The harbor-notary-signer pod fails to start in a Harbor installation under Tanzu Kubernetes Grid 1.4
Article ID: 317059
Updated On:
Products
Tanzu Kubernetes Grid
VMware Tanzu Kubernetes Grid 1.x
Issue/Introduction
Symptoms:
- You have installed or upgraded the Harbor package in Tanzu Kubernetes Grid (TKG) 1.4.
- You see that the status of the package (tanzu package installed get harbor -n <namespace>) is Reconcile failed.
- The status of the harbor-notary-signer pod is CrashLoopBackOff.
- You see messages similar to the following in the harbor-notary-signer pod logs:
{"level":"info","msg":"Version: 0.6.1, Git commit: d6e1431f","time":"2021-09-11T01:50:44Z"}{"level":"fatal","msg":"Could not read config at :/etc/notary/server-config.postgres.json, viper error: open : no such file or directory","time":"2021-09-11T01:50:44Z"}
Environment
VMware Tanzu Kubernetes Grid 1.x
VMware Tanzu Kubernetes Grid Plus 1.x
VMware Tanzu Kubernetes Grid Plus 1.x
Resolution
This is a known issue affecting the Harbor package in TKG 1.4. There is currently no resolution.
Workaround:
To workaround this issue use the following procedure to patch the Harbor package.
Workaround:
To workaround this issue use the following procedure to patch the Harbor package.
- Create a file named overlay-notary-signer-image-fix.yaml with the following contents:
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.and_op(overlay.subset({"kind": "Deployment"}), overlay.subset({"metadata": {"name": "harbor-notary-signer"}}))
---
spec:
template:
spec:
containers:
#@overlay/match by="name",expects="0+"
- name: notary-signer
image: projects.registry.vmware.com/tkg/harbor/notary-signer-photon@sha256:4dfbf3777c26c615acfb466b98033c0406766692e9c32f3bb08873a0295e24d1
#@overlay/match by=overlay.and_op(overlay.subset({"kind": "Deployment"}), overlay.subset({"metadata": {"name": "harbor-notary-signer"}}))
---
spec:
template:
spec:
containers:
#@overlay/match by="name",expects="0+"
- name: notary-signer
image: projects.registry.vmware.com/tkg/harbor/notary-signer-photon@sha256:4dfbf3777c26c615acfb466b98033c0406766692e9c32f3bb08873a0295e24d1
- Issue a command similar to the following to create a secret from the file created in Step 1:
kubectl -n <Harbor namespace> create secret generic harbor-notary-singer-image-overlay -o yaml --dry-run=client --from-file=overlay-notary-signer-image-fix.yaml | kubectl apply -f -
Note: Replace <Harbor namespace> with the name of the namespace where the Harbor package is installed.
Note: Replace <Harbor namespace> with the name of the namespace where the Harbor package is installed.
- Issue a command similar to the following to patch the Harbor package:
kubectl -n <Harbor namespace> annotate packageinstalls harbor ext.packaging.carvel.dev/ytt-paths-from-secret-name.0=harbor-notary-singer-image-overlay
Note: Replace <Harbor namespace> with the name of the namespace where the Harbor package is installed.
Note: Replace <Harbor namespace> with the name of the namespace where the Harbor package is installed.
Feedback
Yes
No
Powered by
