harbor-helm
harbor-helm copied to clipboard
goharbor
Map domain to harbor proxied registry
For example, i want to map my Harbor proxied docker.io project by means of a domain.
dockerio-registry.foo.bar -> registry.foo.bar/docker.io
The use case is configuring the pull-through cache directly in the docker daemon, as subpaths are not allowed. This does not work:
{
"registry-mirrors": ["https://registry.foo.bar/docker.io"]
}
So something like this is required:
{
"registry-mirrors": ["https://dockerio-registry.foo.bar"]
}
Let me clarify, is docker.io a proxy cache project?
I don't think we can map a project's URI to a host.
I can almost do it, but im having a 401 unauthorized error. I manage to have the same errors with 2 different configurations. One using the server-script from nginx reverse proxy, the other way by duplicating the ingress rules to a new "virtual host"
I dont have the currect setup anymore, but it was something like:
nginx.ingress.kubernetes.io/server-snippet: |
if ($host ~ "dockerio-registry-staging.foo.bar")
{
rewrite ^https://dockerio-registry-staging.foo.bar(/docker.io)/v2(/.*)$ https://registry-staging.foo.bar/v2$1$2
}
OR
cat templates/proxy.yaml
{{- range $domain,$project := .Values.domains.proxy }}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
{{ $.Values.harbor.expose.ingress.annotations | toYaml | nindent 4 }}
nginx.ingress.kubernetes.io/rewrite-target: /v2/{{ $project }}/$2
name: harbor-staging-harbor-ingress-{{ $domain }}
spec:
rules:
- host: {{ $domain }}-{{ $.Values.harbor.expose.ingress.hosts.core }}
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: {{ $.Release.Name }}-harbor-portal
servicePort: 80
- path: /api
pathType: Prefix
backend:
serviceName: {{ $.Release.Name }}-harbor-core
servicePort: 80
- path: /service
pathType: Prefix
backend:
serviceName: {{ $.Release.Name }}-harbor-core
servicePort: 80
- path: /v2(/|$)(.+)
pathType: Prefix
backend:
serviceName: {{ $.Release.Name }}-harbor-core
servicePort: 80
- path: /chartrepo
pathType: Prefix
backend:
serviceName: {{ $.Release.Name }}-harbor-core
servicePort: 80
- path: /c
pathType: Prefix
backend:
serviceName: {{ $.Release.Name }}-harbor-core
servicePort: 80
tls:
- hosts:
- {{ $domain }}-registry-staging.foo.bar
secretName: {{ $.Release.Name }}-harbor-ingress-{{ $domain }}
---
{{ end }}
I think with a litle teak this is possible. Definetly this last way its easyer to understand
Let me clarify, is
docker.ioa proxy cache project?I don't think we can map a project's URI to a host.
Yes, docker.io is a proxy cache project
Sorry, no. I did not make this work and since then i didnt try it again... still interested tho.
Hello @dioguerra We had that issue in the past for the docker.io proxy, the thing is that you need to rewrite the request of the token also that happens in the back of the communications: Please check: https://github.com/goharbor/harbor/issues/8082#issuecomment-935953968 https://github.com/goharbor/harbor/issues/13579#issuecomment-935955899
For your question the issue I see is having a subfolder as endpoint, maybe you can check the examples in the comments and adapt to your needs.
Hope it helps
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.