如何为 Harbor 设置 ssl 发布者

How to set the ssl issuer for Harbor

我已经在我的 K8S 集群上安装了 https://docs.cert-manager.io/en/release-0.11/reference/clusterissuers.html 并将其与 Nginx 入口控制器一起使用。

它与我的 hello 演示服务一起正常工作:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-kubernetes-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: hello.co.databaker.io
      http:
        paths:
          - backend:
              serviceName: hello-kubernetes-first
              servicePort: 80
  tls:
    - hosts:
        - hello.co.databaker.io
      secretName: hello-kubernetes-tls

但是港口服务不工作:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: harbor-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: shiphub.co.databaker.io
      http:
        paths:
          - backend:
              serviceName: shiphub-harbor-portal
              servicePort: 80
            path: /
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /api/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /service/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /v2/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /chartrepo/
          - backend:
              serviceName: shiphub-harbor-core
              servicePort: 80
            path: /c/
    - host: notary.co.databaker.io
      http:
        paths:
          - backend:
              serviceName: shiphub-harbor-notary-server
              servicePort: 4443
            path: /
  tls:
    - hosts:
        - shiphub.co.databaker.io
      secretName: secretName
    - hosts:
        - notary.co.databaker.io
      secretName: secretName

它显示错误的发行人:

如何设置正确的发行人?

请记住,Kubernetes 中的 resource names 需要小写:

secretName

这可能是您遇到问题的原因。