Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image pull issue from Harbor registry which is deployed on the same cluster. #20524

Closed
Leela-SR opened this issue May 31, 2024 · 5 comments
Closed

Image pull issue from Harbor registry which is deployed on the same cluster. #20524

Leela-SR opened this issue May 31, 2024 · 5 comments
Labels
kind/question

Comments

@Leela-SR
Copy link

Leela-SR commented May 31, 2024
edited
Loading

Hi Harbor Team,

We plan to have a local container registry in the same cluster where our applications are running. We need this local container registry to support the network disconnections.

I have deployed Harbor in our cluster as local container registry and was able to successfully pull and push images from outside the cluster through nodePort and ingress service types.
However, this is not our use case. We need to pull the images within the cluster for which I am making use of "harbor core" service to access the repositories. Note: I have tried it with image pull secret where un: admin, pw: Harbor12345 url: http://test-harbor-core.harbor.svc:80
example:
image

When I try to deploy the pod, I get following error:
image

Could you please let us if we are missing anything? Is any configuration is missing? i am able to ping harbor.core service pod from other pods successfully.

NOTE: When exposed through NodePort or Ingress from cluster, I am successfully pulling the images from Harbor container registry.
image

Our Configuration:
Kubernetes version: v1.28.9+rke2r1
@Kajot-dev
Copy link

That would seem like some DNS issue in your k8s cluster since it fails to lookup the hostname. Connection to the harbor registry is not even made

Also, you're trying to access port 80 over https. I would strongly recommend using harbor's internal tls for this one

@stonezdj
Copy link
Contributor

stonezdj commented Jun 3, 2024

Please don't use service name to serve Harbor service, because you should always pull image through externalURL

@Leela-SR
Copy link
Author

Leela-SR commented Jun 3, 2024

@stonezdj Why we can't access harbor service through service Type Cluster IP (internal to cluster). Generally, if it is ClusterIP, we generally access it through service name right? We don't want to expose registry outside cluster due to security issues.

@stonezdj
Copy link
Contributor

stonezdj commented Jun 3, 2024

When pulling image from Harbor, it always request the bearer token via <externalURL>/service/token, if you are using the service name, the pull request fail to get the bearer token.

@stonezdj stonezdj closed this as completed Jun 3, 2024
@Leela-SR
Copy link
Author

Leela-SR commented Jun 3, 2024

@stonezdj
I have set the EXT_ENDPOINT and deployed harbor with serviceType = clusterIP
https://harbor:443 ( tried with http://harbor:80 as well)
When I try to deploy a pod where the image is pulled from harbor registry, i am getting this error.
image

It starts referencing the image from docker.io. Could you please let us know why it is pointing to "docker.io/harbor/ix/test/redis:latest

Am I missing any configuration here?

my pod deployment file is:
image

Created Kubernetes image secret object using following:
registry server: https://harbor:433
un: admin
pw: Harbor12345

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stonezdj @Kajot-dev @Leela-SR