-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker push image to harbor fails with unauthorized: unauthorized to access repository
#20865
Comments
Hi, I have the same problem. Pushing the image, it returns unauthorized. After multiple attempts, it succeeds once. My Harbor version is v2.11.1. |
Please make sure you set same token-service-private-key within all the core pods |
Hi @MinerYang, yes, we set same private key like below. apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "18"
meta.helm.sh/release-name: harbor-server
meta.helm.sh/release-namespace: harbor-server
reloader.stakater.com/auto: "true"
creationTimestamp: "2024-02-29T02:24:10Z"
generation: 20
labels:
app: harbor-core
app.kubernetes.io/managed-by: Helm
project: harbor
name: harbor-core
namespace: harbor-server
resourceVersion: "1264401268"
selfLink: /apis/apps/v1/namespaces/harbor-server/deployments/harbor-core
uid: 98269ccd-74db-46f7-80f9-5e3d7914b2c1
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app: harbor-core
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
dep.configmap.hash/app-conf: xxx
creationTimestamp: null
labels:
app: harbor-core
project: harbor
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- harbor-core
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- env:
- name: DR_META_K8S_CLUSTER_ENV
value: production
- name: DR_META_K8S_CLUSTER_NAME
value: prod-k8s-cluster
- name: METRIC_SUBSYSTEM
value: core
- name: PORT
value: "8080"
- name: STAKATER_CORE_ENV_SECRET
value: cb3de260f885a88fb66ce9b748b4afdb3b3a6d03
envFrom:
- secretRef:
name: harbor-env
- secretRef:
name: core-env
image: reg.deeproute.ai/deeproute-public/harbor-core:v2.10.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 2
httpGet:
path: /api/v2.0/ping
port: core
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 120
successThreshold: 1
timeoutSeconds: 10
name: core
ports:
- containerPort: 8080
name: core
protocol: TCP
- containerPort: 8001
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 2
httpGet:
path: /api/v2.0/ping
port: core
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 10
resources:
limits:
cpu: "8"
memory: 16Gi
requests:
cpu: "8"
memory: 16Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/core//app.conf
name: app-conf
subPath: app.conf
- mountPath: /etc/core//private_key.pem
name: private-key
subPath: private_key.pem
- mountPath: /etc/core/token
name: psc
- mountPath: /etc/core//key
name: secret-key
subPath: key
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 10000
runAsUser: 10000
terminationGracePeriodSeconds: 120
volumes:
- emptyDir: {}
name: psc
- configMap:
defaultMode: 420
name: app-conf
name: app-conf
- name: private-key
secret:
defaultMode: 420
secretName: private-key
- name: secret-key
secret:
defaultMode: 420
secretName: secret-key
status:
availableReplicas: 3
conditions:
- lastTransitionTime: "2024-02-29T02:24:10Z"
lastUpdateTime: "2024-04-15T02:45:13Z"
message: ReplicaSet "harbor-core-c599cc8c7" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
- lastTransitionTime: "2024-07-19T12:33:37Z"
lastUpdateTime: "2024-07-19T12:33:37Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
observedGeneration: 20
readyReplicas: 3
replicas: 3
updatedReplicas: 3 |
similar issues: |
Hi, we deploy harbor with helm, when we try to push image from CI to harbor, but I get the following error output. And this issue cannot be reproduced consistently, but it occurs intermittently over time.
harbor version:
v2.10.0
harbor deployments
I try to find some clues from docker client like below
harbor log:
the issue goharbor/harbor-helm#1205 mentioned there should be time syncs between teh nodes that were running core/registry. I have checked the ntp and try to run
date
in all nodes but have no lucks.harbor portal config file
The text was updated successfully, but these errors were encountered: