search

goharbor / harbor-helm

The helm chart to deploy Harbor
Apache License 2.0
1.19k stars 759 forks source link

Use private connection to Azure Blob Storage #1810

Open aechegoyan17 opened 3 months ago

aechegoyan17 commented 3 months ago

Hi,

I would like to use Azure Blob Storage to store artifacts, but due to company policies I cannot use public internet connections so I am trying to use private links. This doesn't seem possible at the moment as it currently dynamically adds the word "blob" before the specified realm (e.g. core.windows.net) somewhere, resulting in "xxx.blob.core.windows.net" instead of "xxx.privatelink.blob.core.windows.net" which is what I need. Here is an example configuration:

image

Causing the following error, due to "blob" word being added before:

image

I tried using the Distribution middleware feature but doesn't seem to work. Here is their documentation: https://distribution.github.io/distribution/storage-drivers/middleware/rewrite/

Thank you

MinerYang commented 2 months ago

Would you try to disableredirect:true https://github.com/goharbor/harbor-helm/blob/44f6a8ffd6a73fb04f9c3b0b2789637750bab3d7/values.yaml#L185

EduGoma commented 1 month ago

Hello, I have changed it to true disableredirect: true and it still modifies the url. panic: Put "https://harborstorage.**blob**.privatelink.blob.core.windows.net/harborimages?restype=container"

configuration:

      disableredirect: true
    # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
    # The secret must contain keys named "ca.crt" which will be injected into the trust store
    # of registry's containers.
    # caBundleSecretName:

    # Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
    # "oss" and fill the information needed in the corresponding section. The type
    # must be "filesystem" if you want to use persistent volumes for registry
    type: azure
    filesystem:
      rootdirectory: /storage
      #maxthreads: 100
    azure:
      accountname: "harborstorage"
      accountkey: ""
      container: harborimages
      realm: privatelink.blob.core.windows.net  
      # # To use existing secret, the key must be AZURE_STORAGE_ACCESS_KEY
      existingSecret: ""

thanks for your help

aechegoyan17 commented 1 month ago

Sorry for the late reply, I have been quite busy.

I tried the redirect setting without success, but I think it won't work anyway due to it actings like a CDN, where Azure Blob Storage answers the request directly.