search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
23.63k stars 4.72k forks source link

missing docker images: http status code: 404 #20465

Closed SebastianStrajan closed 6 days ago

SebastianStrajan commented 3 months ago

Expected behavior and actual behavior: We upgraded from a single instance older version of harbor with CIFS storage to a distributed harbor setup deployed inside kubernetes with S3 storage and now we are getting complaints that images are missing randomly, especially when k8s clusters are upgraded and older apps that haven't been deployed for a while are redeployed.

When I go to a image with problems I can't scan it or see the build layers if I click the Build History button I get the following: http status code: 404, body: {"errors":[{"code":"MANIFEST_UNKNOWN","message":"manifest unknown","detail":{"Name":"dummysample/dummysample-bla-bla","Revision":"sha256:4d727.....76e93e"}}]}

Steps to reproduce the problem: Don't know what is causing this to be able to reproduce. Found multiple cases with a similar issue for harbor but when they tried to do deletes/push requests. We want to avoid losing images.

Not sure if this is caused by harbor GC or redis or due to the S3 storage that we are using (a few weeks back versioning was activated and we are planning on checking if the layers are still there to be sure there aren't any issues with the storage part on our end).

Versions: Please specify the versions of following systems.

Additional context: Error response from daemon: manifest for registry-domain/dummysample/dummysample-bla-bla:1 not found: manifest unknown: manifest unknown

Any ideas why this is happening?

Thanks, Sebastian

MinerYang commented 3 months ago

Looks like during the transfer from CIFS storage to S3 storage, the files in registry volume are not persistent. You could check inside the registry container the existence of this manifest

kubectl exec -it <harbor-registry>  -c registry -n <namespace> -- /bin/bash
cat /storage/docker/registry/v2/blobs/sha256/4d/4d727.....76e93e/data
SebastianStrajan commented 3 months ago

We did not do any raw transfer. Most images have been pushed in both registries during the last 6 months, so there shouldn't be any corruptions cause by this. And for a couple of projects there was a replication done prior to the transition to ensure all images are there.

Found problems for both types of 'transfers'. We are considering an harbor upgrade but not sure if this will be a fix.

github-actions[bot] commented 1 month ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] commented 6 days ago

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.