I'm trying to deploy Harbor(private docker registry) on k8s cluster(provisioned by Rancher) using helm(values.yaml). below is my valuse.yaml.
Network
I have nginx front of k8s ingress nginx controller.
nginx(http 301 redirect to https, ex. http://harbor.mydomain.com -> https://harbor.ssgadm.com) -> ingress-nginx -> harbor serviceHarbor with nginx
https://github.com/goharbor/harbor/blob/master/docs/1.10/install-config/troubleshoot-installation.md#using-nginx-or-load-balancing
Harbor team says if Harbor is running behind an nginx proxy, remove header 'X-Forwarded-Proto', so I added ingress annotation in values.yaml
Here are my problems.
1. succeeded login docker, but failed to push docker image with message : denied: requested access to the resource is denied
- cannot see minio registry endpoint at harbor web page
couldn't find any endpoints!
So, could you help me solve problems?
---
harborAdminPassword: "admin"
secretKey: "add-your-secret0"
logLevel: "info"
expose:
type: "ingress"
ingress:
hosts:
core: "harbor.mydomain.com"
notary: "harbor.notary.mydomain.com"
annotations:
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.org/server-snippets: |
location / {
proxy_hide_header 'X-Forwarded-Proto'
}
location /v2/ {
proxy_hide_header 'X-Forwarded-Proto'
}
location /service/ {
proxy_hide_header 'X-Forwarded-Proto'
}
loadBalancer:
IP: ""
tls:
enabled: false
secretName: ""
externalURL: "https://harbor.mydomain.com"
persistence:
imageChartStorage:
type: "s3"
disableredirect: true
azure:
accountname: ""
accountkey: ""
container: ""
gcs:
bucket: ""
encodedkey: ""
s3:
bucket: "docker"
region: "us-east-1"
accesskey: "minio"
secretkey: "minio"
regionendpoint: "https://minio.mydomain.com"
oss:
bucket: ""
region: ""
accesskeyid: ""
accesskeysecret: ""
swift:
authurl: "https://storage.myprovider.com/v3/auth"
username: ""
password: ""
container: ""
enabled: true
persistentVolumeClaim:
registry:
storageClass: "nfs-provisioner"
size: "1Gi"
existingClaim: ""
chartmuseum:
storageClass: "nfs-provisioner"
size: "1Gi"
existingClaim: ""
jobservice:
storageClass: "nfs-provisioner"
size: "1Gi"
existingClaim: ""
database:
storageClass: "nfs-provisioner"
size: "1Gi"
existingClaim: ""
redis:
storageClass: "nfs-provisioner"
size: "1Gi"
existingClaim: ""
jobservice:
jobLogger: "database"
database:
type: "internal"
external:
host: ""
username: ""
password: ""
coreDatabase: "registry"
clairDatabase: "clair"
notaryServerDatabase: "notary_server"
notarySignerDatabase: "notary_signer"
sslmode: "disable"
port: "5432"
redis:
type: "internal"
external:
host: ""
port: "6379"
password: ""
clair:
enabled: true
notary:
enabled: false
chartmuseum:
enabled: true
cert:
enabled: true
