Docker version: 17.12.1-ce
Current setup is: Harbor running on Kubernetes. Harbor itself is http access which is fronted by nginx ingress controller with https.
I can log into Harbor UI and create a new project (project name: abc. Made the project public too) without problem. The Harbor UI is accessed via hostname harbor-node.
The problem arises when trying to push a docker image into Harbor's registry using docker client. From linux node I run the following commands:
docker login harbor-node -u myusername -p mypassword (this succeeds)
docker tag abc/project:latest harbor-node/abc/project:latest (this succeeds)
docker push harbor-node/abc/project:latest (this fails. See output below)
The push refers to repository [docker.io/harbor-node/abc/project]
d1895ea63a00: Preparing
65c76a27c619: Preparing
...
283295471e69: Waiting
eb2488962fa6: Waiting
...
e27a10675c56: Waiting
denied: requested access to the resource is denied
Looking at the output I can see it is prefixing docker.io in front of harbor-node. I am assuming that it is trying to go to default registry even though I am logging into my harbor-node registry? I understand the only way to point docker to a different registry is specify it during docker login command... Any help on this would be appreciated.
Cheers,
PM
ponderMuse
All 5 comments
This issue has been resolved. The problem was actually in the kubernetes nginx ingress controller and ingress into Harbor service configurations where I needed to specify the full fqdn to the node and not just the hostname. And thereafter do the docker login/tag and push as follows:
docker login harbor-node.domain.net -u myusername -p mypassword (this succeeds)
docker tag abc/project:latest harbor-node.domain.net/abc/project:latest (this succeeds)
docker push harbor-node.domain.net/abc/project:latest (this now succeeds too)
ponderMuse
on 15 Mar 2018
I also encountered the same error when I pushed the mirror image after logging in.The reason is that I simply used the hostname of the node instead of full fqdn
Follow the steps below to solve:
- Modify the harbor configuration file.
$ vim /usr/local/harbor/harbor.cfg
#hostname = node2
hostname = node2.gajun.com - Reread configuration file harbor.cfg.
$ docker-compose down -v
$ docker-compose up -d - Modify the client docker configuration file
$ vim /etc/docker/daemon.json
"insecure-registries": ["node2.gajun.com"]
$ systemctl daemon-reload
$ systemctl reload docker.service - Sign in again and push image to harbor.
$ docker login -u s23gajun -p
$ docker image push node2.gajun.com/library/busybox:latest
s23xiaojia
on 14 Jan 2019
I have integrated Harbor with LDAP. Login to harbor with normal account is OK, but when I push images to harbor, it shows the denied error.
When I login with admin account, push success, don't know why.
Any suggestion?
navono
on 23 Apr 2019
I have integrated Harbor with LDAP. Login to harbor with normal account is OK, but when I push images to harbor, it shows the
deniederror.
When I login withadminaccount, push success, don't know why.
Any suggestion?
Did u add accounts to repo member list?
popalex1990
on 13 Sep 2019
I have integrated Harbor with LDAP. Login to harbor with normal account is OK, but when I push images to harbor, it shows the
deniederror.When I login with
adminaccount, push success, don't know why.Any suggestion?
Hi @navano, have you found solutions for this?
funky81
on 22 Feb 2020
Related issues
xiaosadexiaohai
·
3Comments
abououdine
·
3Comments
moooofly
·
3Comments
andrewtchin
·
3Comments
problame
·
3Comments
Most helpful comment
I also encountered the same error when I pushed the mirror image after logging in.The reason is that I simply used the hostname of the node instead of full fqdn
Follow the steps below to solve:
$ vim /usr/local/harbor/harbor.cfg
#hostname = node2
hostname = node2.gajun.com
$ docker-compose down -v
$ docker-compose up -d
$ vim /etc/docker/daemon.json
"insecure-registries": ["node2.gajun.com"]
$ systemctl daemon-reload
$ systemctl reload docker.service
$ docker login -u s23gajun -p
$ docker image push node2.gajun.com/library/busybox:latest