ArgoCD Image Updater cannot reach Harbor registry (harbor-core timeout) #355

New issue

Open

opened 2026-05-07 12:29:58 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented

2026-05-07 12:29:58 +00:00

Contributor

Type

Bug

Lineage

Standalone — discovered while fixing notion-mcp-remote CI pipeline.

Repo

ldraney/pal-e-platform

What Broke

ArgoCD Image Updater fails to query Harbor for new tags across ALL 13 services. Every poll cycle returns timeout errors:

Could not get tags from registry: Get "http://harbor-core.harbor.svc.cluster.local/v2/.../tags/list":
  Get "https://harbor-core.harbor.svc.cluster.local/service/token?...": context deadline exceeded

Image Updater tries to reach harbor-core.harbor.svc.cluster.local for token auth over HTTPS (443), which either isn't served or is blocked by NetworkPolicy. The CI pipelines push images successfully (via harbor.harbor.svc.cluster.local HTTP), but Image Updater never detects them.

Repro Steps

Push a code change that triggers Woodpecker CI
CI builds and pushes image to Harbor successfully
Check Image Updater logs: kubectl logs -n argocd deploy/argocd-image-updater --tail=30
Observe: 13/13 errors, 0/13 images updated

Expected Behavior

Image Updater detects new tags in Harbor and rewrites kustomization newTag via git write-back, triggering ArgoCD auto-sync to deploy the new image.

Environment

Cluster/namespace: argocd
Service version: argocd-image-updater (running for 41d)
All 13 ArgoCD-managed services affected

Acceptance Criteria

Image Updater can query Harbor tags without timeout
New CI builds auto-deploy via Image Updater write-back
No manual kustomization tag updates needed

project-pal-e-platform — platform infrastructure
ldraney/notion-mcp-remote #12 — discovered during CI pipeline fix

### Type Bug ### Lineage Standalone — discovered while fixing notion-mcp-remote CI pipeline. ### Repo `ldraney/pal-e-platform` ### What Broke ArgoCD Image Updater fails to query Harbor for new tags across ALL 13 services. Every poll cycle returns timeout errors: ``` Could not get tags from registry: Get "http://harbor-core.harbor.svc.cluster.local/v2/.../tags/list": Get "https://harbor-core.harbor.svc.cluster.local/service/token?...": context deadline exceeded ``` Image Updater tries to reach `harbor-core.harbor.svc.cluster.local` for token auth over HTTPS (443), which either isn't served or is blocked by NetworkPolicy. The CI pipelines push images successfully (via `harbor.harbor.svc.cluster.local` HTTP), but Image Updater never detects them. ### Repro Steps 1. Push a code change that triggers Woodpecker CI 2. CI builds and pushes image to Harbor successfully 3. Check Image Updater logs: `kubectl logs -n argocd deploy/argocd-image-updater --tail=30` 4. Observe: 13/13 errors, 0/13 images updated ### Expected Behavior Image Updater detects new tags in Harbor and rewrites kustomization `newTag` via git write-back, triggering ArgoCD auto-sync to deploy the new image. ### Environment - Cluster/namespace: argocd - Service version: argocd-image-updater (running for 41d) - All 13 ArgoCD-managed services affected ### Acceptance Criteria - [ ] Image Updater can query Harbor tags without timeout - [ ] New CI builds auto-deploy via Image Updater write-back - [ ] No manual kustomization tag updates needed ### Related - `project-pal-e-platform` — platform infrastructure - `ldraney/notion-mcp-remote #12` — discovered during CI pipeline fix