Jobservice pod uses default user instead of username defined in URL for redis connection #22310
Description
Expected behavior and actual behavior:
Expected: The username defined in /etc/jobservice/config.yml -> worker_pool.redis_pool.redis_url should be used for connecting to redis (or valkey).
Actual: Somehow the connection falls back to the default user and the username defined in the URL is not used.
Steps to reproduce the problem:
- Deploy harbor using the official harbor helm chart, using the following configuration in values.yaml:
redis:
type: external
external:
addr: "valkey-0.valkey-headless.valkey.svc.cluster.local:26379,valkey-1.valkey-headless.valkey.svc.cluster.local:26379,valkey-2.valkey-headless.valkey.svc.cluster.local:26379"
username: "harbor"
sentinelMasterSet: "valkeyha"
coreDatabaseIndex: "10"
jobserviceDatabaseIndex: "11"
registryDatabaseIndex: "12"
trivyAdapterIndex: "15"
harborDatabaseIndex: "10"
cacheLayerDatabaseIndex: "10"
existingSecret: "harbor-external-secret" # key must be 'REDIS_PASSWORD'
- Patch all created configmaps and secrets to include a custom username (in this case harbor). This has to be done because the helm chart does not support this currently (See Setting username for external redis when using existingSecret does not work harbor-helm#2228)
See the chapter on harbor config files for the resulting config in the jobservice pod!
Versions:
Please specify the versions of following systems.
- harbor version: 2.13.1
- helm chart version: 1.17.1
- kubernetes cluster version: 1.33.2
- containerd version: 1.7.27
Additional context:
- Harbor config files:
Environment:
_REDIS_URL_CACHE_LAYER=redis+sentinel://harbor:[email protected]:26379,valkey-1.valkey-headless.valkey.svc.cluster.local:26379,valkey-2.valkey-headless.valkey.svc.cluster.local:26379/valkeyha/10?idle_timeout_seconds=30
/etc/jobservice/config.yml:
#Server listening port
protocol: "http"
port: 8080
worker_pool:
workers: 10
backend: "redis"
redis_pool:
redis_url: "redis+sentinel://harbor:[email protected]:26379,valkey-1.valkey-h
eadless.valkey.svc.cluster.local:26379,valkey-2.valkey-headless.valkey.svc.cluster.local:26379/valkeyha/11"
namespace: "harbor_job_service_namespace"
idle_timeout_second: 3600
job_loggers:
- name: "FILE"
level: INFO
settings: # Customized settings of logger
base_dir: "/var/log/jobs"
sweeper:
duration: 14 #days
settings: # Customized settings of sweeper
work_dir: "/var/log/jobs"
metric:
enabled: true
path: /metrics
port: 8001
#Loggers for the job service
loggers:
- name: "STD_OUTPUT"
level: INFO
reaper:
# the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to
run, default value is 24
max_update_hours: 24
# the max time for execution in running state without new task created
max_dangling_hours: 168
- Log files:
jobservice pod log:
2025-09-01T13:57:36Z [ERROR] [/jobservice/runtime/bootstrap.go:135]: read schema version failed: WRONGPASS invalid username-password pair or user is disabled.
2025-09-01T13:59:11Z [FATAL] [/jobservice/main.go:96]: load and run worker error: connect to redis server timeout: WRONGPASS invalid username-password pair or user is disabled.
valkey ACL log:
1) "count"
2) (integer) 2
3) "reason"
4) "auth"
5) "context"
6) "toplevel"
7) "object"
8) "AUTH"
9) "username"
10) "default"
11) "age-seconds"
12) "564.077"
13) "client-info"
14) "id=56133 addr=100.64.179.50:43720 laddr=100.64.106.126:6379 fd=46 name= age=0 idle=0 flags=N capa= db=0 sub=0 psub=0 ssub=0 multi=-1 watch=0 qbuf=0 qbuf-free=0 argv-mem=36 multi-mem=0 rbs=16384 rbp=16384 obl=0 oll=0 omem=0 tot-mem=17076 events=r cmd=auth user=default redir=-1 resp=2 lib-name= lib-ver= tot-net-in=53 tot-net-out=0 tot-cmds=0"
15) "entry-id"
16) (integer) 9
17) "timestamp-created"
18) (integer) 1756735056211
19) "timestamp-last-updated"
20) (integer) 1756735056219
(timestamp-created converts to Mon Sep 01 2025 13:57:36 GMT+0000)