如何为 Harbor 设置 ssl 发布者
How to set the ssl issuer for Harbor
我已经在我的 K8S 集群上安装了 https://docs.cert-manager.io/en/release-0.11/reference/clusterissuers.html 并将其与 Nginx 入口控制器一起使用。
它与我的 hello 演示服务一起正常工作:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: hello.co.databaker.io
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
tls:
- hosts:
- hello.co.databaker.io
secretName: hello-kubernetes-tls
但是港口服务不工作:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: harbor-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: shiphub.co.databaker.io
http:
paths:
- backend:
serviceName: shiphub-harbor-portal
servicePort: 80
path: /
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /api/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /service/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /v2/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /chartrepo/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /c/
- host: notary.co.databaker.io
http:
paths:
- backend:
serviceName: shiphub-harbor-notary-server
servicePort: 4443
path: /
tls:
- hosts:
- shiphub.co.databaker.io
secretName: secretName
- hosts:
- notary.co.databaker.io
secretName: secretName
它显示错误的发行人:
如何设置正确的发行人?
请记住,Kubernetes 中的 resource names 需要小写:
secretName
这可能是您遇到问题的原因。
我已经在我的 K8S 集群上安装了 https://docs.cert-manager.io/en/release-0.11/reference/clusterissuers.html 并将其与 Nginx 入口控制器一起使用。
它与我的 hello 演示服务一起正常工作:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: hello.co.databaker.io
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
tls:
- hosts:
- hello.co.databaker.io
secretName: hello-kubernetes-tls
但是港口服务不工作:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: harbor-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
rules:
- host: shiphub.co.databaker.io
http:
paths:
- backend:
serviceName: shiphub-harbor-portal
servicePort: 80
path: /
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /api/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /service/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /v2/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /chartrepo/
- backend:
serviceName: shiphub-harbor-core
servicePort: 80
path: /c/
- host: notary.co.databaker.io
http:
paths:
- backend:
serviceName: shiphub-harbor-notary-server
servicePort: 4443
path: /
tls:
- hosts:
- shiphub.co.databaker.io
secretName: secretName
- hosts:
- notary.co.databaker.io
secretName: secretName
它显示错误的发行人:
如何设置正确的发行人?
请记住,Kubernetes 中的 resource names 需要小写:
secretName
这可能是您遇到问题的原因。