Closed Meza1923 closed 5 months ago
We currently not test harbor deployment on openshift.
Could you share the details of the version of the openshift used and the version of harbor helm. For me it works without an issue
Could you share the details of the version of the openshift used and the version of harbor helm. For me it works without an issue
Openshift 4.8.19 Helm chart 1.9.2
I'm on Openshift 4.10 and using chart 1.9.1 and 1.9.3 without issue.
We do use a certSource of "secret" and have our own TLS secret created, as well as the expose.ingress.hosts.core set to a shorter URL, so we just have harbor.domain.com and a cert that is valid for that, but the routes get created as expected in that setup.
I haven't used a default tls cert on ingress, so not sure if that is specifically where your problem lies.
@Meza1923 By "the certificate of the cluster" do you mean certificate served by default?
First if the Routes are not created, that means, that something with your Ingress is not quite right.
I think I see the problem. Setting expose.tls.enabled=true
and expose.tls.certSource=none
set's secretName
in Ingress
tls section to ""
.
In order to enable default tls in OpenShift you will need to:
expose.tls.enabled
to false
route.openshift.io/termination
annotation to your Ingress
with the value edge
if you are not using internalTLS in Harbor (set expose.ingress.annotations
)route.openshift.io/termination
annotation to your Ingress
with the value reencrypt
and set route.openshift.io/destination-ca-certificate-secret
annotation accordingly (although I believe this is available in newer version of Openshift)Here is an example configuration:
expose:
type: ingress
tls:
enabled: false
ingress:
hosts:
core: my.domain
annotations:
route.openshift.io/termination: "edge"
Would be great if you could adjust the helm chart to work on Openshift 4.13.
W1219 09:28:18.347053 14086 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "core" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "core" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "core" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "core" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
You can either:
securityContext
on containers with proper valuesSecurityContextConstraint
(such as nonroot-v2
) or change PodSecurityPolicy
to "basic" instead of "restrictedThis issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.
Hey,
I'm trying to deploy harbor on OpenShift and make him use the certificate of the cluster. When I set the next values in order to achieve that, no route is being created.
expose.type=ingress expose.tls.enabled=true expose.tls.certSource=none
Could someone help with that problem?
Thanks a lot, Guy.