Open microyahoo opened 3 weeks ago
Hi, I have the same problem.
Pushing the image, it returns unauthorized. After multiple attempts, it succeeds once.
My Harbor version is v2.11.1.
Please make sure you set same token-service-private-key within all the core pods
either the default one /etc/core/private_key.pem
or the env TOKEN_PRIVATE_KEY_PATH
Hi @MinerYang, yes, we set same private key like below.
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "18"
meta.helm.sh/release-name: harbor-server
meta.helm.sh/release-namespace: harbor-server
reloader.stakater.com/auto: "true"
creationTimestamp: "2024-02-29T02:24:10Z"
generation: 20
labels:
app: harbor-core
app.kubernetes.io/managed-by: Helm
project: harbor
name: harbor-core
namespace: harbor-server
resourceVersion: "1264401268"
selfLink: /apis/apps/v1/namespaces/harbor-server/deployments/harbor-core
uid: 98269ccd-74db-46f7-80f9-5e3d7914b2c1
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app: harbor-core
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
dep.configmap.hash/app-conf: xxx
creationTimestamp: null
labels:
app: harbor-core
project: harbor
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- harbor-core
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- env:
- name: DR_META_K8S_CLUSTER_ENV
value: production
- name: DR_META_K8S_CLUSTER_NAME
value: prod-k8s-cluster
- name: METRIC_SUBSYSTEM
value: core
- name: PORT
value: "8080"
- name: STAKATER_CORE_ENV_SECRET
value: cb3de260f885a88fb66ce9b748b4afdb3b3a6d03
envFrom:
- secretRef:
name: harbor-env
- secretRef:
name: core-env
image: reg.deeproute.ai/deeproute-public/harbor-core:v2.10.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 2
httpGet:
path: /api/v2.0/ping
port: core
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 120
successThreshold: 1
timeoutSeconds: 10
name: core
ports:
- containerPort: 8080
name: core
protocol: TCP
- containerPort: 8001
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 2
httpGet:
path: /api/v2.0/ping
port: core
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 10
resources:
limits:
cpu: "8"
memory: 16Gi
requests:
cpu: "8"
memory: 16Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/core//app.conf
name: app-conf
subPath: app.conf
- mountPath: /etc/core//private_key.pem
name: private-key
subPath: private_key.pem
- mountPath: /etc/core/token
name: psc
- mountPath: /etc/core//key
name: secret-key
subPath: key
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 10000
runAsUser: 10000
terminationGracePeriodSeconds: 120
volumes:
- emptyDir: {}
name: psc
- configMap:
defaultMode: 420
name: app-conf
name: app-conf
- name: private-key
secret:
defaultMode: 420
secretName: private-key
- name: secret-key
secret:
defaultMode: 420
secretName: secret-key
status:
availableReplicas: 3
conditions:
- lastTransitionTime: "2024-02-29T02:24:10Z"
lastUpdateTime: "2024-04-15T02:45:13Z"
message: ReplicaSet "harbor-core-c599cc8c7" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
- lastTransitionTime: "2024-07-19T12:33:37Z"
lastUpdateTime: "2024-07-19T12:33:37Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
observedGeneration: 20
readyReplicas: 3
replicas: 3
updatedReplicas: 3
Hi, we deploy harbor with helm, when we try to push image from CI to harbor, but I get the following error output. And this issue cannot be reproduced consistently, but it occurs intermittently over time.
harbor version:
v2.10.0
harbor deployments
I try to find some clues from docker client like below
harbor log:
the issue https://github.com/goharbor/harbor-helm/issues/1205 mentioned there should be time syncs between teh nodes that were running core/registry. I have checked the ntp and try to run
date
in all nodes but have no lucks.harbor portal config file