【问题标题】:How to set the ssl issuer for Harbor如何为 Harbor 设置 ssl issuer
【发布时间】:2020-04-16 10:04:04
【问题描述】:

我已经在我的 K8S 集群上安装了https://docs.cert-manager.io/en/release-0.11/reference/clusterissuers.html,并将它与 Nginx 入口控制器一起使用。

它与我的 hello 演示服务正常工作:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: hello.co.databaker.io
      http:
        paths:
          - backend:
              serviceName: hello-kubernetes-first
              servicePort: 80
  tls:
    - hosts:
        - hello.co.databaker.io
      secretName: hello-kubernetes-tls

但是港口服务不起作用:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: harbor-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: shiphub.co.databaker.io
      http:
        paths:
          - backend:
              serviceName: shiphub-harbor-portal
              servicePort: 80
            path: /
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /api/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /service/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /v2/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /chartrepo/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /c/
    - host: notary.co.databaker.io
      http:
        paths:
          - backend:
              serviceName: shiphub-harbor-notary-server
              servicePort: 4443
            path: /
  tls:
    - hosts:
        - shiphub.co.databaker.io
      secretName: secretName
    - hosts:
        - notary.co.databaker.io
      secretName: secretName

它显示错误的发行者:

如何设置正确的发行人?

【问题讨论】:

    标签: kubernetes certificate harbor


    【解决方案1】:

    请记住,Kubernetes 中的resource names 需要小写:

    秘密名称

    这可能是导致您的问题的原因。

    【讨论】:

      猜你喜欢
      • 2012-04-03
      • 2022-01-02
      • 1970-01-01
      • 1970-01-01
      • 2022-01-13
      • 2020-06-07
      • 2013-09-24
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多