Harbor: Unable to add k8s.gcr.io - Unable to parse json key.

Created on 24 Apr 2020  ·  8Comments  ·  Source: goharbor/harbor

I wanted to pull kubernetes control plane images from k8s.gcr.io, onto my local harbor instance.

image

I tried all the options in the drop-down,
gcr.io
us.gcr.io
eu.gcr.io
asia.gcr.io

Logs in harbor-core
I referred to https://github.com/goharbor/harbor/issues/7784, however in my case I was able to ping/curl the gcr.io endpoints perfectly fine.
sample

harbor [ /harbor ]$ curl https://k8s.gcr.io
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://cloud.google.com/container-registry/">here</A>.
</BODY></HTML>
harbor [ /harbor ]$ 
harbor [ /harbor ]$ curl https://gcr.io
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://cloud.google.com/container-registry/">here</A>.
</BODY></HTML>

harbor version: 1.10.1
docker engine version: 19.03.7
docker-compose version: 1.25.4

arereplication kinbug
Source
picture bjethwan

All 8 comments

@bitsf

Let's take a look at what happened. I also tried before, it really does not work. I'm also wondering if the images of k8s.gcr.io are public ones, how can I directly replicate them without JSON key?

steven-zou picture steven-zou on 26 Apr 2020

You should input the entire json in the textarea.
image

The key is something like
image

And your account should have Storage Admin role in IAM setting
image

And in replication rule, you should also input the namespace
image
image

And the replication can work as
image

bitsf picture bitsf on 26 Apr 2020

@bitsf
Do I need this even for public k8s control plane images?
I am not using GCR for more than replicating k8s images.

bjethwan picture bjethwan on 27 Apr 2020

@bjethwan Yes, we need credential, this is because GCR _catalog API which we use to list repositories need authorization.

bitsf picture bitsf on 30 Apr 2020

@bitsf Currently Habor does not allow users to add gcr endpoint without credentials. But Docker client can pull distroless images from gcr.io without any credential. Really no method to pull public images from gcr.io without credential using Harbor?

soulawaker picture soulawaker on 16 May 2020
👍1

@soulawaker

Have you tried to replicate public GCR images with the Docker Registry adapter?

I tried to replicate k8s.gcr.io by the Docker Registry adapter without providing json_key, it does work.

cc @bitsf

steven-zou picture steven-zou on 20 May 2020
👍1

if you don't need use * to filter, you can use docker registry adapter.

bitsf picture bitsf on 20 May 2020

@steven-zou

OK, I confirmed to work.

  1. Go to the Administraion > Registries.
  2. Create New Endpoint with docker-registry as a Provider and https://gcr.io as an Endpoint URL.
  3. Apply that registry to the Replication Rule.

Thanks for suggesting workaround.

soulawaker picture soulawaker on 30 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mramanathan picture mramanathan  ·  3Comments
steveal picture steveal  ·  3Comments
pingcrosby picture pingcrosby  ·  3Comments
andrewtchin picture andrewtchin  ·  3Comments
izhichao picture izhichao  ·  3Comments