|
Limiting label assigning permissions
Julia Vitória Cardoso
Hi there. We are working with labels in Harbor to configure replication of images, but because of this we need to limit who can assign a label to certain image, as this label will provide the replication of the image after approval.
Is this possible?
|
||
|
|
||
|
Re: PersistentVolumeClaims issue on jobservice
Gaurav Negi
After I disabled persistence in value files, it generated the right template and using that I was able to deploy in k8s cluster. Thanks -Gaurav
On Fri, Mar 13, 2020 at 5:31 PM Gaurav Negi <gaurav.negi@...> wrote:
|
||
|
|
||
|
RES: [harbor-users] Configuring LDAP Auth retrieves random AD groups to Harbor
Julia Vitória Cardoso
Thanks for answering. Just checked the issues and found an open issue with this problem. Added informations there and will keep an eye on it.
Thanks again.
De: harbor-users@... <harbor-users@...>
Em nome de daojunz via Lists.Cncf.Io
Julia,
Could you please open an issue in github?
Best regards, Stone (张道军) Software Engineer, CNA, VMware R&D
--
From: <harbor-users@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Hello, and thanks you all for this amazing message group.
|
||
|
|
||
|
PersistentVolumeClaims issue on jobservice
Gaurav Negi
Dear Harbor experts, Can you please help me fix the issue I am facing? I deployed Harbor via using Helm. (generated k8s manifest using helm and then applying kubectl). 1. My jobservice POS are not coming up. All other pods are running. prod-harbor-harbor-jobservice-65465446bb-6m6gl 0/1 Pending 0 27m prod-harbor-harbor-jobservice-65465446bb-7n4km 0/1 Pending 0 27m prod-harbor-harbor-jobservice-65465446bb-8mjcc 0/1 Pending 0 27m 2. Describing pods it says Events: Type Reason Age From Message ---- ------ ---- ---- -------
Warning FailedScheduling 18s (x16 over 20m) default-scheduler pod has unbound immediate PersistentVolumeClaims (repeated 6 times) Some complaint about PersistentVolumeClaims 3. My manifest file says following about the jobservice. --- # Source: harbor/templates/jobservice/jobservice-pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: prod-harbor-harbor-jobservice annotations: helm.sh/resource-policy: keep labels: heritage: Helm release: prod-harbor chart: harbor app: "harbor" component: jobservice spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi ---
|
||
|
|
||
|
Re: Configuring LDAP Auth retrieves random AD groups to Harbor
daojunz
Julia,
Could you please open an issue in github?
Best regards, Stone (张道军) Software Engineer, CNA, VMware R&D
--
From: <harbor-users@...> on behalf of "julia.cardoso via Lists.Cncf.Io" <julia.cardoso=saqueepague.com.br@...>
Hello, and thanks you all for this amazing message group.
|
||
|
|
||
|
Configuring LDAP Auth retrieves random AD groups to Harbor
Julia Vitória Cardoso
Hello, and thanks you all for this amazing message group.
Does anyone had an issue of ldap retrieving groups that were not supposed to be retrieved? We are facing an issue after configuring active directory to authenticate users in our Harbor fresh installation. The connection works just fine: We created a group to users who need the basic access, then the configuration in Harbor is using a LDAP filter to look after users in this group. This was the only way we could restrinct to only members of the group "harbor_access_whatever". Works just fine. The problem is that after logging with said users, harbor brings a lot of random groups from AD and sets them as a Harbor Group. When i say random groups, it means "Domain Users", "Whatever_other_tool_we_use_access", etc. I think one connection may be that the user that logs in harbor has access in this groups? I am not sure. Then I thought it was configuration problem of the groups retireving config, but no matter what I put there it does the same. I tried to: - Configure just the group i wanted to look at - Let it empty - Put an LDAP filter to validate if the groups are member of harbor specific group - Manually deny reading permission at certain groups for the consulting user for harbor in Active Directory. - Deleting the groups direct on Postgres database. When user logs, groups come back from the ashes - a lot of other things i do not remember. It was a lot of try and error. I am exausted, heh. Does anyone has an tip for me?
|
||
|
|
||
|
Data migration of harbour
#cal-invite
gamebouy09@...
I need to migrate my harbor instance to a new machine - the existing machine is running out of storage and also it is running with Ubuntu-16.04. So I have provisioned a new Ubuntu-18.04 with bigger storage (NFS mount). As my existing harbor has lots of images stored (~2TB), I need to migrate them to the new machine. Has anyone done this before? Would be a great help if you can share your experience.
Current harbor version: v1.8.0 Target version: v1.10.0
|
||
|
|
||
|
Re: Unable to sync images from hub.docker.com
Prasad K <email.kprasad@...>
Yes, I'm replicating images under library. I cleared the credentials and did a test connection and got the same error message. This is what I found from the logs after clicking test connection: ---- Feb 18 07:11:09 host-name core[12699]: 2020-02-18T07:11:09Z [WARNING] Schemas [] are unsupported Feb 18 07:11:09 host-name core[12699]: 2020-02-18T07:11:09Z [WARNING] empty realm, skip Feb 18 07:11:10 host-name core[12699]: 2020-02-18T07:11:10Z [ERROR] [target.go:65]: failed to ping target: 404 ---- The endpoint URL is "https://hub.docker.com". Is there something missing in my configuration ? Thanks, Prasad
|
||
|
|
||
|
Re: Unable to sync images from hub.docker.com
Steven Zou
Test connection failed means the harbor service cannot connect to the docker hub and then the replication will be definitely failed. For replicating images under library, you do not need to provide credentials. You can clear the credential and do “Test Connection” again (uncheck the “Verify remote cert” too).
As far as I know, docker hub replication adapter is working well so far.
If the issue is still existing, you can raise an issue in our GitHub repo and provide related contexts/logs for debugging.
thanks®ards -- Steven Zou(邹佳)
Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer
Mail: szou@... GitHub: github.com/steven-zou Cell: +8618600021252 Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China
From: <harbor-users@...> on behalf of "Prasad K via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Hi Steven,
I tired but still the same result. I also checked the logs and could find only this : ----- Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] | 182.74.75.171|#033[42m 200 #033[0m| 4.135711ms| match|#033[46m POST #033[0m /api/replications r:/api/replications#033[0m Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}} -----
Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue. ---- root [ /harbor ]# curl -I https://hub.docker.com HTTP/1.1 200 OK Date: Tue, 18 Feb 2020 06:55:49 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2110 ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o" Vary: Accept-Encoding Server: nginx X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 -----
Thanks, Prasad
|
||
|
|
||
|
Re: Unable to sync images from hub.docker.com
email.kprasad@...
Hi Steven, I tired but still the same result. I also checked the logs and could find only this : ----- Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] replication signal for policy 5 sent Feb 18 06:46:00 host-name core[12699]: 2020/02/18 06:46:00 #033[1;44m[D] [server.go:2619] | 182.74.75.171|#033[42m 200 #033[0m| 4.135711ms| match|#033[46m POST #033[0m /api/replications r:/api/replications#033[0m Feb 18 06:46:00 host-name core[12699]: 2020-02-18T06:46:00Z [INFO] Handle notification with topic 'StartReplication': notification.StartReplicationNotification{PolicyID:5, Metadata:map[string]interface {}{"op_uuid":"539253553bd54e728ac9d79c39a214e3"}} ----- Also I just noticed, the registry endpoint which I added for DockerHub, on clicking "Test Connection" it says failed to ping endpoint. Could this be the issue ? But I'm able to curl the endpoint from the harbor node successfully, so connectivity is not an issue. ---- root [ /harbor ]# curl -I https://hub.docker.com HTTP/1.1 200 OK Date: Tue, 18 Feb 2020 06:55:49 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2110 ETag: W/"83e-soAKjyBJXD/TFDFDjBU9dyLtT5o" Vary: Accept-Encoding Server: nginx X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 ----- Thanks, Prasad
|
||
|
|
||
|
Re: Unable to sync images from hub.docker.com
Steven Zou
Can you try the following pattern:
Repository : library/redis* Tag: latest
And check what happen?
thanks®ards -- Steven Zou(邹佳)
Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer
Mail: szou@... GitHub: github.com/steven-zou Cell: +8618600021252 Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China
From: <harbor-users@...> on behalf of "email.kprasad via Lists.Cncf.Io" <email.kprasad=gmail.com@...>
Hi All,
Under Replications:
|
||
|
|
||
|
Unable to sync images from hub.docker.com
email.kprasad@...
Hi All,
I'm trying to test image replication from hub.docker.com but nothing happens after clicking "REPLICATE" button. The following are settings: Harbor Version v1.7.5-a8f6543a Under Registries:
In the "source images filter" field I tried various combinations of repo name, like just "dnsmasq" and "andyshinn/dnsmasq". I also tried replicating different repo like "_/python", but still facing the same issue, not able to replicate. Any idea what could be the issue ? Regards, Prasad
|
||
|
|
||
|
Re: Public projects
Daniel Jiang
I don’t think there’s a way to achieve that.
Best Regards — Daniel Jiang | 姜坦 Engineer, VMware R&D, Beijing +86 10-59934536
On 2020/2/10, 4:18 PM, "harbor-users@... on behalf of n.rusanov via Lists.Cncf.Io" <harbor-users@... on behalf of n.rusanov=gmail.com@...> wrote:
Hi!
|
||
|
|
||
|
Public projects
n.rusanov@...
Hi!
How to disable the ability to make projects public? The user can create a project and make it publicly available. It is necessary to retain the ability to create projects, but to remove the ability to make projects with public access.
|
||
|
|
||
|
Re: Admin password not working if using external database
Gaurav Negi
Dear Harbor users, Please ignore this email. I am good now. Issue was with the DB instance I created with AWS RDS. After fixing it it works. Thanks -Gaurav
|
||
|
|
||
|
Re: Enterprise support for Harbor
Michael Michael <michmike@...>
In the open source community, we do offer best-effort support for Harbor. Please see this page for our support statement.
https://github.com/goharbor/harbor/blob/master/RELEASES.md thanks!
|
||
|
|
||
|
Re: Harbor integration with Okta
Gaurav Negi
Thank you Daniel. It worked after I did fresh install of Harbor on a new VM. And Integrated it with OIDC Okta. It works perfectly. Thank you.
|
||
|
|
||
|
Admin password not working if using external database
Gaurav Negi
Dear Harbor users, Apologies for spanning. But I think there is a bug in harbor. I am using harbor Version v1.9.4-49eb397c 1. I install a fresh new harbor on a new VM. I put external database in AWS RDS, with my harbor.yml file looks like this  2. When I brought up the harbor (using sudo ./install.sh) From UI, it is not accepting admin password. Which I have put default "Harbor12345" and I am seeing screen below.  3. But if I change it to local database. and bring up harbor. It accepts admin password as "Harbor12345" Can you please suggest? How can I use external database? If using that, what will be the admin password? Thanks -Gaurav
|
||
|
|
||
|
Re: Password not working for admin user after changing to external database.
erikdewaard@...
Well that come of as toxic. Unsubscribe
|
||
|
|
||
|
Re: Password not working for admin user after changing to external database.
Daniel Jiang
Hello,
This mailing list is for Harbor users, however, for problem like you mentioned in original Email, which requires trouble shooting and potentially some back and forth, github issue is a more efficient way for communication.
Best Regards — Daniel Jiang | 姜坦 Engineer, VMware R&D, Beijing +86 10-59934536
On 2020/1/21, 12:36 PM, "harbor-users@... on behalf of Gaurav Negi via Lists.Cncf.Io" <harbor-users@... on behalf of gaurav.negi=gmail.com@...> wrote:
Is this mailing list not for harbor users?
On Mon, Jan 20, 2020 at 8:33 PM xalex via
Lists.Cncf.Io <xalex=vmware.com@...> wrote:
|
||
|
|
