harbor icon indicating copy to clipboard operation
harbor copied to clipboard
verified publisher icon goharbor

IPV6 support

Open bizhao opened this issue 5 years ago • 7 comments

Is your feature request related to a problem? Please describe. Current Harbor cannot work in an IPV6 environment.

Describe the solution you'd like A clear and concise description of what you want to happen. Support IPV6 in the full life cycle of Harbor.

Describe the main design/architecture of your solution A clear and concise description of what does your solution look like. Rich text and diagrams are preferred. Support static and DHCP ipv6 address for all supported installation methods (standalone and Kubernetes).

Describe the development plan you've considered Need some evaluation the development efforts and see how to proceed.

Additional context

bizhao avatar Apr 02 '20 08:04 bizhao

K8s upstream doesn’t have full support for it either, Ipv6 dual stack in upstream is alpha https://github.com/kubernetes/kubernetes/blob/master/pkg/features/kube_features.go#L492-L496

xaleeks avatar Apr 26 '20 19:04 xaleeks

K8s upstream doesn’t have full support for it either, Ipv6 dual stack in upstream is alpha https://github.com/kubernetes/kubernetes/blob/master/pkg/features/kube_features.go#L492-L496

K8S has been running IPv6 fine since 1.9 (2017/2018). DualStack-support is what is being worked on currently (running both IPv4 and IPv6 protocols at the same time), but people have been running IPv6 single-stack clusters fine for years.

We've been running IPv6 only for a few years now, but cannot migrate to Harbor until this is handled.

DennisGlindhart avatar Jan 16 '21 22:01 DennisGlindhart

Is Harbor IPv6 support in the plan?

liy516 avatar Feb 08 '21 03:02 liy516

For a docker installation you can enable it by:

  1. Stop the registry: docker-compose down
  2. Add another ipv6-enabled network to the proxy service:
proxy:
    ...
    networks:
      - ...
      - expose
...
networks:
 ...
  expose:
    external: false
    enable_ipv6: true
    ipam:
      config:
        - subnet: "fdc8:5111:a111::/64" # adjust the subnet according to your configuration
  1. Edit the nginx configuration to actually listen on ipv6: common/config/nginx/nginx.conf. Add a line for all server { ... } blocks:
server {
      listen 8443;
      listen [::]:8443;
      ...
}
...
server {
      listen 8080;
      listen [::]:8080;
      ...
}
...
server {
      listen 9090;
      listen [::]:9090;
      ...
}
  1. Start the registry again docker-compose up -d

I would recommend a change to streamline this process a bit better, though.

shwill avatar Jun 02 '22 09:06 shwill

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] avatar Jul 07 '22 09:07 github-actions[bot]

Could you please confirm whether harbor is now supported for pure IPv6 with docker-compose setup or any additional customizations needs to be done.

muralisankar32 avatar Apr 21 '23 04:04 muralisankar32

With config from @shwill I was able to enable ipv6 but it doesn't work for s3 storage. I was able to use docker login to log into harbor, portal worked fine. However, I could not pull any image I got:

x1: Retrying in 1 second
x2: Retrying in 1 second
x3: Retrying in 1 second
x4: Waiting
x5: Waiting
x6: Waiting
x7: Waiting
error pulling image configuration: download failed after attempts=6: dial tcp <aws ipv4 s3 address>:443: i/o timeout

Inside storage_service I specified usedualstack: true but got ipv4 address to s3 anyway.

dk-tgz avatar Aug 09 '24 09:08 dk-tgz

Could you please confirm whether harbor is now supported for pure IPv6 with docker-compose setup or any additional customizations needs to be done.

I recently performed an ipv6-native install, from harbor-online-installer-v2.13.2.tgz. I had to make some minor tweaks to get it to work.

Pre-installation, in harbor.yml, I set:

ip_family:
  ipv6:
    enabled: true
  ipv4:
    enabled: false

Post-installation, I found that incoming connections were not reaching nginx. I needed to add to the network definition at the bottom of docker-compose.yml:

networks:
  harbor:
    external: false
    # MY ADDITIONS BEGIN HERE
    enable_ipv6: true
    ipam:
      config:
        - subnet: fd01:b7d8:a175:ac04::/64

(The subnet address is random, based on the output of echo harbor | sha256sum.)

Once I added that and made the routing work, then restarted Harbor, I'm able to log into it with a web browser. I haven't tried s3 storage (as @dk-tgz mentions above), but I did set up a proxy cache registry, linked to an ipv6-only upstream server, and that all seems to work.

Infinoid avatar Sep 05 '25 18:09 Infinoid