harbor-helm
harbor-helm copied to clipboard
goharbor
Harbor-core unable to access /service/token when hard-coding auto-generated values
If you are reporting a problem, please make sure the following information are provided:
Expected behavior and actual behavior:
Installed Harbor Helm chart as expected. I am using a GitOps system called kapp-controller (similar to ArgoCD/Flux). I was having issues where pods would rotate each time the helmTemplate command was ran by kapp-controller, so I went through the chart to explicitly define all the auto-generated fields as seen below.
After doing so, my GitOps system wasn't rotating passwords anymore, but then I was unable to push images to the registry through my ingress. Port-forward of the registry pods+svc worked fine. Going through the logs in harbor-core, would get a unable to handle service:
So either I have something mis-configured and the chart should not allow that, or there is a bug.
Steps to reproduce the problem:
I had the following values set on my helm install, where harbor-tls-secret is a cert-manager created secret with a self-signed CA issuer. The following values are not the ones actually used by the Harbor in my URL.
externalURL: "https://andrew-harbor.tanzuplatform.com"
harborAdminPassword: Harbor123456
caSecretName: harbor-tls-secret
caBundleSecretName: harbor-tls-secret
logLevel: debug
expose:
ingress:
hosts:
core: andrew-harbor.tanzuplatform.com
notary: andrew-notary.tanzuplatform.com
tls:
certSource: secret
secret:
secretName: harbor-tls-secret
notarySecretName: harbor-tls-secret
core:
secret: w5dlTF1qrIKvfmuJ
xsrfKey: VvFTijscqmVOM0fz7qhoLWvu12YRYCKY
secretName: harbor-tls-secret
registry:
secret: PuzrqhB0zbPW17ut
credentials:
# This was generated via `openssl passwd -apr1 harbor-registry-password`
htpasswdString: "$apr1$g4cGfexj$My3rncqfvMiKhzF6JJx090"
notary:
secretName: harbor-tls-secret
jobservice:
secret: IxKVXjB46tMjPP0p
Versions: Please specify the versions of following systems.
- helm version: v3.9.0
- harbor chart version: 1.9.2
Could you please paste a relative full log?
BTW, by my GitOps system wasn't rotating passwords anymore, which passwords are you referring to?
Attached should be logs for each component:
For the "passwords" piece, I mean pretty every place where a helm template command results in a randomly generated string, I set the corresponding value (such as jobservice.secret) where it will not be randomly generated.
I also made a quick repo of how to quickly re-produce it locally if that helps on your end.
harbor-app-chartmuseum-6d568f554f-dhm5k.log harbor-app-core-5cf6cdf6c4-qwdfm.log harbor-app-database-0.log harbor-app-jobservice-7c5756bd5d-kvpht.log harbor-app-notary-server-75d8b6df-qj57h.log harbor-app-notary-signer-7cc9cbf59-f5b5z.log harbor-app-portal-9dc48dd6f-vqd45.log harbor-app-redis-0.log harbor-app-registry-6dc5889cc7-thlkf.log harbor-app-trivy-0.log
Sat for like an hour or so and fiddled with my values.yaml and re-installing in-between each time -- seems the curl response issue occurs even with no helm values set at all even going back to chart version 1.8 at least.
Main reason I submitted this bug is that the above values results in me being unable to perform a docker login + docker push.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.