Pivotal Knowledge Base

Follow

PKS is unable to access the Harbor web interface

Environment

Harbor 1.4.1 and earlier

Symptom

After installing Harbor in Pivotal Container Service (PKS), you are unable to access the Web
interface. If you run the Docker pull and Docker push commands, they fail.

Harbor also fails to start, and the Harbor Logs retrieved from the Operations Manager shows the following errors and timeouts:

harbor/ctl.stdout.log

Error: Harbor Service failed to start in 180 seconds.

bosh-dns/bosh_dns.stdout.log

DEBUG - error recursing to "10.7.7.7:53": read udp 172.18.0.34:51783->10.7.7.7:53: i/o timeout

Cause

The Harbor VM runs a number of Docker images that implement the Harbor services such as the Registry, Clair, and Notary. Each service runs on its own internal private network. There is a possibility that these internal networks conflict with external networks that prevent access to/from Harbor. This could be a client desktop's trying to access the Harbor web interface, running docker push/pull commands, or Harbor trying to access external resources like it's Registry when it's stored on S3 Storage.

This issue occurs if you are using IP networks with subnets within the range 172.16.0.0/24 - 172.22.0.0/24 in your environment. The Harbor installation uses the default configuration for the Docker0 bridge network and Docker internal networks with IP addresses in the range 172.16.0.0/24 - 172.22.0.0/24, causing an overlap in IP ranges preventing communication between Harbor and Harbor clients.

Resolution

In order to see if you have this problem, check your network ranges that need access to and from Harbor. If any of these match the Harbor networks per below then you have a conflict.

  1. 172.17.0.0/24
  2. 172.18.0.0/24
  3. 172.19.0.0/24
  4. 172.20.0.0/24
  5. 172.21.0.0/24
  6. 172.22.0.0/24

When you encounter this situation, open a support case with your Harbor provider.

Comments

Powered by Zendesk