giftdr.blogg.se - Image mixer 3 registry broken

I believe that case described in the p.3 of the Findings section is incorrect as it changes the name of the docker image not only in the docker registry part.

Harbor behaves in a different way during the replication processes described in the p.3 and p.4 of the Findings section.

If yes, which ones and do you have any preferred ways for that? Summary

So I assume that starting from v2.1.0, harbor_core has a memory leak please let me know if you still want me to share the logs with you. The highest load for the v2.0.3 node was observed: harbor_core used 2.3% of RAM, 16.4% of CPU, and overall LA wasn't higher than 5. Even after two hours after replication was able to successfully finish (a quite rear case), the harbor_core process was still consuming 71% of RAM, 1.5% of CPU. harbor_core process also consumed those cases, when replication was able to successfully complete, the harbor_core process uses more than 80% of RAM and 15% of CPU. This leads to a huge LA and, in most of the cases, to DoS.ĥ.2.

Both nodes running on v2.1.x Harbor versions consumes all the available RAM.So docker image name changes only in the registry name part. In case_2, GitLab's Docker image /docker/jenkins/slave from the GitLab project docker/jenkins was replicated to the Harbor in the following way: /docker-demo-docker/jenkins/slave.So Docker image name changes not only in registry name. In case_1, GitLab's Docker image /docker/jenkins/slave from the GitLab project docker/jenkins was replicated to the Harbor in the following way: /docker-demo-docker/slave.I observed that replication on v2.1.x runs much faster than on v2.0.3, but (at least) in my cases, then finishes later (the reason described in p.5).I wasn't able to reproduce the Harbor error /jwt/auth?scope=repository%!A(MISSING)%!F(MISSING)%!F(MISSING) I shared it the original message.I collected LA and resource consumption by the Harbor processes (top five).case_2: the project wasn't specified, so replication was done as-is (to the docker project).all three setups had the same replication config:.S3 was used as a storage backend for the registry.I tested replication on three different nodes (t3.large).I guess that now I managed to solve all of them, and this is what I have to share: Setup Hi for the delay I was busy with testing as sometimes I faced some controversial results. Please specify the versions of following systems.

If many projects should be replicated, the replication of the ///:tag image will cause DoS for the Harbor.

Replication will fail without having ///:tag.

Setup a replication in Harbor to replicate /** from GitLab to a Harbor.

I assume might also be true for other Docker Registries.

Create a GitLab Project in some Group and push into it a Docker image with the following name ///:tag.

It is also looks like this causes DoS for the Harbor node as all the CPU and RAM resources are drained. Harbor fails the replication (Error) of the Docker image ///:tag to a ///:tag. Harbor successfully does the pull-cased replication of the Docker image ///:tag to a ///:tag without any issues. This project needs to be replicated into the following Harbor project: ///:tag Expected behavior Image to replicate (GLCR): /group/project/image:latest Some of the docker images stored in the GLCR have name similar to the following: This issue has been faced wile setting up a replication from the GitLab Container Registry (GLCR) to the Harbor one. It is also possible to push ///:tag image directly to Harbor without any issues. Images that have //:tag name replicate without any issues. It also seems like in such cases replication process drains all the available CPU and RAM resources leading to DoS. Starting from the Harbor v2.1.0 the replication of the docker images that have name ///:tag is broken.