Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use private connection to Azure Blob Storage #1810

Open
aechegoyan17 opened this issue Aug 12, 2024 · 3 comments
Open

Use private connection to Azure Blob Storage #1810

aechegoyan17 opened this issue Aug 12, 2024 · 3 comments

Comments

@aechegoyan17
Copy link

Hi,

I would like to use Azure Blob Storage to store artifacts, but due to company policies I cannot use public internet connections so I am trying to use private links.
This doesn't seem possible at the moment as it currently dynamically adds the word "blob" before the specified realm (e.g. core.windows.net) somewhere, resulting in "xxx.blob.core.windows.net" instead of "xxx.privatelink.blob.core.windows.net" which is what I need.
Here is an example configuration:

image

Causing the following error, due to "blob" word being added before:

image

I tried using the Distribution middleware feature but doesn't seem to work. Here is their documentation:
https://distribution.github.io/distribution/storage-drivers/middleware/rewrite/

Thank you
@MinerYang
Copy link
Collaborator

Would you try to disableredirect:true

harbor-helm/values.yaml

Line 185 in 44f6a8f

disableredirect: false

@EduGoma
Copy link

EduGoma commented Oct 15, 2024
edited
Loading

Hello,
I have changed it to true disableredirect: true and it still modifies the url.
panic: Put "https://harborstorage.**blob**.privatelink.blob.core.windows.net/harborimages?restype=container"

configuration:

      disableredirect: true
    # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
    # The secret must contain keys named "ca.crt" which will be injected into the trust store
    # of registry's containers.
    # caBundleSecretName:

    # Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
    # "oss" and fill the information needed in the corresponding section. The type
    # must be "filesystem" if you want to use persistent volumes for registry
    type: azure
    filesystem:
      rootdirectory: /storage
      #maxthreads: 100
    azure:
      accountname: "harborstorage"
      accountkey: ""
      container: harborimages
      realm: privatelink.blob.core.windows.net  
      # # To use existing secret, the key must be AZURE_STORAGE_ACCESS_KEY
      existingSecret: ""

thanks for your help

@aechegoyan17
Copy link
Author

Sorry for the late reply, I have been quite busy.

I tried the redirect setting without success, but I think it won't work anyway due to it actings like a CDN, where Azure Blob Storage answers the request directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MinerYang @EduGoma @aechegoyan17