-
Notifications
You must be signed in to change notification settings - Fork 759
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Harbor-registry which set store data on S3 seems not works with service account (IAM role) on EKS #725
Comments
Having the same issue. Seems like that the harbor registry does not support sts:AssumeRoleWithWebIdentity. Would love to see that as well. |
The issue on the harbor repo seems closed, but the problem remains. The service account method to give S3 access still doesn't work in EKS and access keys still need to be created. |
Any updates here? Does anyone work on this issue? |
I am also curious if this will be fixed? |
It appears to be an issue in the distribution engine, see this issue distribution/distribution#3275 (comment) It has been address in the main branch distribution/distribution#3097 but they have not performed a release since 2019 |
I submitted a PR to update distribution to a version that supports |
Also looking forward to updates here. |
is there any updates on this? |
It seems that this is not fixed in the upstream dependency |
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
Just keeping this fresh. It's still a problem. |
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
This needs to stay open. |
I suspect it maybe related to this issue We have had to make imdsv2 optional on our internal cluster to avoid managing and rotating access keys. There is no response on that thread either. |
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue. |
issue still relevant and persistent, please reopen |
errors:
the service account which already has permission to s3 bucket worked normally in the harbor-chartmuseum service, I could put the chart via helm push. However, the harbor-registry service can not ( docker push always failed), It works only once I patch the harbor-registry config map that included accesskey/secretkey.
the following configmap which did not work:
The text was updated successfully, but these errors were encountered: