Date   

Labels for new PRs

Orlin Vasilev
 

Hi All, as of today we have new labelling requirements for new PRs which you can see they were added into the PR template a few weeks ago! Keep in mind that if you do not add any of : “release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation” your PR will fail on that check! We need these labels for the release note creation process! 

Thank you so much! 
Any feedback is more than welcome! 

Orlix
Harbor Community Manager


Re: Failing to push OCI image index with two identical manifests

Marton, Gabor (Nokia - HU/Budapest)
 

Hi Orlix,

 

the issue is also opened here: https://github.com/goharbor/harbor/issues/16718.

 

Greetings,

 

Gábor

 

 

From: harbor-users@... <harbor-users@...> On Behalf Of Orlin Vasilev via lists.cncf.io
Sent: Wednesday, April 20, 2022 10:04
To: harbor-users@...
Subject: Re: [harbor-users] Failing to push OCI image index with two identical manifests

 

Szia Gábor,

can you open issue here: https://github.com/goharbor/harbor/issues 
as well :)
so others can participate and we can have a bit more readable conversation :)

Orlix
Harbor Community Manager


Re: Failing to push OCI image index with two identical manifests

Orlin Vasilev
 

Szia Gábor,

can you open issue here: https://github.com/goharbor/harbor/issues 
as well :)
so others can participate and we can have a bit more readable conversation :)

Orlix
Harbor Community Manager


Failing to push OCI image index with two identical manifests

Marton, Gabor (Nokia - HU/Budapest)
 

Dear Community,

 

pushing an OCI image index similar to the below one fails:

 

cat oci-image-index.json

{

    "schemaVersion": 2,

    "mediaType": "application/vnd.oci.image.index.v1+json",

    "manifests": [ {

        "mediaType": "application/vnd.oci.image.manifest.v1+json",

        "digest": "sha256:368fdd22c21f62f93c3d9bdbb0f26f8bf13dd984f423b174dc1ec1967e1b8a58",

        "size": 583,

        "annotations": {

            "org.opencontainers.image.ref.name": "project/a/b/c/kubectl:v1.23.1"

        }

    },{

        "mediaType": "application/vnd.oci.image.manifest.v1+json",

        "digest": "sha256:368fdd22c21f62f93c3d9bdbb0f26f8bf13dd984f423b174dc1ec1967e1b8a58",

        "size": 583,

        "annotations": {

            "org.opencontainers.image.ref.name": "project/c/d/e/kubectl:v1.23.1"

        }

    }],

    "annotations": {

        "org.opencontainers.image.created": "2022-04-14T09:14:00.000000Z"

    }

}

 

curl -k -u ... -X PUT -H ... -d @oci-image-index.json https://$HARBOR_REGISTRY/v2/$PROJECT/$REPOSITORY/manifests/$TAG

{

  "errors": [

    {

      "code": "NOT_FOUND",

      "message": "artifact .../.../...@sha256:ef52a37a715e1fc601a3488e42a08a48e9c16e9e001cd5cecf70b5bf01f04501 not found"

    }

  ]

}

 

The error is caused by the two manifests referring to the the same image manifest.

 

To me, this seems like a bug. Rationale: image index (“fat manifest”) is originally meant for multi-platform support. With this in mind, it seems valid to have the same image for two different platforms, say only differing in their name.

 

The root cause of the error seems to be this database constraint (postgresql/0030_2.0.0_schema.up.sql):

 

CREATE TABLE artifact_reference

(

  id          SERIAL PRIMARY KEY NOT NULL,

  parent_id   int NOT NULL,

  child_id    int NOT NULL,

  child_digest varchar(255) NOT NULL ,

  platform    varchar(255),

  urls        varchar(1024),

  annotations jsonb,

  FOREIGN KEY (parent_id) REFERENCES artifact(id),

  FOREIGN KEY (child_id) REFERENCES artifact(id),

  CONSTRAINT  unique_reference UNIQUE (parent_id, child_id)

);

 

A possible fix could be to add platform and annotations to the uniquness set:

 

CREATE TABLE artifact_reference

(

  ...

  CONSTRAINT  unique_reference UNIQUE (parent_id, child_id, platform, annotations)

);

 

What do you think about the issue?

 

KInd regards,

 

Gábor

 


🎉Harbor 2.5.0 is OUT🎉

Orlin Vasilev
 

Community,
We are SUPER happy to share the link to the newest release https://github.com/goharbor/harbor/releases/tag/v2.5.0
Full release notes inside!

2.5 includes cosign from @projectsigstore for signing your artefacts here is a link to the blog post:

Happy Harbor Release Day! 🎉

Thanks to all contributors, maintainers and everyone who helped shipping v2.5.0 !!!

Harbor team


📣 📣 Harbor Operator 1.2.0 is released!📣 📣

Orlin Vasilev
 

Hello Harbor Community!!!

We are SUPER happy to announce that Harbor Operator 1.2.0 was just released!!!


To save you some time clicking around, here are the main lines.

Changes

  • support harbor v2.4.x
  • put registry and registryctl into one pod
  • support Azure backend storage driver
  • support Google Cloud backend storage driver
  • make the deployment of Portal optional
  • export ingress class name annotation
  • support k8s 1.23
  • bump up minio-operator v4.4.9
  • bump up redis-operator v1.1.1
  • bump up postgres-operator v1.6.3
  • bump up control-runtime v0.11.0
  • bump up client-go v0.23.0
  • refine s3 redirect spec
  • enhance support for strict k8s like openshift

Changelog

6c53deb release v1.2.0
also refer v1.2.0-rc1, v1.2.0-rc2, v1.2.0-rc3


Docker images

Deployment manifests

known issues

  • #833 minio-operator upgrade fail, need to increase worker nodes or delete old statefulset
  • #829 change secret and configmap doesn't trigger owner reconcile
  • #825 Trivy scanner not removed after remove trivy component.
  • #743 apply failed after changing internal tls from false to true
  • #641 ncp ingress not accessable when internal tls enabled
Happy upgrading!
Harbor team!


Updated Event: Harbor SIG Docs Meeting #cal-invite

harbor-users@lists.cncf.io Calendar <noreply@...>
 

Harbor SIG Docs Meeting

When:
Wednesday, March 16, 2022
9:00pm to 10:00pm
(UTC+08:00) Asia/Shanghai
Repeats: Every 2 weeks on Wednesday

Where:
https://zoom.us/j/93754881831

Organizer: Abigail McCarthy

View Event

Description:

Hello Everyone,
 
This is a recurring calendar invite for the bi-weekly Harbor SIG Docs meeting. 
 
In this meeting we'll be chatting about all things docs and will be available to answer your questions about contributing. You can view the meeting's agenda at https://github.com/goharbor/community/wiki/SIG-Docs-meeting-agenda
 
We hope to see you there!
 
To attend, use the following Zoom link: https://zoom.us/j/93754881831
 
Thanks,

Abigail
Harbor Sig Docs Lead


"Internal server error" with vulnerability scans and replication

Camellia
 

Hi everyone! I'm a newer Harbor user and would love to hear if others have experienced this issue. I am unable to run security scans on images, and the logs only show an error that says "internal server error." This same error occurs when I attempt replication from a Docker registry. There are a few Stack Overflow issues related to this, but their fixes were adding storage space or re-configuring a scanner, both of which are fine in my case. Previously, scanning and replication were both working fine, so something must have changed in my configuration but I can't figure out what or where I should start with debugging. I am running Harbor V2.0. Thanks in advance for any help!


Event: Harbor SIG Docs Meeting #cal-invite

harbor-users@lists.cncf.io Calendar <noreply@...>
 

Harbor SIG Docs Meeting

When:
Wednesday, March 16, 2022
8:00am to 9:00am
(UTC-04:00) America/New York
Repeats: Every 2 weeks on Wednesday

Where:
https://zoom.us/j/93754881831

Organizer: Abigail McCarthy

View Event

Description:

Hello Everyone,
 
This is a recurring calendar invite for the bi-weekly Harbor SIG Docs meeting. 
 
In this meeting we'll be chatting about all things docs and will be available to answer your questions about contributing. You can view the meeting's agenda at https://github.com/goharbor/community/wiki/SIG-Docs-meeting-agenda
 
We hope to see you there!
 
To attend, use the following Zoom link: https://zoom.us/j/93754881831
 
Thanks,

Abigail
Harbor Sig Docs Lead


Re: Application not accessible after deploying SSL certificates.

Yan Wang
 

Hi, please file github issue with logs, and please also provide harbor version, your configuration, and how did you install harbor.

 

Thanks,

Yan

 

From: harbor-users@... <harbor-users@...> on behalf of sujan.n via lists.cncf.io <sujan.n=cybermak.net@...>
Date: Thursday, February 24, 2022 at 14:39
To: harbor-users@... <harbor-users@...>
Subject: [harbor-users] Application not accessible after deploying SSL certificates.

Hi Team,

I am getting below error after deploying the certificates signed by Digicert CA.

Error occurred during a connection to ilharbor.xxxx.net. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG.

All harbor containers are running healthy

Please assist to solve this issues.

Best Regards,

Sujan


Application not accessible after deploying SSL certificates.

sujan.n@...
 

Hi Team,

I am getting below error after deploying the certificates signed by Digicert CA.

Error occurred during a connection to ilharbor.xxxx.net. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG.

All harbor containers are running healthy

Please assist to solve this issues.

Best Regards,

Sujan


Announcing the launch of Harbor SIG Docs!

Abigail McCarthy
 

Hello everyone,

The Harbor team is launching a new SIG Docs group focused on helping to write and maintain the Harbor docs. We are having a kick-off meeting during the Harbor community meeting next Wednesday, February 23rd at 8am Eastern Daylight Time (Timezone converter). At the meeting, we’ll go over more details about participating in the group, covering the following topics

  • The Harbor docs tools and how to set up your environment
  • How to preview the documentation locally before submitting a pull request
  • Anything else you’d like to know about helping with Harbor documentation

One of our first goals is to verify and update our Harbor interface localizations. Over the years, we’ve had several community members contribute localizations to the project but have not had a way to make sure each localization was updated each release. If you are familiar with one of the localized languages, or would like to contribute a new localization, please join us! For more information, see the localization issue or our interface localization instructions.


We hope you can join us as we start up this new initiative. As a part of this effort, you will be enriching the community for everyone by providing new and experienced users with access to the docs they need to be successful.

If you have any questions, please reach out to Orlin or I in the harbor-dev Slack.

Thanks!
Abigail & Orlin



Abigail McCarthy
Harbor SIG Docs Lead
Github: @a-mccarthy

Orlin Vasilev
Harbor Community Manager
Github: @OrlinVasilev




Updated Event: Harbor Community Meeting - China/Europe Time zone #cal-invite

harbor-users@lists.cncf.io Calendar <noreply@...>
 

Harbor Community Meeting - China/Europe Time zone

When:
Wednesday, July 31, 2019
9:00pm to 10:00pm
(UTC+08:00) Asia/Shanghai
Repeats: Every 2 weeks on Wednesday, through Tuesday, 8 February 2022

Where:
https://zoom.us/j/734959521

Organizer: Jonas Rosland jrosland@...

View Event

Description:
Hello everyone,

This is a recurring calendar invite for the bi-weekly Harbor community meetings.
There will be two meetings, one for China/Europe time zone, and one for Americas time zone
Please pick the one that fits your schedule best.

To attend, use the following Zoom link: https://zoom.us/j/734959521

Meeting notes, agenda, and recordings of past meetings and other details are located at https://github.com/goharbor/community/blob/master/MEETING_SCHEDULE.md
and
https://github.com/goharbor/community/tree/master/conf-calls


Harbor Community meeting recording 26 Jan 2022

Orlin Vasilev
 

Hi Community,

in case you missed our Community meeting on 26th of January here is the recording:

image.pngRecording: Community Meeting - 26th Jan 2022

In this epizode:)
* [Yan Wang] - Cosign integration demo
* [Orlix] - Harbor 2.5 release - date and announcement - Feb 11th - feature completion, March 11th - Release date!
* [Yan Wang] - Maintainers track KubeConEU'22
* [Abbie] - Announcement of the Technical Writing Working Group - After Chinese New Year celebrations 

Happy day everyone!

Orlix
Community Manager!


Harbor - Collecting requirements for v2.6

Orlin Vasilev
 

Community,

We are close to the release of v2.5 so it's time to start collecting the requirements and features needed in v2.6.

Please enter your topics/wishes/requirements here:

Feel free to add for discussion anything your use case or organization needs and will try to address it!

Thank you for being an active member of the community and making Harbor better!

Orlix
Harbor Community Manager


Christmas Break, no meeting until January 12th!

Orlin Vasilev
 

Hello all,

Just to inform you that we will skip all meetings until January 12th for our first Community Meeting in 2022!!

Happy Holidays all!

Orlix
Harbor Community Manager



#security Information regarding the CVE-2021-4428 - log4j RCE vulnerability and Project Harbor #security

Vadim Bauer
 

Hello Harbor Users,

since the publication of the Apache log4j Vulnerability CVE-2021-44228 on Dec. 9, 2021 the Harbor community receives frequent questions on the effects of the vulnerability to project Harbor.

Details

Project Harbor is built with Golang, and is not running or using the JVM. Nor does project Harbor use any Java library, including log4j.  
This also applies to any subsystem and auxiliary services that belong to project Harbor and the Harbor Software stack.

Impact

None


sincerely


Vadim Bauer
Project Harbor Maintainer


Re: How to handle certificates for remote registry correctly #security

daojunz
 

See Harbor faq:

https://github.com/goharbor/harbor/wiki/Harbor-FAQs

 

you could add a ca cert:

 

  1. How to add a CA cert for the LDAP server or other Harbor server?

[A] After installed the Harbor, there is a directory under common/config/shared/trust-certificates Copy the LDAP certificate, for example, ldap_ca.crt to this directory and restart the Harbor, The certificate is added to the trust store of the core container, and then you could enable “Verify Cert” in the LDAP configuration.

 

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "Dany via lists.cncf.io" <daniel.peigne=nokia.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, November 19, 2021 at 12:00 AM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] How to handle certificates for remote registry correctly #security

 

Hi,
I have posted a similar post but  not exactly the same question.

My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry
The help online states that the verify remote cert flag should be unchecked  when remote registry is using a self signed cert, so it might be normal that the connection test is failing.

In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ;
cna you elaborate on what you did  on your habor host


Re: How to handle certificates for remote registry correctly #security

Dany
 

Hi,
I have posted a similar post but  not exactly the same question.

My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry
The help online states that the verify remote cert flag should be unchecked  when remote registry is using a self signed cert, so it might be normal that the connection test is failing.

In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ;
cna you elaborate on what you did  on your habor host


What configuration needs to be done to verify remote registry certificate #security

Dany
 

Hi ,

on an Harbor, i will call "Local Harbor" in below text ,  I am creating a remote registry EndPoint i will call remote Harbor and i check in the flag "Verify remote Cert",  (see below picture), as a result, test connection failed, The same connection test is working without verifying remote cert,
I know that this might be due to remote registry configured with a self signed cert

But my question is : 
Do i need to configure something in my local harbor , for instance do i need the CA cert used to isue the remote Harbor server certificate  in order the local harbor  be able to verify remote server certificate.
if yes, can you point me to the procedure






Brs
Dany

1 - 20 of 259