You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It generally works, components can communicate with each other, Portal is operational etc etc. But pulling public images or logging in with docker login do not work (note that in the currently released version i.e. v2.10.0 there is a separate issue #20080 which makes symptoms entirely different, core returns 200 response with an empty token; this is what I get with my patch from #20081):
> nerdctl pull harbor.example.com/hub.docker.com/jenkins/jenkins:lts
harbor.example.com/hub.docker.com/jenkins/jenkins:lts: resolving |--------------------------------------|
elapsed: 2.4 s total: 0.0 B (0.0 B/s)
INFO[0002] trying next host error="failed to authorize: failed to fetch anonymous token: unexpected status from GET request to https://harbor.example.com/service/token?scope=repository%3Ahub.docker.com%2Fjenkins%2Fjenkins%3Apull&service=harbor-registry: 500 Internal Server Error" host=harbor.example.com
FATA[0002] failed to resolve reference "harbor.example.com/hub.docker.com/jenkins/jenkins:lts": failed to authorize: failed to fetch anonymous token: unexpected status from GET request to https://harbor.example.com/service/token?scope=repository%3Ahub.docker.com%2Fjenkins%2Fjenkins%3Apull&service=harbor-registry: 500 Internal Server Error
Error: exit status 1
Core logs ():
2024-03-03T22:45:39Z [ERROR] [/core/service/token/token.go:50]: Unexpected error when creating the token, error: x509: failed to parse private key (use ParseECPrivateKey instead for this key format)
Steps to reproduce the problem:
Try to pull public image or log in to Harbor using ECDSA certificate as internal tls CA.
Versions:
Please specify the versions of following systems.
Sure , we would like to consider this as a requirement.
To enable this we need expose key signed method and change the default options properly.
Probably not the common case for most of the users. Could you help me to learn the necessity of configure this algorithm?
This is just my default choice over RSA and I recon it will be more common into the future. I am wondering that the code could detect the type of certificate automatically without user input, even if through try-fail-retry...
Expected behavior and actual behavior:
I was using cert-manager with this:
It generally works, components can communicate with each other, Portal is operational etc etc. But pulling public images or logging in with
docker login
do not work (note that in the currently released version i.e.v2.10.0
there is a separate issue #20080 which makes symptoms entirely different, core returns 200 response with an empty token; this is what I get with my patch from #20081):Core logs ():
Steps to reproduce the problem:
Try to pull public image or log in to Harbor using ECDSA certificate as internal tls CA.
Versions:
Please specify the versions of following systems.
Additional context:
Slack thread: https://cloud-native.slack.com/archives/CC1E09J6S/p1709497679881159
The text was updated successfully, but these errors were encountered: