Map domain to harbor proxied registry

[dioguerra]

For example, i want to map my Harbor proxied docker.io project by means of a domain.

dockerio-registry.foo.bar -> registry.foo.bar/docker.io

The use case is configuring the pull-through cache directly in the docker daemon, as subpaths are not allowed. This does not work:

{
  "registry-mirrors": ["https://registry.foo.bar/docker.io"]
}

So something like this is required:

{
  "registry-mirrors": ["https://dockerio-registry.foo.bar"]
}

[reasonerjt]

Let me clarify, is docker.io a proxy cache project?

I don't think we can map a project's URI to a host.

[dioguerra]

I can almost do it, but im having a 401 unauthorized error. I manage to have the same errors with 2 different configurations.
One using the server-script from nginx reverse proxy, the other way by duplicating the ingress rules to a new "virtual host"

I dont have the currect setup anymore, but it was something like:

      nginx.ingress.kubernetes.io/server-snippet: |
        if ($host ~ "dockerio-registry-staging.foo.bar")
        {
            rewrite ^https://dockerio-registry-staging.foo.bar(/docker.io)/v2(/.*)$ https://registry-staging.foo.bar/v2$1$2
        }

OR

cat templates/proxy.yaml 
{{- range $domain,$project := .Values.domains.proxy }}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    {{ $.Values.harbor.expose.ingress.annotations | toYaml | nindent 4 }}
    nginx.ingress.kubernetes.io/rewrite-target: /v2/{{ $project }}/$2
  name: harbor-staging-harbor-ingress-{{ $domain }}
spec:
  rules:
  - host: {{ $domain }}-{{ $.Values.harbor.expose.ingress.hosts.core }}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: {{ $.Release.Name }}-harbor-portal
          servicePort: 80
      - path: /api
        pathType: Prefix
        backend:
          serviceName: {{ $.Release.Name }}-harbor-core
          servicePort: 80
      - path: /service
        pathType: Prefix
        backend:
          serviceName: {{ $.Release.Name }}-harbor-core
          servicePort: 80
      - path: /v2(/|$)(.+)
        pathType: Prefix
        backend:
          serviceName: {{ $.Release.Name }}-harbor-core
          servicePort: 80
      - path: /chartrepo
        pathType: Prefix
        backend:
          serviceName: {{ $.Release.Name }}-harbor-core
          servicePort: 80
      - path: /c
        pathType: Prefix
        backend:
          serviceName: {{ $.Release.Name }}-harbor-core
          servicePort: 80
  tls:
  - hosts:
    - {{ $domain }}-registry-staging.foo.bar
    secretName: {{ $.Release.Name }}-harbor-ingress-{{ $domain }}
---
{{ end }}

I think with a litle teak this is possible. Definetly this last way its easyer to understand

[dioguerra]

Let me clarify, is docker.io a proxy cache project?

I don't think we can map a project's URI to a host.

Yes, docker.io is a proxy cache project

[davgia]

Any update on this? @dioguerra did you managed to make it work?

[dioguerra]

Sorry, no. I did not make this work and since then i didnt try it again... still interested tho.

[ricardojdsilva87]

Hello @dioguerra We had that issue in the past for the docker.io proxy, the thing is that you need to rewrite the request of the token also that happens in the back of the communications:
Please check:
goharbor/harbor#8082 (comment)
goharbor/harbor#13579 (comment)

For your question the issue I see is having a subfolder as endpoint, maybe you can check the examples in the comments and adapt to your needs.

Hope it helps

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.