harbor-operator icon indicating copy to clipboard operation
harbor-operator copied to clipboard

Published 20 hours ago verified publisher icon goharbor

GCS workload identity is not worked

Open vvinnich opened this issue 2 years ago • 1 comments

Expected behavior and actual behavior: Expected working with empty spec.storage.spec.gcs.keyDataRef which should allow to use Google workload identity.

Steps to reproduce the problem: Run configuration without keyDataRef: gcs-key line

apiVersion: goharbor.io/v1beta1 kind: HarborCluster metadata: name: harbor-test namespace: harbor-operator-ns spec: cache: kind: RedisFailover spec: redisFailover: operatorVersion: 1.0.0 server: resources: limits: cpu: 2 memory: 2Gi core: resources: limits: cpu: 2 memory: 2Gi tokenIssuer: kind: Issuer name: selfsigned-issuer database: kind: Zlando/PostgreSQL spec: zlandoPostgreSql: operatorVersion: 1.5.0 resources: limits: cpu: 2 memory: 3Gi expose: core: ingress: controller: default host: harbor-k8s.vinnich.space ingressClassName: nginx externalURL: http://harbor-k8s.vinnich.space harborAdminPasswordRef: admin-core-secret logLevel: debug portal: replicas: 1 storage: kind: Gcs spec: gcs: bucket: vinnich-harbor keyDataRef: gcs-key version: 2.5.0

Versions: Please specify the versions of following systems.

  • harbor operator version: 1.3.0

  • harbor version: 2.5.0

  • kubernetes version: 1.23.7-gke.1400

  • Log files: Collect logs and attach them here if have.

"reconciler group":"goharbor.io", "reconciler kind":"Registry", "name":"harbor-test-harbor-harbor", "namespace":"harbor-operator-ns", "error":"cannot set status to error: cannot set conditions to error: apply apps/v1, Kind=Deployment (harbor-operator-ns/harbor-test-harbor-harbor-registry): apply: Deployment.apps \"harbor-test-harbor-harbor-registry\" is invalid: [spec.template.spec.containers[0].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[1].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]: apply apps/v1, Kind=Deployment (harbor-operator-ns/harbor-test-harbor-harbor-registry): apply: Deployment.apps \"harbor-test-harbor-harbor-registry\" is invalid: [spec.template.spec.containers[0].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[1].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]", "errorVerbose":"Deployment.apps \"harbor-test-harbor-harbor-registry\" is invalid: [spec.template.spec.containers[0].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[1].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]\napply\ngithub.com/goharbor/harbor-operator/pkg/controller.(*Controller).applyAndCheck\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/controller/common.go:174\ngithub.com/goharbor/harbor-operator/pkg/controller.(*Controller).ProcessFunc.func1\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/controller/resource.go:148\ngithub.com/goharbor/harbor-operator/pkg/graph.(*resourceManager).Run.func1\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/graph/runner.go:42\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\t/home/runner/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57\nruntime.goexit\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/asm_amd64.s:1581\napply apps/v1, Kind=Deployment (harbor-operator-ns/harbor-test-harbor-harbor-registry)\ngithub.com/goharbor/harbor-operator/pkg/controller.(*Controller).ProcessFunc.func1\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/controller/resource.go:147\ngithub.com/goharbor/harbor-operator/pkg/graph.(*resourceManager).Run.func1\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/graph/runner.go:42\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\t/home/runner/go/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57\nruntime.goexit\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/asm_amd64.s:1581\ncannot set status to error: cannot set conditions to error: apply apps/v1, Kind=Deployment (harbor-operator-ns/harbor-test-harbor-harbor-registry): apply: Deployment.apps \"harbor-test-harbor-harbor-registry\" is invalid: [spec.template.spec.containers[0].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[1].env[3].valueFrom.secretKeyRef.name: Invalid value: \"\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]\ngithub.com/goharbor/harbor-operator/pkg/controller.(*Controller).HandleError\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/controller/errors.go:61\ngithub.com/goharbor/harbor-operator/pkg/controller.(*Controller).Reconcile\n\t/home/runner/work/harbor-operator/harbor-operator/pkg/controller/common.go:157\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227\nruntime.goexit\n\t/opt/hostedtoolcache/go/1.17.11/x64/src/runtime/asm_amd64.s:1581" }

vvinnich avatar Sep 07 '22 20:09 vvinnich

Need to update the spec of the gcs storage to support the workload identity.

heww avatar Sep 27 '22 12:09 heww