Getting 401 Unauthorized while trying to pull images from local docker registry (harbor) from k3s

Question

Due to work I need to self-host a local docker proxy cache using Harbor. So i wen to their doc and I installed the server and configured it properly, accesing it via FQDN and using a self-signed certificate. I'm able to use docker login from external clients and docker pull without a problem.

My idea is to serve this Harbor server to the containerd service runing inside a k3s cluster I have. From the cluster's control plane (hostname: control01) I can pull images:

/usr/local/bin/ctr -a /run/k3s/containerd/containerd.sock image pull 

harbor.virtalus.com/dockerhubproxy/library/ubuntu:20.04
harbor.virtalus.com/dockerhubproxy/library/ubuntu:20.04:                          resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:4e9ed8dc49c4c21888f4053e59d7ef0959f57e77d0fbe47ba0063fddd6b70f2c:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:7b3e30a1f373b0621681f13b92feb928129c1c38977481ee788a793fcae64fb9: exists         |++++++++++++++++++++++++++++++++++++++|
layer-sha256:8e5c1b329fe39c318c0d49821b339fb94a215c5dc0a2898c8030b5a4d091bcba:    exists         |++++++++++++++++++++++++++++++++++++++|
config-sha256:1a437e363abfa47bfe4b3f5906b7444d12346102d944ebddd537e47a62fc6f52:   exists         |++++++++++++++++++++++++++++++++++++++|
elapsed: 10.3s                                                                    total:  1.4 Ki (137.0 B/s)
unpacking linux/amd64 sha256:4e9ed8dc49c4c21888f4053e59d7ef0959f57e77d0fbe47ba0063fddd6b70f2c...

So I configure the /etc/rancher/k3s/registries.yaml as following the official doc by Rancher:

cat << EOF > /etc/rancher/k3s/registries.yaml
mirrors:
  "*":
    endpoint:
      - "https://harbor.virtalus.com"
configs:
  "https://harbor.virtalus.com":
    auth:
      username: admin
      password: Harbor12345  
    tls:
      cert_file: /root/harbor.virtalus.com.cert
      key_file: /root/harbor.virtalus.com.key
      ca_file: /root/ca.crt
      insecure_skip_verify: true
EOF

I have tried with and witouth the config section but it keeps telling me:

pulling from host harbor.virtalus.com failed with status code [manifests 1.8.6]: 401 Unauthorized

I have spent the last 4h in this, I have read some github issues threads, the official doc and several troubleshooting guides but I still don't know what I'm doing wrong.

score 2 · Answer 1 · answered Apr 22 '22 at 09:21

2

The configs entries contain the auth and tls sections but it appears that the tls section is not taken into account due to a redundant misplaced registry entry

cat << EOF > /etc/rancher/k3s/registries.yaml
mirrors:
  "*":
    endpoint:
      - "https://harbor.virtalus.com"
configs:
  "https://harbor.virtalus.com":
    auth:
      username: admin
      password: Harbor12345

~~"https://harbor.virtalus.com":~~

    tls:
      cert_file: /root/harbor.virtalus.com.cert
      key_file: /root/harbor.virtalus.com.key
      ca_file: /root/ca.crt
      insecure_skip_verify: true
 EOF

Feel free to remove it and let me know if that solves the issue

Additionally, as a side note you might want to use the --debug flag of docker to get more details about the encountered error

answered Apr 22 '22 at 09:21

Tewfik Ghariani

86
5

Ups, that was a type, let me edit the question. Thanks very much tho – k.Cyborg Apr 22 '22 at 10:59
Sure thing, Pardon me but was the issue solved after fixing the configuration or not? – Tewfik Ghariani Apr 26 '22 at 08:38
1

I was pointing it to the wrong address – k.Cyborg Apr 26 '22 at 11:42

Getting 401 Unauthorized while trying to pull images from local docker registry (harbor) from k3s

1 Answers1