|
Labels for new PRs
Orlin Vasilev
Hi All, as of today we have new labelling requirements for new PRs which you can see they were added into the PR template a few weeks ago! Keep in mind that if you do not add any of : “release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation” your PR will fail on that check! We need these labels for the release note creation process! Thank you so much! Any feedback is more than welcome! Orlix Harbor Community Manager
|
|
|
|
Re: Failing to push OCI image index with two identical manifests
Marton, Gabor (Nokia - HU/Budapest)
Hi Orlix,
the issue is also opened here: https://github.com/goharbor/harbor/issues/16718.
Greetings,
Gábor
From: harbor-users@... <harbor-users@...>
On Behalf Of Orlin Vasilev via lists.cncf.io
Sent: Wednesday, April 20, 2022 10:04 To: harbor-users@... Subject: Re: [harbor-users] Failing to push OCI image index with two identical manifests
Szia Gábor,
|
|
|
|
Re: Failing to push OCI image index with two identical manifests
Orlin Vasilev
Szia Gábor,
can you open issue here: https://github.com/goharbor/harbor/issues as well :) so others can participate and we can have a bit more readable conversation :) Orlix Harbor Community Manager
|
|
|
|
Failing to push OCI image index with two identical manifests
Marton, Gabor (Nokia - HU/Budapest)
Dear Community,
pushing an OCI image index similar to the below one fails:
cat oci-image-index.json { "schemaVersion": 2, "mediaType": "application/vnd.oci.image.index.v1+json", "manifests": [ { "mediaType": "application/vnd.oci.image.manifest.v1+json", "digest": "sha256:368fdd22c21f62f93c3d9bdbb0f26f8bf13dd984f423b174dc1ec1967e1b8a58", "size": 583, "annotations": { "org.opencontainers.image.ref.name": "project/a/b/c/kubectl:v1.23.1" } },{ "mediaType": "application/vnd.oci.image.manifest.v1+json", "digest": "sha256:368fdd22c21f62f93c3d9bdbb0f26f8bf13dd984f423b174dc1ec1967e1b8a58", "size": 583, "annotations": { "org.opencontainers.image.ref.name": "project/c/d/e/kubectl:v1.23.1" } }], "annotations": { "org.opencontainers.image.created": "2022-04-14T09:14:00.000000Z" } }
curl -k -u ... -X PUT -H ... -d @oci-image-index.json https://$HARBOR_REGISTRY/v2/$PROJECT/$REPOSITORY/manifests/$TAG { "errors": [ { "code": "NOT_FOUND", "message": "artifact .../.../...@sha256:ef52a37a715e1fc601a3488e42a08a48e9c16e9e001cd5cecf70b5bf01f04501 not found" } ] }
The error is caused by the two manifests referring to the the same image manifest.
To me, this seems like a bug. Rationale: image index (“fat manifest”) is originally meant for multi-platform support. With this in mind, it seems valid to have the same image for two different platforms, say only differing in their name.
The root cause of the error seems to be this database constraint (postgresql/0030_2.0.0_schema.up.sql):
CREATE TABLE artifact_reference ( id SERIAL PRIMARY KEY NOT NULL, parent_id int NOT NULL, child_id int NOT NULL, child_digest varchar(255) NOT NULL , platform varchar(255), urls varchar(1024), annotations jsonb, FOREIGN KEY (parent_id) REFERENCES artifact(id), FOREIGN KEY (child_id) REFERENCES artifact(id), CONSTRAINT unique_reference UNIQUE (parent_id, child_id) );
A possible fix could be to add platform and annotations to the uniquness set:
CREATE TABLE artifact_reference ( ... CONSTRAINT unique_reference UNIQUE (parent_id, child_id, platform, annotations) );
What do you think about the issue?
KInd regards,
Gábor
|
|
|
|
🎉Harbor 2.5.0 is OUT🎉
Orlin Vasilev
Community, We are SUPER happy to share the link to the newest release https://github.com/goharbor/harbor/releases/tag/v2.5.0 Full release notes inside! 2.5 includes cosign from @projectsigstore for signing your artefacts here is a link to the blog post: Happy Harbor Release Day! 🎉 Thanks to all contributors, maintainers and everyone who helped shipping v2.5.0 !!! Harbor team
|
|
|
|
📣 📣 Harbor Operator 1.2.0 is released!📣 📣
Orlin Vasilev
Hello Harbor Community!!! We are SUPER happy to announce that Harbor Operator 1.2.0 was just released!!! To save you some time clicking around, here are the main lines. Changes
Changelog 6c53deb release v1.2.0 Docker images
Deployment manifests
known issues
Happy upgrading! Harbor team!
|
|
|
|
Updated Event: Harbor SIG Docs Meeting
#cal-invite
harbor-users@lists.cncf.io Calendar <noreply@...>
Harbor SIG Docs Meeting When: Where: Organizer: Abigail McCarthy Description: Hello Everyone,
This is a recurring calendar invite for the bi-weekly Harbor SIG Docs meeting.
In this meeting we'll be chatting about all things docs and will be available to answer your questions about contributing. You can view the meeting's agenda at https://github.com/goharbor/community/wiki/SIG-Docs-meeting-agenda
We hope to see you there!
To attend, use the following Zoom link: https://zoom.us/j/93754881831
Thanks,
Abigail
Harbor Sig Docs Lead
|
|
|
|
"Internal server error" with vulnerability scans and replication
Camellia
Hi everyone! I'm a newer Harbor user and would love to hear if others have experienced this issue. I am unable to run security scans on images, and the logs only show an error that says "internal server error." This same error occurs when I attempt replication from a Docker registry. There are a few Stack Overflow issues related to this, but their fixes were adding storage space or re-configuring a scanner, both of which are fine in my case. Previously, scanning and replication were both working fine, so something must have changed in my configuration but I can't figure out what or where I should start with debugging. I am running Harbor V2.0. Thanks in advance for any help!
|
|
|
|
Event: Harbor SIG Docs Meeting
#cal-invite
harbor-users@lists.cncf.io Calendar <noreply@...>
Harbor SIG Docs Meeting When: Where: Organizer: Abigail McCarthy Description: Hello Everyone,
This is a recurring calendar invite for the bi-weekly Harbor SIG Docs meeting.
In this meeting we'll be chatting about all things docs and will be available to answer your questions about contributing. You can view the meeting's agenda at https://github.com/goharbor/community/wiki/SIG-Docs-meeting-agenda
We hope to see you there!
To attend, use the following Zoom link: https://zoom.us/j/93754881831
Thanks,
Abigail
Harbor Sig Docs Lead
|
|
|
|
Re: Application not accessible after deploying SSL certificates.
Yan Wang
Hi, please file github issue with logs, and please also provide harbor version, your configuration, and how did you install harbor.
Thanks, Yan
From:
harbor-users@... <harbor-users@...> on behalf of sujan.n via lists.cncf.io <sujan.n=cybermak.net@...> Hi Team,
|
|
|
|
Application not accessible after deploying SSL certificates.
sujan.n@...
Hi Team,
I am getting below error after deploying the certificates signed by Digicert CA. Error occurred during a connection to ilharbor.xxxx.net. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG. All harbor containers are running healthy Please assist to solve this issues. Best Regards, Sujan
|
|
|
|
Announcing the launch of Harbor SIG Docs!
Abigail McCarthy
Hello everyone,
Orlin Vasilev
The Harbor team is launching a new SIG Docs group focused on helping to write and maintain the Harbor docs. We are having a kick-off meeting during the Harbor community meeting next Wednesday, February 23rd at 8am Eastern Daylight Time (Timezone
converter). At the meeting, we’ll go over more details about participating in the group, covering the following topics
One of our first goals is to verify and update our Harbor interface localizations. Over the years, we’ve had several community members contribute localizations to the project but have not had a way to make sure each localization was updated each release.
If you are familiar with one of the
localized languages, or would like to contribute a new localization, please join us! For more information, see the
localization issue or our
interface localization instructions.
We hope you can join us as we start up this new initiative. As a part of this effort, you will be enriching the community for everyone by providing new and experienced users with access to the docs they need to be successful.
If you have any questions, please reach out to Orlin or I in the
harbor-dev Slack.
Thanks!
Abigail & OrlinAbigail McCarthy Harbor SIG Docs Lead Github: @a-mccarthy Harbor Community Manager
Github:
@OrlinVasilev
|
|
|
|
Updated Event: Harbor Community Meeting - China/Europe Time zone
#cal-invite
harbor-users@lists.cncf.io Calendar <noreply@...>
Harbor Community Meeting - China/Europe Time zone When: Where: Organizer: Jonas Rosland jrosland@... Description:
|
|
|
|
Harbor Community meeting recording 26 Jan 2022
Orlin Vasilev
Hi Community, in case you missed our Community meeting on 26th of January here is the recording:  Recording: Community Meeting - 26th Jan 2022In this epizode:) * [Yan Wang] - Cosign integration demo * [Orlix] - Harbor 2.5 release - date and announcement - Feb 11th - feature completion, March 11th - Release date! * [Yan Wang] - Maintainers track KubeConEU'22 * [Abbie] - Announcement of the Technical Writing Working Group - After Chinese New Year celebrations Happy day everyone! Orlix Community Manager!
|
|
|
|
Harbor - Collecting requirements for v2.6
Orlin Vasilev
Community, We are close to the release of v2.5 so it's time to start collecting the requirements and features needed in v2.6. Please enter your topics/wishes/requirements here: Feel free to add for discussion anything your use case or organization needs and will try to address it! Thank you for being an active member of the community and making Harbor better! Orlix Harbor Community Manager
|
|
|
|
Christmas Break, no meeting until January 12th!
Orlin Vasilev
Hello all, Just to inform you that we will skip all meetings until January 12th for our first Community Meeting in 2022!! Happy Holidays all! Orlix Harbor Community Manager
|
|
|
|
#security Information regarding the CVE-2021-4428 - log4j RCE vulnerability and Project Harbor
#security
Hello Harbor Users, Details
Project Harbor is built with Golang, and is not running or using the JVM. Nor does project Harbor use any Java library, including log4j. ImpactNone
|
|
|
|
Re: How to handle certificates for remote registry correctly
#security
daojunz
See Harbor faq: https://github.com/goharbor/harbor/wiki/Harbor-FAQs
you could add a ca cert:
[A] After installed the Harbor, there is a directory under common/config/shared/trust-certificates Copy the LDAP certificate, for example, ldap_ca.crt to this directory and restart the Harbor, The certificate is added to the trust store of the core container, and then you could enable “Verify Cert” in the LDAP configuration.
Best regards, Stone (张道军) Software Engineer, CNA, VMware R&D
--
From: <harbor-users@...> on behalf of "Dany via lists.cncf.io" <daniel.peigne=nokia.com@...>
Hi,
|
|
|
|
Re: How to handle certificates for remote registry correctly
#security
Dany
Hi,
I have posted a similar post but not exactly the same question. My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry The help online states that the verify remote cert flag should be unchecked when remote registry is using a self signed cert, so it might be normal that the connection test is failing. In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ; cna you elaborate on what you did on your habor host
|
|
|
|
What configuration needs to be done to verify remote registry certificate
#security
Dany
Hi ,
on an Harbor, i will call "Local Harbor" in below text , I am creating a remote registry EndPoint i will call remote Harbor and i check in the flag "Verify remote Cert", (see below picture), as a result, test connection failed, The same connection test is working without verifying remote cert, I know that this might be due to remote registry configured with a self signed cert But my question is : Do i need to configure something in my local harbor , for instance do i need the CA cert used to isue the remote Harbor server certificate in order the local harbor be able to verify remote server certificate. if yes, can you point me to the procedure  Brs Dany
|
|
|