis-sentinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:6379"
Additional information
No response
I have manually modified Config Map harbor-registry to add sentinelMasterSet and have only one Sentinel in addr:
redis:
addr: \"redis-sentinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379\"
sentinelMasterSet: \"k8s123\"
db: 12
Now I am receiving this error:
time="2022-07-26T16:36:09.217762724Z" level=error msg="redis: error connecting: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?" go.version=go1.18.3 instance.id=685568ec-f5cb-42f9-80e2-66be9b87ab28 redis.connect.duration=1.412187ms service=registry version=v2.8.0
I have checked running registry container and environment variable REGISTRY_REDIS_PASSWORD is set to correct value.
Was wondering how it is with core, so checked running core conainer and it has whole URL in one environment variable that just works:
_REDIS_URL_REG=redis+sentinel://redis:pass.word@redis-sentinels-node-0.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-1.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379/k8s123/12
FYI: Tried goharbor/harbor v1.9.3 helm chart and it works with Redis Sentinels. Registry image used in chart: goharbor/registry-photon:v2.5.3 Used this config:
redis:
type: external
external:
addr: "redis-sentinels-node-0.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-1.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379,redis-sentinels-node-2.redis-sentinels-headless.redis-sentinels.svc.cluster.local:26379"
sentinelMasterSet: "k8s123"
coreDatabaseIndex: '10'
jobserviceDatabaseIndex: '11'
registryDatabaseIndex: '12'
chartmuseumDatabaseIndex: '13'
trivyAdapterIndex: '14'
password: "pass.WORD"
Sorry for the late reply. I'm not a Harbor expert but from your messages, do you think this could be due to the registry missing authentication details for Redis?
Sorry for the late reply. I'm not a Harbor expert but from your messages, do you think this could be due to the registry missing authentication details for Redis?
I'm not sure, seems that password is set https://github.com/bitnami/charts/blob/f52ef4b2d0be0b7b20cac1dd0fe0b91cf94920ee/bitnami/harbor/templates/registry/registry-secret.yaml#L17 but don't know if it is used. Didn't have time to experiment more with it.
Feel free to close this issue as I am using goharbor's chart now and waiting on an issue https://github.com/goharbor/harbor/issues/14757.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.