-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error in harbor-core pod secret "harborcluster-sample-harbor-harbor-core-tokencert" not found #1028
Comments
Hello, why using let's encrypt to create cert harborcluster-sample-harbor-harbor-core-tokencert-28st4 ? |
In order to use valid certificates for https .
…On Tue, 28 Mar 2023 at 2:11 PM, Thomas Coudert ***@***.***> wrote:
Hello, why using let's encrypt to create cert
harborcluster-sample-harbor-harbor-core-tokencert-28st4 ?
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUJQSC5SEUHRJVTZOSLW6KP33ANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Only core and notary need public certificates, you can use self signed certificate for harbor token. |
I tried to create one self signed certificate and used that inside
fullstack.yaml file but, after using my own self signed certificate harbor
core and other pods are not getting up .
And when i used the same self signed cert which was in fullstack.yaml
official doc then pods are getting but , tls is not secure .
Without tls secure we are unable to login and push the image to harbor
regestry .
Please help !! And Thanks in Advance!
…On Tue, 28 Mar 2023 at 3:03 PM, Thomas Coudert ***@***.***> wrote:
Only core and notary need public certificates, you can use self signed
certificate for harbor token.
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVULELB3UWCKDD4Q7TQDW6KV43ANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Can you share the templates for the tries you did with self signed certificate please ? |
Full_stack.yaml file
----------------------------
# Sample namespace
apiVersion: v1
kind: Namespace
metadata:
name: cluster-sample-ns
---
# A secret of harbor admin password.
apiVersion: v1
kind: Secret
metadata:
name: admin-core-secret
namespace: cluster-sample-ns
data:
secret: SGFyYm9yMTIzNDU=
type: Opaque
---
# A secret for minIO access.
apiVersion: v1
kind: Secret
metadata:
name: minio-access-secret
namespace: cluster-sample-ns
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: harbor-test-ca
namespace: cluster-sample-ns
data:
tls.crt:
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBMjZIaFYyNDBsQjVjckQxbE9xR1R4TU5xYVU4M0wwVDV3Tnc5VWVWNUQxVjZrV09vCkpqWGFoZzJRWnUyZGlhUkJnN1FzRkRxVWgzaWdrUUJpTXEwK2ZhYmNvdFN3Z09zS0doWGZTTXdJSG9jRm01cWsKeHJBSWJHVCtzelhlSmYwRGR1TDNrTHIwdUxYeWJFYVgrRU9mNk90cTR5NVcvaWxKT3R3bXpId3YrMW9jbFpMYgpqN0VxYUdic0pqVmI2eHFiY1c1cGk1WkxYaFBsZGdwb0FQMmpycjRpUGQ3MFNCL1JRektLdmFUMXoyZEcwUXVXCmV2TjlGYUZGa2ZYcmFrVUhDVklSMG9FeHprQXdYU3lhUnNncDZiekExWmVPR2RHd2JXalI1Z2kvUUxXMzcvbkcKZjVqQ2VFR1Bac2cwRzNyRjBKdSt5N3BwcjBMY0ExdkRCLzlEZ2N5dUxLdnliNGNkOFc2QmQzKzdIcGJlWXZyNQpMUDRIb0xkWEZEUDVMN1VCeTFHb29SYW84REtPbGh5UGJuSGdFUGVoV1Juc3hMdVpNV295UlJJRG1TdUhFZm5IClVRSEl0alNqNUpvNjhsNXhlRzBPNzBsNkF3VEE3UEEzd2NZOUNUNktnblRHSW9lVWM0d09SWlFNdnR5RG1ZUmMKWlREY1AwNFJwTENSWTVLQUc0VkcreGkvMjhPTTM4R3NpS09naXJkMi9XZE5PcHl6TzYyYk1nN1Nocm80UXphMAoraENtNzJlTHdXajNrQlpqcUJNS1RwOG9RZDFpcmxNVDcxbTN3elZJc1k0U2tZREM1NVd4Ryt6c3VBQzNUU0QwCkNTdE41d05OeDJNcUo5cTJsaTFhZjRwcDdrVzBueGZUdVdvTTk0RkV1TGtnWHphb0dtQUkxOEtnK0ZNQ0F3RUEKQVFLQ0FnRUFzTUdULy9BU1lvNFkyUWxFR2E2RnBObjhIcXFBNkFyajBTR3VPK1dveXYxbytlOHhHU2RJS1pCcgpBVnNENlEwSEtMNXNwdzhLRUFpMWVGek5xcWtnWExGWWFiY3dJV0NITGIwaWlJeWprQ1hzRG5HallMKzAxNzlqCjk4aEhjMTB2VjVPTDE2K09XY1VjUjZWOGtuR2lGU3E1U0FJNFFxM3BZSFJpeVRpOHlOV1pvWXFpSnY5VytOUzAKQW4vNDdMbnFGWnpkVmxocmFWZ3IyQmJCNHVJOXc5a0M1N1l4OUlXZXZTekUyYUVUcm9vWVJRN0ZXVWZ5QitGVgpnd1ZlSTVWUDkyRlVOSXlERDlFNjJ4R1ZTNWUxbTRXcnozbjhBNjF0Qm5CUVZJZi9tMDFqcmI3ZjBEcVpiM3liCnN3VTJZbE1wTmh6UnJWWGx6Z1hKMk80VmhLOGJuTEc4ZW5oaWhIeHpNZXhDRzc3bTBoVjZ2RDEwTzJ2NDNMYnYKNUttMllFb3RrNFV5UEZTWmc4VzAwbnJqdzVwZkpHRjlPN3Qwb2dkVStMTUV5SUdsZytGWDRBZHBHYllvV2xNNwpYdnZaWmxVUG14aThJVUw5T0lZQUtUM1MydWs2ck5lWmlCeU5lWE9GdkRXdmpYU0c1Mm9zd2ZtQkRJazRQbld1CkJpR2ZPM3VxbitWNXlWRWwyM0c2YnU2VE1TT2cwN0FTeFRHUTRKaUpMcFV0SVcreHhMYkw2NTlVRkZRTzRnQ0cKRUV4bFdLaG00bGU2WFhxVjlWRjFmck5UTWFtem5oVW5QZERTeWhVbTl3QlRPL1hxaktCWUM1T2hvZDZJSVZFTQpkclBtT01JaDd0c1JERjNQbzB2WHBYOWpMcng4eU81emZBYWlIMXVJK1NPdUd0TnBlVGtDZ2dFQkFQV3BUa3YzCmdaWHVLM3ZRZW1MV0d4WTg2Qk9CcEl5aGxqOXQwakF6ZEZwdmdINHdQMFBZdTZBSW9vdmVqSTlhQWd3bkdsNWYKc0prS0Jlck1KQngvRFFMWWRLMng5dTRIbW9Qem9hVi8zbFhtNE5PQ0hIdkxnT1ROOG1IUW94YTFPQTM2NUYwUAplNFdpb1pGUERvTyttODBPYTdQWXhnWmIrYkE4QWlKc3VLUkVjQ3NQQk9DaXdaYW1UMzVDcE52MWdEK2J3WGN0CmZjTXdPbHpDVGkyYlBLQ1hCWkMyNUdWQktPRVd2M01iaEoyL1ZtbjZab0Rnak15SXM3Uk5wa3ViRTBXcnYwWm0KNUZBQy9BUlpnL2hHSWxQTkVXbExmd2paaUo3Nkxod3VKYXA1cWNZcGF3aTBLWW1tYUw5VGRjem5aSnlMaWxLTAptemF0VW5lRWJGKzZQeDBDZ2dFQkFPVGdKUFZkQTUrMnFvZ3ZtUjNMYk1jK1g0MXhUbWF3blhNcWh5RDdYczliCmlmUm5hVE96QWlhYVJ5WFNDU2ZiQW1ZbHg0cU5EQlAyejdROU5aU1grRFFaWjM5RDZ2dmViQjBTMit1SDlub1AKZ3J0am9BTjBLTUNKUVBScS9WU1pGMWxVbWo1RGh1QStpaHo1LzNSRlVxZlc3cWdWSHlTVFl6RE96QWd6ODVuZQp0b0s1ZHd3TS9DbDIvTjJKeDdZMFlDQ1FsU0ljdFV1VnhoOTJRNng0Tkw3dlZ3NXpjd282aGc1YkxvM2V4dlpQCjExVjN4VU9RZGRIY1dnZmZiWDlWWW5pK2FIdCs2VHh6cUdCUVJKWmRXVnFYc1BOMGlnbG1UdWNkdC8vbHFlVy8KMXBJdnZRWVpweHdubWJoLzRvcDhqTzZUREU2OUtJcW9tK0crd1FJbFNpOENnZ0VBSnFDdG1CSmVCUFpEVGgrMAo3cytkeUx4Zy9aZzRDSWpyK0NOTGxwcXdvL3UrWjVrc2lYMk4yeGNnZi8vSmVFejkzMjFTbng1S3hYV25Bb21BCjhCNG1MSmxlbDJWUlg1SkFnSmtSaE5WN1gyU0RXNTZzM2VaYzZSMWRESFppL3BJV00xU05EZmorUWtBVlNhVDEKc2srSmJnL2piWThiYkNxUU0xN3NNditIZFFUeDRrTmxUL0Vub1ltYkhFNWNYOTNWZ2FyN0c4TkNjQ3VvTWFlMwo1VUh3b1l1OXEwaW0xeWtNeFgvdk1LbFdDL3ZuR1pqdS96clB5T1dCNUVzRmFBUUZYc0ludkdrM1kwRms0VVkyCkV4YnNGT004NXFLaFlnSGFrcXppRFRwUVgrTHJpQ1pCRjBoRTg4ai8xWDNKR3lRVFZPNDRITXlvNWtzUW1ZeHcKQWdsbUhRS0NBUUVBcld2UlZVRm5UNHRmWjlWNUZZUmdKaEJ5NG4rcVFsRXMzR2lxL3lpNHpERzJORVJ2Q0VkcApKOHJhZ2lQRjREY29lREhFSW8yQlMxZEdSbkhpdVhiMUVMVDNJUTFiYmdFNHRrYmw4RytUS1NXN2p6V0x0MUk2CjFyaXBTUW9RYmh1Wi80d0ZXNHhiRkdzT3g2bitFQ0crNFlJUVQ3ZkJZenR5ZXpjV2psaWZDa1lnMEtpck5heFoKSFNvVnE5K01QZGt0eFQ4SVlWS1RaSFJXTE55MXBtZG13QTRtVHNMWHRqWm1BVmJCemFteDVFelhBdUcvek5RWApFaTcrNE54QTRhelc4bHFFWEo3ckoyMFRkZmNjSVRzV1MzaUpFYytLRUZrL0RBd09zWTFaME1ZdFZaTnFqTWEvClFxd1c1Qit5amZDVjhPZm0rWHFHejVtMms3U3dGbW9lN1FLQ0FRRUFrbFJIOWdHUHJ1eTFWTjY5bVlmZVcyTEwKbFVhdENkQzV4Q2N4QkxEWndtV0RqeC9sVm1SemlSRXo4ZVlzUkRJajU1Q3pIT1E2UW84VmNBT1ZWaTVROG83TApWZUdOaXFmYmVqSm1xTmNUSStNbU9UVEozUWhBbjhST1lFMXBHTWI1SGRHUkIvTjduRU91d1l3YW1iMEY1SGhCCjJKcTlnSzQ4cm14WVNuZWlKKzZIUm0xVDZ3cTlDN0UyRkhMVEthWEZzZGxYdWdKRTFzU1ZvTzMrR0dYNEFwMGkKVHd2cWZrMVRnbEQ2OXlsbTYvRmtibzEwSEFFbG44M3pCVDRJV0hUMUM1cXdXbVRZNXVlTGZRNEN6dG1qRDhPaQpSOXBsNE84cG9sc1ZjMmoybXlBbThLdFkvNStvMXA5WmN6TDAycUEvK2tQeWl2K2c1ZjBmTUhlVEx0a0dEUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
tls.key:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNRENDQkJpZ0F3SUJBZ0lVUmowbTd5M0tMVUJjRTVCNmFYTm5UT2dhS2Jvd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2dZQXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJREFkQ1pXbHFhVzVuTVJBd0RnWURWUVFIREFkQwpaV2xxYVc1bk1SQXdEZ1lEVlFRS0RBZGxlR0Z0Y0d4bE1SRXdEd1lEVlFRTERBaFFaWEp6YjI1aGJERW9NQ1lHCkExVUVBd3dmYUdGeVltOXlMWFJ5YVdGc0xuTm9aUzV6ZVhOMFpXMWtaVzF2TG05eVp6QWVGdzB5TXpBek1qUXcKTnpBeU5ERmFGdzB6TXpBek1qRXdOekF5TkRGYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0F3SApRbVZwYW1sdVp6RVFNQTRHQTFVRUJ3d0hRbVZwYW1sdVp6RVFNQTRHQTFVRUNnd0haWGhoYlhCc1pURVJNQThHCkExVUVDd3dJVUdWeWMyOXVZV3d4S0RBbUJnTlZCQU1NSDJoaGNtSnZjaTEwY21saGJDNXphR1V1YzNsemRHVnQKWkdWdGJ5NXZjbWN3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGJvZUZYYmpTVQpIbHlzUFdVNm9aUEV3MnBwVHpjdlJQbkEzRDFSNVhrUFZYcVJZNmdtTmRxR0RaQm03WjJKcEVHRHRDd1VPcFNICmVLQ1JBR0l5clQ1OXB0eWkxTENBNndvYUZkOUl6QWdlaHdXYm1xVEdzQWhzWlA2ek5kNGwvUU4yNHZlUXV2UzQKdGZKc1JwZjRRNS9vNjJyakxsYitLVWs2M0NiTWZDLzdXaHlWa3R1UHNTcG9adXdtTlZ2ckdwdHhibW1MbGt0ZQpFK1YyQ21nQS9hT3V2aUk5M3ZSSUg5RkRNb3E5cFBYUFowYlJDNVo2ODMwVm9VV1I5ZXRxUlFjSlVoSFNnVEhPClFEQmRMSnBHeUNucHZNRFZsNDRaMGJCdGFOSG1DTDlBdGJmditjWi9tTUo0UVk5bXlEUWJlc1hRbTc3THVtbXYKUXR3RFc4TUgvME9Ceks0c3EvSnZoeDN4Ym9GM2Y3c2VsdDVpK3Zrcy9nZWd0MWNVTS9rdnRRSExVYWloRnFqdwpNbzZXSEk5dWNlQVE5NkZaR2V6RXU1a3hhakpGRWdPWks0Y1IrY2RSQWNpMk5LUGttanJ5WG5GNGJRN3ZTWG9ECkJNRHM4RGZCeGowSlBvcUNkTVlpaDVSempBNUZsQXkrM0lPWmhGeGxNTncvVGhHa3NKRmprb0FiaFViN0dML2IKdzR6ZndheUlvNkNLdDNiOVowMDZuTE03clpzeUR0S0d1amhETnJUNkVLYnZaNHZCYVBlUUZtT29Fd3BPbnloQgozV0t1VXhQdldiZkROVWl4amhLUmdNTG5sYkViN095NEFMZE5JUFFKSzAzbkEwM0hZeW9uMnJhV0xWcC9pbW51ClJiU2ZGOU81YWd6M2dVUzR1U0JmTnFnYVlBalh3cUQ0VXdJREFRQUJvNEdmTUlHY01COEdBMVVkSXdRWU1CYUEKRkhZalR1bXU2SUp5Y2U1ZEUxRWVoa21nbFFrR01Ba0dBMVVkRXdRQ01BQXdDd1lEVlIwUEJBUURBZ1R3TUJNRwpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNRXdHQTFVZEVRUkZNRU9DSDJoaGNtSnZjaTEwY21saGJDNXphR1V1CmMzbHpkR1Z0WkdWdGJ5NXZjbWVDRW5Ob1pTNXplWE4wWlcxa1pXMXZMbTl5WjRJTWFHRnlZbTl5TFhSeWFXRnMKTUEwR0NTcUdTSWIzRFFFQkRRVUFBNElDQVFCTjNSb3EyaDQ4NG1vclkzR09NTm1uOWpCSjlCbUNpdk90ZHNQeApmQkpneGppNXFHQlY2MXRMU1VBWTdZYmNmRzdmS2ZuUmpuOXVYbXRjVmxaUkQ3MDEvU3RPQnlvU2RaL0Q4NFNJCktIYUE5eG9MWlVEbzRYRGhRVm50MDRjMk5JdUF2R21hMkpoVlZzdlZ4OG4wOS9mZHFKUC85RGVYWUhRL3FFdE8KNkdaTEp1ZTNFcFpLTDZNZ0FKSjRETzQ5dTdjY1VtWGI2OFM5alpDYXViVXEzTm9ndHA2VkNxMjRNVXlOdzJlVQplTXJDRStaaXRSK1p4Yi9xUWF4dDJoelQzU3dlRXc1MzRlQ3BHT05CclhrTE05M2VMV29MdE9Ec3VCazkwakc1CmlKM1NWVExxSk9tandqbnpnNWZHK3F2MmhWWUhFNFUxUk1KWDZHdk81Mll6QzgrMnNkS0NWT3ZuTm02RXh2UDUKS1dFY2hOOWdaWjNBWlJSYmpYR0VwSktiYmthQWRIcFc5UzR0cTV2R1hySFQ4dDJJN3hKMlhpWlgwcE9UdUJsagpZVU9LaDZ5aWFsZGFtbmFMNDYrWEVNVW5nQW1FaU9RaDI4c3FFT2tsTXRYYks5bGtIRit3NDQ2czZJejdhd0QyClZSQUpQSmF2dkdhUy9teXJYTHhMNzVMMElEeHEzdzJrT2VOTEpxa29MeHI4dnM2SzBqWFo0L2ZEVzc0Wkl1Ym0KNG5hQ1VSamFrYXBGWFVoOXJKaW5XSkNrSE1rTjNnTHRXMnQyKzlLUDkrY0g4SWNHQWZPYm1adkkzSEo3VVdYVApJdU0rT1N1YUFJY0FaSUVHY1ova2Frc2tWcXFndm9ub05PNTY4MGhVcWk1T3lWSmtZRHZjQWNrc2R2dHI5amhmCkl4L016QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Cert issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: cluster-sample-ns
spec:
ca:
secretName: harbor-test-ca
---
# Certificates of ingress
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sample-public-certificate
namespace: cluster-sample-ns
spec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: Issuer
---
# Full stack Harbor
apiVersion: goharbor.io/v1beta1
kind: HarborCluster
metadata:
name: harborcluster-sample
namespace: cluster-sample-ns
spec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: letsencrypt-prod
kind: Issuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: "1.5.0"
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: "4.0.6"
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: "1.0.0"
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1
…On Tue, Mar 28, 2023 at 11:34 PM Thomas Coudert ***@***.***> wrote:
Can you share the templates for the tries you did with self signed
certificate please ?
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUMGK7JNEJ5APDQHFU3W6MR4LANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
You should use let's encrypt cert issuer for expose.core.tls and expose.notary.tls and use self signed cert issuer for core.tokenIssuer |
We tried with Lets encrypt with issuer and clusterIssuer type but then pod
for harbor core and other pods are kept in a failed state .
*NOTE : Could you Please share the full-stack file working one with
lets-encrypt . Also in that what we need to do for the valid tls part. That
will be great help *
full-stack.yaml (Lets-encrypt ways)
…---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-sample-ns
---
apiVersion: v1
kind: Secret
metadata:
name: admin-core-secret
namespace: cluster-sample-ns
data:
secret: SGFyYm9yMTIzNDU=
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: minio-access-secret
namespace: cluster-sample-ns
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=
type: Opaque
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cluster-sample-ns
spec:
acme:
email: ***@***.***
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---
# Certificates of ingress
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sample-public-certificate
namespace: cluster-sample-ns
spec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---
apiVersion: goharbor.io/v1beta1
kind: HarborCluster
metadata:
name: harborcluster-sample
namespace: cluster-sample-ns
spec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
kubernetes.io/tls-acme: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
kubernetes.io/tls-acme: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: letsencrypt-prod
kind: ClusterIssuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: 1.5.0
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: 4.0.6
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: 1.0.0
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1
*NOTE : Could you Please share the full-stack file working onew with
lets-encrypt . Also in that what we need to do for the valid tls part. That
will be great help *
On Thu, Mar 30, 2023 at 3:01 PM Thomas Coudert ***@***.***> wrote:
You should use let's encrypt cert issuer for expose.core.tls and
expose.notary.tls and use self signed cert issuer for core.tokenIssuer
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUPA3DUS2XJC4IPEQTLW6VHF7ANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
You should try something like this: ----------------------------
# Sample namespace
apiVersion: v1
kind: Namespace
metadata:
name: cluster-sample-ns
---
# A secret of harbor admin password.
apiVersion: v1
kind: Secret
metadata:
name: admin-core-secret
namespace: cluster-sample-ns
data:
secret: SGFyYm9yMTIzNDU=
type: Opaque
---
# A secret for minIO access.
apiVersion: v1
kind: Secret
metadata:
name: minio-access-secret
namespace: cluster-sample-ns
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=
type: Opaque
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cluster-sample-ns
spec:
acme:
email: [email protected]
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---
# Certificates of ingress
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sample-public-certificate
namespace: cluster-sample-ns
spec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---
apiVersion: v1
kind: Secret
metadata:
name: harbor-test-ca
namespace: cluster-sample-ns
data:
tls.crt:
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBMjZIaFYyNDBsQjVjckQxbE9xR1R4TU5xYVU4M0wwVDV3Tnc5VWVWNUQxVjZrV09vCkpqWGFoZzJRWnUyZGlhUkJnN1FzRkRxVWgzaWdrUUJpTXEwK2ZhYmNvdFN3Z09zS0doWGZTTXdJSG9jRm01cWsKeHJBSWJHVCtzelhlSmYwRGR1TDNrTHIwdUxYeWJFYVgrRU9mNk90cTR5NVcvaWxKT3R3bXpId3YrMW9jbFpMYgpqN0VxYUdic0pqVmI2eHFiY1c1cGk1WkxYaFBsZGdwb0FQMmpycjRpUGQ3MFNCL1JRektLdmFUMXoyZEcwUXVXCmV2TjlGYUZGa2ZYcmFrVUhDVklSMG9FeHprQXdYU3lhUnNncDZiekExWmVPR2RHd2JXalI1Z2kvUUxXMzcvbkcKZjVqQ2VFR1Bac2cwRzNyRjBKdSt5N3BwcjBMY0ExdkRCLzlEZ2N5dUxLdnliNGNkOFc2QmQzKzdIcGJlWXZyNQpMUDRIb0xkWEZEUDVMN1VCeTFHb29SYW84REtPbGh5UGJuSGdFUGVoV1Juc3hMdVpNV295UlJJRG1TdUhFZm5IClVRSEl0alNqNUpvNjhsNXhlRzBPNzBsNkF3VEE3UEEzd2NZOUNUNktnblRHSW9lVWM0d09SWlFNdnR5RG1ZUmMKWlREY1AwNFJwTENSWTVLQUc0VkcreGkvMjhPTTM4R3NpS09naXJkMi9XZE5PcHl6TzYyYk1nN1Nocm80UXphMAoraENtNzJlTHdXajNrQlpqcUJNS1RwOG9RZDFpcmxNVDcxbTN3elZJc1k0U2tZREM1NVd4Ryt6c3VBQzNUU0QwCkNTdE41d05OeDJNcUo5cTJsaTFhZjRwcDdrVzBueGZUdVdvTTk0RkV1TGtnWHphb0dtQUkxOEtnK0ZNQ0F3RUEKQVFLQ0FnRUFzTUdULy9BU1lvNFkyUWxFR2E2RnBObjhIcXFBNkFyajBTR3VPK1dveXYxbytlOHhHU2RJS1pCcgpBVnNENlEwSEtMNXNwdzhLRUFpMWVGek5xcWtnWExGWWFiY3dJV0NITGIwaWlJeWprQ1hzRG5HallMKzAxNzlqCjk4aEhjMTB2VjVPTDE2K09XY1VjUjZWOGtuR2lGU3E1U0FJNFFxM3BZSFJpeVRpOHlOV1pvWXFpSnY5VytOUzAKQW4vNDdMbnFGWnpkVmxocmFWZ3IyQmJCNHVJOXc5a0M1N1l4OUlXZXZTekUyYUVUcm9vWVJRN0ZXVWZ5QitGVgpnd1ZlSTVWUDkyRlVOSXlERDlFNjJ4R1ZTNWUxbTRXcnozbjhBNjF0Qm5CUVZJZi9tMDFqcmI3ZjBEcVpiM3liCnN3VTJZbE1wTmh6UnJWWGx6Z1hKMk80VmhLOGJuTEc4ZW5oaWhIeHpNZXhDRzc3bTBoVjZ2RDEwTzJ2NDNMYnYKNUttMllFb3RrNFV5UEZTWmc4VzAwbnJqdzVwZkpHRjlPN3Qwb2dkVStMTUV5SUdsZytGWDRBZHBHYllvV2xNNwpYdnZaWmxVUG14aThJVUw5T0lZQUtUM1MydWs2ck5lWmlCeU5lWE9GdkRXdmpYU0c1Mm9zd2ZtQkRJazRQbld1CkJpR2ZPM3VxbitWNXlWRWwyM0c2YnU2VE1TT2cwN0FTeFRHUTRKaUpMcFV0SVcreHhMYkw2NTlVRkZRTzRnQ0cKRUV4bFdLaG00bGU2WFhxVjlWRjFmck5UTWFtem5oVW5QZERTeWhVbTl3QlRPL1hxaktCWUM1T2hvZDZJSVZFTQpkclBtT01JaDd0c1JERjNQbzB2WHBYOWpMcng4eU81emZBYWlIMXVJK1NPdUd0TnBlVGtDZ2dFQkFQV3BUa3YzCmdaWHVLM3ZRZW1MV0d4WTg2Qk9CcEl5aGxqOXQwakF6ZEZwdmdINHdQMFBZdTZBSW9vdmVqSTlhQWd3bkdsNWYKc0prS0Jlck1KQngvRFFMWWRLMng5dTRIbW9Qem9hVi8zbFhtNE5PQ0hIdkxnT1ROOG1IUW94YTFPQTM2NUYwUAplNFdpb1pGUERvTyttODBPYTdQWXhnWmIrYkE4QWlKc3VLUkVjQ3NQQk9DaXdaYW1UMzVDcE52MWdEK2J3WGN0CmZjTXdPbHpDVGkyYlBLQ1hCWkMyNUdWQktPRVd2M01iaEoyL1ZtbjZab0Rnak15SXM3Uk5wa3ViRTBXcnYwWm0KNUZBQy9BUlpnL2hHSWxQTkVXbExmd2paaUo3Nkxod3VKYXA1cWNZcGF3aTBLWW1tYUw5VGRjem5aSnlMaWxLTAptemF0VW5lRWJGKzZQeDBDZ2dFQkFPVGdKUFZkQTUrMnFvZ3ZtUjNMYk1jK1g0MXhUbWF3blhNcWh5RDdYczliCmlmUm5hVE96QWlhYVJ5WFNDU2ZiQW1ZbHg0cU5EQlAyejdROU5aU1grRFFaWjM5RDZ2dmViQjBTMit1SDlub1AKZ3J0am9BTjBLTUNKUVBScS9WU1pGMWxVbWo1RGh1QStpaHo1LzNSRlVxZlc3cWdWSHlTVFl6RE96QWd6ODVuZQp0b0s1ZHd3TS9DbDIvTjJKeDdZMFlDQ1FsU0ljdFV1VnhoOTJRNng0Tkw3dlZ3NXpjd282aGc1YkxvM2V4dlpQCjExVjN4VU9RZGRIY1dnZmZiWDlWWW5pK2FIdCs2VHh6cUdCUVJKWmRXVnFYc1BOMGlnbG1UdWNkdC8vbHFlVy8KMXBJdnZRWVpweHdubWJoLzRvcDhqTzZUREU2OUtJcW9tK0crd1FJbFNpOENnZ0VBSnFDdG1CSmVCUFpEVGgrMAo3cytkeUx4Zy9aZzRDSWpyK0NOTGxwcXdvL3UrWjVrc2lYMk4yeGNnZi8vSmVFejkzMjFTbng1S3hYV25Bb21BCjhCNG1MSmxlbDJWUlg1SkFnSmtSaE5WN1gyU0RXNTZzM2VaYzZSMWRESFppL3BJV00xU05EZmorUWtBVlNhVDEKc2srSmJnL2piWThiYkNxUU0xN3NNditIZFFUeDRrTmxUL0Vub1ltYkhFNWNYOTNWZ2FyN0c4TkNjQ3VvTWFlMwo1VUh3b1l1OXEwaW0xeWtNeFgvdk1LbFdDL3ZuR1pqdS96clB5T1dCNUVzRmFBUUZYc0ludkdrM1kwRms0VVkyCkV4YnNGT004NXFLaFlnSGFrcXppRFRwUVgrTHJpQ1pCRjBoRTg4ai8xWDNKR3lRVFZPNDRITXlvNWtzUW1ZeHcKQWdsbUhRS0NBUUVBcld2UlZVRm5UNHRmWjlWNUZZUmdKaEJ5NG4rcVFsRXMzR2lxL3lpNHpERzJORVJ2Q0VkcApKOHJhZ2lQRjREY29lREhFSW8yQlMxZEdSbkhpdVhiMUVMVDNJUTFiYmdFNHRrYmw4RytUS1NXN2p6V0x0MUk2CjFyaXBTUW9RYmh1Wi80d0ZXNHhiRkdzT3g2bitFQ0crNFlJUVQ3ZkJZenR5ZXpjV2psaWZDa1lnMEtpck5heFoKSFNvVnE5K01QZGt0eFQ4SVlWS1RaSFJXTE55MXBtZG13QTRtVHNMWHRqWm1BVmJCemFteDVFelhBdUcvek5RWApFaTcrNE54QTRhelc4bHFFWEo3ckoyMFRkZmNjSVRzV1MzaUpFYytLRUZrL0RBd09zWTFaME1ZdFZaTnFqTWEvClFxd1c1Qit5amZDVjhPZm0rWHFHejVtMms3U3dGbW9lN1FLQ0FRRUFrbFJIOWdHUHJ1eTFWTjY5bVlmZVcyTEwKbFVhdENkQzV4Q2N4QkxEWndtV0RqeC9sVm1SemlSRXo4ZVlzUkRJajU1Q3pIT1E2UW84VmNBT1ZWaTVROG83TApWZUdOaXFmYmVqSm1xTmNUSStNbU9UVEozUWhBbjhST1lFMXBHTWI1SGRHUkIvTjduRU91d1l3YW1iMEY1SGhCCjJKcTlnSzQ4cm14WVNuZWlKKzZIUm0xVDZ3cTlDN0UyRkhMVEthWEZzZGxYdWdKRTFzU1ZvTzMrR0dYNEFwMGkKVHd2cWZrMVRnbEQ2OXlsbTYvRmtibzEwSEFFbG44M3pCVDRJV0hUMUM1cXdXbVRZNXVlTGZRNEN6dG1qRDhPaQpSOXBsNE84cG9sc1ZjMmoybXlBbThLdFkvNStvMXA5WmN6TDAycUEvK2tQeWl2K2c1ZjBmTUhlVEx0a0dEUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
tls.key:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNRENDQkJpZ0F3SUJBZ0lVUmowbTd5M0tMVUJjRTVCNmFYTm5UT2dhS2Jvd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2dZQXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJREFkQ1pXbHFhVzVuTVJBd0RnWURWUVFIREFkQwpaV2xxYVc1bk1SQXdEZ1lEVlFRS0RBZGxlR0Z0Y0d4bE1SRXdEd1lEVlFRTERBaFFaWEp6YjI1aGJERW9NQ1lHCkExVUVBd3dmYUdGeVltOXlMWFJ5YVdGc0xuTm9aUzV6ZVhOMFpXMWtaVzF2TG05eVp6QWVGdzB5TXpBek1qUXcKTnpBeU5ERmFGdzB6TXpBek1qRXdOekF5TkRGYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0F3SApRbVZwYW1sdVp6RVFNQTRHQTFVRUJ3d0hRbVZwYW1sdVp6RVFNQTRHQTFVRUNnd0haWGhoYlhCc1pURVJNQThHCkExVUVDd3dJVUdWeWMyOXVZV3d4S0RBbUJnTlZCQU1NSDJoaGNtSnZjaTEwY21saGJDNXphR1V1YzNsemRHVnQKWkdWdGJ5NXZjbWN3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGJvZUZYYmpTVQpIbHlzUFdVNm9aUEV3MnBwVHpjdlJQbkEzRDFSNVhrUFZYcVJZNmdtTmRxR0RaQm03WjJKcEVHRHRDd1VPcFNICmVLQ1JBR0l5clQ1OXB0eWkxTENBNndvYUZkOUl6QWdlaHdXYm1xVEdzQWhzWlA2ek5kNGwvUU4yNHZlUXV2UzQKdGZKc1JwZjRRNS9vNjJyakxsYitLVWs2M0NiTWZDLzdXaHlWa3R1UHNTcG9adXdtTlZ2ckdwdHhibW1MbGt0ZQpFK1YyQ21nQS9hT3V2aUk5M3ZSSUg5RkRNb3E5cFBYUFowYlJDNVo2ODMwVm9VV1I5ZXRxUlFjSlVoSFNnVEhPClFEQmRMSnBHeUNucHZNRFZsNDRaMGJCdGFOSG1DTDlBdGJmditjWi9tTUo0UVk5bXlEUWJlc1hRbTc3THVtbXYKUXR3RFc4TUgvME9Ceks0c3EvSnZoeDN4Ym9GM2Y3c2VsdDVpK3Zrcy9nZWd0MWNVTS9rdnRRSExVYWloRnFqdwpNbzZXSEk5dWNlQVE5NkZaR2V6RXU1a3hhakpGRWdPWks0Y1IrY2RSQWNpMk5LUGttanJ5WG5GNGJRN3ZTWG9ECkJNRHM4RGZCeGowSlBvcUNkTVlpaDVSempBNUZsQXkrM0lPWmhGeGxNTncvVGhHa3NKRmprb0FiaFViN0dML2IKdzR6ZndheUlvNkNLdDNiOVowMDZuTE03clpzeUR0S0d1amhETnJUNkVLYnZaNHZCYVBlUUZtT29Fd3BPbnloQgozV0t1VXhQdldiZkROVWl4amhLUmdNTG5sYkViN095NEFMZE5JUFFKSzAzbkEwM0hZeW9uMnJhV0xWcC9pbW51ClJiU2ZGOU81YWd6M2dVUzR1U0JmTnFnYVlBalh3cUQ0VXdJREFRQUJvNEdmTUlHY01COEdBMVVkSXdRWU1CYUEKRkhZalR1bXU2SUp5Y2U1ZEUxRWVoa21nbFFrR01Ba0dBMVVkRXdRQ01BQXdDd1lEVlIwUEJBUURBZ1R3TUJNRwpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNRXdHQTFVZEVRUkZNRU9DSDJoaGNtSnZjaTEwY21saGJDNXphR1V1CmMzbHpkR1Z0WkdWdGJ5NXZjbWVDRW5Ob1pTNXplWE4wWlcxa1pXMXZMbTl5WjRJTWFHRnlZbTl5TFhSeWFXRnMKTUEwR0NTcUdTSWIzRFFFQkRRVUFBNElDQVFCTjNSb3EyaDQ4NG1vclkzR09NTm1uOWpCSjlCbUNpdk90ZHNQeApmQkpneGppNXFHQlY2MXRMU1VBWTdZYmNmRzdmS2ZuUmpuOXVYbXRjVmxaUkQ3MDEvU3RPQnlvU2RaL0Q4NFNJCktIYUE5eG9MWlVEbzRYRGhRVm50MDRjMk5JdUF2R21hMkpoVlZzdlZ4OG4wOS9mZHFKUC85RGVYWUhRL3FFdE8KNkdaTEp1ZTNFcFpLTDZNZ0FKSjRETzQ5dTdjY1VtWGI2OFM5alpDYXViVXEzTm9ndHA2VkNxMjRNVXlOdzJlVQplTXJDRStaaXRSK1p4Yi9xUWF4dDJoelQzU3dlRXc1MzRlQ3BHT05CclhrTE05M2VMV29MdE9Ec3VCazkwakc1CmlKM1NWVExxSk9tandqbnpnNWZHK3F2MmhWWUhFNFUxUk1KWDZHdk81Mll6QzgrMnNkS0NWT3ZuTm02RXh2UDUKS1dFY2hOOWdaWjNBWlJSYmpYR0VwSktiYmthQWRIcFc5UzR0cTV2R1hySFQ4dDJJN3hKMlhpWlgwcE9UdUJsagpZVU9LaDZ5aWFsZGFtbmFMNDYrWEVNVW5nQW1FaU9RaDI4c3FFT2tsTXRYYks5bGtIRit3NDQ2czZJejdhd0QyClZSQUpQSmF2dkdhUy9teXJYTHhMNzVMMElEeHEzdzJrT2VOTEpxa29MeHI4dnM2SzBqWFo0L2ZEVzc0Wkl1Ym0KNG5hQ1VSamFrYXBGWFVoOXJKaW5XSkNrSE1rTjNnTHRXMnQyKzlLUDkrY0g4SWNHQWZPYm1adkkzSEo3VVdYVApJdU0rT1N1YUFJY0FaSUVHY1ova2Frc2tWcXFndm9ub05PNTY4MGhVcWk1T3lWSmtZRHZjQWNrc2R2dHI5amhmCkl4L016QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Cert issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-signed
namespace: cluster-sample-ns
spec:
ca:
secretName: harbor-test-ca
---
# Full stack Harbor
apiVersion: goharbor.io/v1beta1
kind: HarborCluster
metadata:
name: harborcluster-sample
namespace: cluster-sample-ns
spec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: self-signed
kind: Issuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: "1.5.0"
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: "4.0.6"
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: "1.0.0"
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1 |
Hi ,
We tried with the fullstack.yaml which you sent . File is in Attachment .
After kubectl apply ---> Core pod is not coming up . If the pod for core
won't come then Ingress will not come .
Please help in fixing those issues .
pod status :
[image: image.png]
Full-stack.yaml in attachment
Please help
…On Thu, Mar 30, 2023 at 3:21 PM Thomas Coudert ***@***.***> wrote:
You should try something like this:
----------------------------# Sample namespaceapiVersion: v1kind: Namespacemetadata:
name: cluster-sample-ns
---# A secret of harbor admin password.apiVersion: v1kind: Secretmetadata:
name: admin-core-secret
namespace: cluster-sample-nsdata:
secret: SGFyYm9yMTIzNDU=type: Opaque
---# A secret for minIO access.apiVersion: v1kind: Secretmetadata:
name: minio-access-secret
namespace: cluster-sample-nsdata:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=type: Opaque
---apiVersion: cert-manager.io/v1kind: ClusterIssuermetadata:
name: letsencrypt-prod
namespace: cluster-sample-nsspec:
acme:
email: ***@***.***
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---# Certificates of ingressapiVersion: cert-manager.io/v1kind: Certificatemetadata:
name: sample-public-certificate
namespace: cluster-sample-nsspec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---apiVersion: v1kind: Secretmetadata:
name: harbor-test-ca
namespace: cluster-sample-nsdata:
tls.crt:
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBMjZIaFYyNDBsQjVjckQxbE9xR1R4TU5xYVU4M0wwVDV3Tnc5VWVWNUQxVjZrV09vCkpqWGFoZzJRWnUyZGlhUkJnN1FzRkRxVWgzaWdrUUJpTXEwK2ZhYmNvdFN3Z09zS0doWGZTTXdJSG9jRm01cWsKeHJBSWJHVCtzelhlSmYwRGR1TDNrTHIwdUxYeWJFYVgrRU9mNk90cTR5NVcvaWxKT3R3bXpId3YrMW9jbFpMYgpqN0VxYUdic0pqVmI2eHFiY1c1cGk1WkxYaFBsZGdwb0FQMmpycjRpUGQ3MFNCL1JRektLdmFUMXoyZEcwUXVXCmV2TjlGYUZGa2ZYcmFrVUhDVklSMG9FeHprQXdYU3lhUnNncDZiekExWmVPR2RHd2JXalI1Z2kvUUxXMzcvbkcKZjVqQ2VFR1Bac2cwRzNyRjBKdSt5N3BwcjBMY0ExdkRCLzlEZ2N5dUxLdnliNGNkOFc2QmQzKzdIcGJlWXZyNQpMUDRIb0xkWEZEUDVMN1VCeTFHb29SYW84REtPbGh5UGJuSGdFUGVoV1Juc3hMdVpNV295UlJJRG1TdUhFZm5IClVRSEl0alNqNUpvNjhsNXhlRzBPNzBsNkF3VEE3UEEzd2NZOUNUNktnblRHSW9lVWM0d09SWlFNdnR5RG1ZUmMKWlREY1AwNFJwTENSWTVLQUc0VkcreGkvMjhPTTM4R3NpS09naXJkMi9XZE5PcHl6TzYyYk1nN1Nocm80UXphMAoraENtNzJlTHdXajNrQlpqcUJNS1RwOG9RZDFpcmxNVDcxbTN3elZJc1k0U2tZREM1NVd4Ryt6c3VBQzNUU0QwCkNTdE41d05OeDJNcUo5cTJsaTFhZjRwcDdrVzBueGZUdVdvTTk0RkV1TGtnWHphb0dtQUkxOEtnK0ZNQ0F3RUEKQVFLQ0FnRUFzTUdULy9BU1lvNFkyUWxFR2E2RnBObjhIcXFBNkFyajBTR3VPK1dveXYxbytlOHhHU2RJS1pCcgpBVnNENlEwSEtMNXNwdzhLRUFpMWVGek5xcWtnWExGWWFiY3dJV0NITGIwaWlJeWprQ1hzRG5HallMKzAxNzlqCjk4aEhjMTB2VjVPTDE2K09XY1VjUjZWOGtuR2lGU3E1U0FJNFFxM3BZSFJpeVRpOHlOV1pvWXFpSnY5VytOUzAKQW4vNDdMbnFGWnpkVmxocmFWZ3IyQmJCNHVJOXc5a0M1N1l4OUlXZXZTekUyYUVUcm9vWVJRN0ZXVWZ5QitGVgpnd1ZlSTVWUDkyRlVOSXlERDlFNjJ4R1ZTNWUxbTRXcnozbjhBNjF0Qm5CUVZJZi9tMDFqcmI3ZjBEcVpiM3liCnN3VTJZbE1wTmh6UnJWWGx6Z1hKMk80VmhLOGJuTEc4ZW5oaWhIeHpNZXhDRzc3bTBoVjZ2RDEwTzJ2NDNMYnYKNUttMllFb3RrNFV5UEZTWmc4VzAwbnJqdzVwZkpHRjlPN3Qwb2dkVStMTUV5SUdsZytGWDRBZHBHYllvV2xNNwpYdnZaWmxVUG14aThJVUw5T0lZQUtUM1MydWs2ck5lWmlCeU5lWE9GdkRXdmpYU0c1Mm9zd2ZtQkRJazRQbld1CkJpR2ZPM3VxbitWNXlWRWwyM0c2YnU2VE1TT2cwN0FTeFRHUTRKaUpMcFV0SVcreHhMYkw2NTlVRkZRTzRnQ0cKRUV4bFdLaG00bGU2WFhxVjlWRjFmck5UTWFtem5oVW5QZERTeWhVbTl3QlRPL1hxaktCWUM1T2hvZDZJSVZFTQpkclBtT01JaDd0c1JERjNQbzB2WHBYOWpMcng4eU81emZBYWlIMXVJK1NPdUd0TnBlVGtDZ2dFQkFQV3BUa3YzCmdaWHVLM3ZRZW1MV0d4WTg2Qk9CcEl5aGxqOXQwakF6ZEZwdmdINHdQMFBZdTZBSW9vdmVqSTlhQWd3bkdsNWYKc0prS0Jlck1KQngvRFFMWWRLMng5dTRIbW9Qem9hVi8zbFhtNE5PQ0hIdkxnT1ROOG1IUW94YTFPQTM2NUYwUAplNFdpb1pGUERvTyttODBPYTdQWXhnWmIrYkE4QWlKc3VLUkVjQ3NQQk9DaXdaYW1UMzVDcE52MWdEK2J3WGN0CmZjTXdPbHpDVGkyYlBLQ1hCWkMyNUdWQktPRVd2M01iaEoyL1ZtbjZab0Rnak15SXM3Uk5wa3ViRTBXcnYwWm0KNUZBQy9BUlpnL2hHSWxQTkVXbExmd2paaUo3Nkxod3VKYXA1cWNZcGF3aTBLWW1tYUw5VGRjem5aSnlMaWxLTAptemF0VW5lRWJGKzZQeDBDZ2dFQkFPVGdKUFZkQTUrMnFvZ3ZtUjNMYk1jK1g0MXhUbWF3blhNcWh5RDdYczliCmlmUm5hVE96QWlhYVJ5WFNDU2ZiQW1ZbHg0cU5EQlAyejdROU5aU1grRFFaWjM5RDZ2dmViQjBTMit1SDlub1AKZ3J0am9BTjBLTUNKUVBScS9WU1pGMWxVbWo1RGh1QStpaHo1LzNSRlVxZlc3cWdWSHlTVFl6RE96QWd6ODVuZQp0b0s1ZHd3TS9DbDIvTjJKeDdZMFlDQ1FsU0ljdFV1VnhoOTJRNng0Tkw3dlZ3NXpjd282aGc1YkxvM2V4dlpQCjExVjN4VU9RZGRIY1dnZmZiWDlWWW5pK2FIdCs2VHh6cUdCUVJKWmRXVnFYc1BOMGlnbG1UdWNkdC8vbHFlVy8KMXBJdnZRWVpweHdubWJoLzRvcDhqTzZUREU2OUtJcW9tK0crd1FJbFNpOENnZ0VBSnFDdG1CSmVCUFpEVGgrMAo3cytkeUx4Zy9aZzRDSWpyK0NOTGxwcXdvL3UrWjVrc2lYMk4yeGNnZi8vSmVFejkzMjFTbng1S3hYV25Bb21BCjhCNG1MSmxlbDJWUlg1SkFnSmtSaE5WN1gyU0RXNTZzM2VaYzZSMWRESFppL3BJV00xU05EZmorUWtBVlNhVDEKc2srSmJnL2piWThiYkNxUU0xN3NNditIZFFUeDRrTmxUL0Vub1ltYkhFNWNYOTNWZ2FyN0c4TkNjQ3VvTWFlMwo1VUh3b1l1OXEwaW0xeWtNeFgvdk1LbFdDL3ZuR1pqdS96clB5T1dCNUVzRmFBUUZYc0ludkdrM1kwRms0VVkyCkV4YnNGT004NXFLaFlnSGFrcXppRFRwUVgrTHJpQ1pCRjBoRTg4ai8xWDNKR3lRVFZPNDRITXlvNWtzUW1ZeHcKQWdsbUhRS0NBUUVBcld2UlZVRm5UNHRmWjlWNUZZUmdKaEJ5NG4rcVFsRXMzR2lxL3lpNHpERzJORVJ2Q0VkcApKOHJhZ2lQRjREY29lREhFSW8yQlMxZEdSbkhpdVhiMUVMVDNJUTFiYmdFNHRrYmw4RytUS1NXN2p6V0x0MUk2CjFyaXBTUW9RYmh1Wi80d0ZXNHhiRkdzT3g2bitFQ0crNFlJUVQ3ZkJZenR5ZXpjV2psaWZDa1lnMEtpck5heFoKSFNvVnE5K01QZGt0eFQ4SVlWS1RaSFJXTE55MXBtZG13QTRtVHNMWHRqWm1BVmJCemFteDVFelhBdUcvek5RWApFaTcrNE54QTRhelc4bHFFWEo3ckoyMFRkZmNjSVRzV1MzaUpFYytLRUZrL0RBd09zWTFaME1ZdFZaTnFqTWEvClFxd1c1Qit5amZDVjhPZm0rWHFHejVtMms3U3dGbW9lN1FLQ0FRRUFrbFJIOWdHUHJ1eTFWTjY5bVlmZVcyTEwKbFVhdENkQzV4Q2N4QkxEWndtV0RqeC9sVm1SemlSRXo4ZVlzUkRJajU1Q3pIT1E2UW84VmNBT1ZWaTVROG83TApWZUdOaXFmYmVqSm1xTmNUSStNbU9UVEozUWhBbjhST1lFMXBHTWI1SGRHUkIvTjduRU91d1l3YW1iMEY1SGhCCjJKcTlnSzQ4cm14WVNuZWlKKzZIUm0xVDZ3cTlDN0UyRkhMVEthWEZzZGxYdWdKRTFzU1ZvTzMrR0dYNEFwMGkKVHd2cWZrMVRnbEQ2OXlsbTYvRmtibzEwSEFFbG44M3pCVDRJV0hUMUM1cXdXbVRZNXVlTGZRNEN6dG1qRDhPaQpSOXBsNE84cG9sc1ZjMmoybXlBbThLdFkvNStvMXA5WmN6TDAycUEvK2tQeWl2K2c1ZjBmTUhlVEx0a0dEUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
tls.key:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNRENDQkJpZ0F3SUJBZ0lVUmowbTd5M0tMVUJjRTVCNmFYTm5UT2dhS2Jvd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2dZQXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJREFkQ1pXbHFhVzVuTVJBd0RnWURWUVFIREFkQwpaV2xxYVc1bk1SQXdEZ1lEVlFRS0RBZGxlR0Z0Y0d4bE1SRXdEd1lEVlFRTERBaFFaWEp6YjI1aGJERW9NQ1lHCkExVUVBd3dmYUdGeVltOXlMWFJ5YVdGc0xuTm9aUzV6ZVhOMFpXMWtaVzF2TG05eVp6QWVGdzB5TXpBek1qUXcKTnpBeU5ERmFGdzB6TXpBek1qRXdOekF5TkRGYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0F3SApRbVZwYW1sdVp6RVFNQTRHQTFVRUJ3d0hRbVZwYW1sdVp6RVFNQTRHQTFVRUNnd0haWGhoYlhCc1pURVJNQThHCkExVUVDd3dJVUdWeWMyOXVZV3d4S0RBbUJnTlZCQU1NSDJoaGNtSnZjaTEwY21saGJDNXphR1V1YzNsemRHVnQKWkdWdGJ5NXZjbWN3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGJvZUZYYmpTVQpIbHlzUFdVNm9aUEV3MnBwVHpjdlJQbkEzRDFSNVhrUFZYcVJZNmdtTmRxR0RaQm03WjJKcEVHRHRDd1VPcFNICmVLQ1JBR0l5clQ1OXB0eWkxTENBNndvYUZkOUl6QWdlaHdXYm1xVEdzQWhzWlA2ek5kNGwvUU4yNHZlUXV2UzQKdGZKc1JwZjRRNS9vNjJyakxsYitLVWs2M0NiTWZDLzdXaHlWa3R1UHNTcG9adXdtTlZ2ckdwdHhibW1MbGt0ZQpFK1YyQ21nQS9hT3V2aUk5M3ZSSUg5RkRNb3E5cFBYUFowYlJDNVo2ODMwVm9VV1I5ZXRxUlFjSlVoSFNnVEhPClFEQmRMSnBHeUNucHZNRFZsNDRaMGJCdGFOSG1DTDlBdGJmditjWi9tTUo0UVk5bXlEUWJlc1hRbTc3THVtbXYKUXR3RFc4TUgvME9Ceks0c3EvSnZoeDN4Ym9GM2Y3c2VsdDVpK3Zrcy9nZWd0MWNVTS9rdnRRSExVYWloRnFqdwpNbzZXSEk5dWNlQVE5NkZaR2V6RXU1a3hhakpGRWdPWks0Y1IrY2RSQWNpMk5LUGttanJ5WG5GNGJRN3ZTWG9ECkJNRHM4RGZCeGowSlBvcUNkTVlpaDVSempBNUZsQXkrM0lPWmhGeGxNTncvVGhHa3NKRmprb0FiaFViN0dML2IKdzR6ZndheUlvNkNLdDNiOVowMDZuTE03clpzeUR0S0d1amhETnJUNkVLYnZaNHZCYVBlUUZtT29Fd3BPbnloQgozV0t1VXhQdldiZkROVWl4amhLUmdNTG5sYkViN095NEFMZE5JUFFKSzAzbkEwM0hZeW9uMnJhV0xWcC9pbW51ClJiU2ZGOU81YWd6M2dVUzR1U0JmTnFnYVlBalh3cUQ0VXdJREFRQUJvNEdmTUlHY01COEdBMVVkSXdRWU1CYUEKRkhZalR1bXU2SUp5Y2U1ZEUxRWVoa21nbFFrR01Ba0dBMVVkRXdRQ01BQXdDd1lEVlIwUEJBUURBZ1R3TUJNRwpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNRXdHQTFVZEVRUkZNRU9DSDJoaGNtSnZjaTEwY21saGJDNXphR1V1CmMzbHpkR1Z0WkdWdGJ5NXZjbWVDRW5Ob1pTNXplWE4wWlcxa1pXMXZMbTl5WjRJTWFHRnlZbTl5TFhSeWFXRnMKTUEwR0NTcUdTSWIzRFFFQkRRVUFBNElDQVFCTjNSb3EyaDQ4NG1vclkzR09NTm1uOWpCSjlCbUNpdk90ZHNQeApmQkpneGppNXFHQlY2MXRMU1VBWTdZYmNmRzdmS2ZuUmpuOXVYbXRjVmxaUkQ3MDEvU3RPQnlvU2RaL0Q4NFNJCktIYUE5eG9MWlVEbzRYRGhRVm50MDRjMk5JdUF2R21hMkpoVlZzdlZ4OG4wOS9mZHFKUC85RGVYWUhRL3FFdE8KNkdaTEp1ZTNFcFpLTDZNZ0FKSjRETzQ5dTdjY1VtWGI2OFM5alpDYXViVXEzTm9ndHA2VkNxMjRNVXlOdzJlVQplTXJDRStaaXRSK1p4Yi9xUWF4dDJoelQzU3dlRXc1MzRlQ3BHT05CclhrTE05M2VMV29MdE9Ec3VCazkwakc1CmlKM1NWVExxSk9tandqbnpnNWZHK3F2MmhWWUhFNFUxUk1KWDZHdk81Mll6QzgrMnNkS0NWT3ZuTm02RXh2UDUKS1dFY2hOOWdaWjNBWlJSYmpYR0VwSktiYmthQWRIcFc5UzR0cTV2R1hySFQ4dDJJN3hKMlhpWlgwcE9UdUJsagpZVU9LaDZ5aWFsZGFtbmFMNDYrWEVNVW5nQW1FaU9RaDI4c3FFT2tsTXRYYks5bGtIRit3NDQ2czZJejdhd0QyClZSQUpQSmF2dkdhUy9teXJYTHhMNzVMMElEeHEzdzJrT2VOTEpxa29MeHI4dnM2SzBqWFo0L2ZEVzc0Wkl1Ym0KNG5hQ1VSamFrYXBGWFVoOXJKaW5XSkNrSE1rTjNnTHRXMnQyKzlLUDkrY0g4SWNHQWZPYm1adkkzSEo3VVdYVApJdU0rT1N1YUFJY0FaSUVHY1ova2Frc2tWcXFndm9ub05PNTY4MGhVcWk1T3lWSmtZRHZjQWNrc2R2dHI5amhmCkl4L016QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---# Cert issuerapiVersion: cert-manager.io/v1kind: Issuermetadata:
name: self-signed
namespace: cluster-sample-nsspec:
ca:
secretName: harbor-test-ca
---# Full stack HarborapiVersion: goharbor.io/v1beta1kind: HarborClustermetadata:
name: harborcluster-sample
namespace: cluster-sample-nsspec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: self-signed
kind: Issuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: "1.5.0"
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: "4.0.6"
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: "1.0.0"
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUOCUIVLZXX4XV7BROLW6VJSHANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Hello, Sorry I can't see your attachment. Thomas |
kubectl apply -f manifests/samples/full_stack.yaml meet error in harbor-core pod
secret "harborcluster-sample-harbor-harbor-core-tokencert" not found
secret "sample-public-certificate" not found
Kubectl describe cert harborcluster-sample-harbor-harbor-core-tokencert -n cluster-sample-ns
O/P:
Status:
Conditions:
Last Transition Time: 2023-03-24T09:07:25Z
Message: The certificate request has failed to complete and will be retried: The CSR PEM requests a commonName that is not present in the list of dnsNames or ipAddresses. If a commonName is set, ACME requires that the value is also present in the list of dnsNames or ipAddresses: "harborcluster-sample-harbor-harbor-core-tokencert" does not exist in [] or []
Observed Generation: 1
Reason: Failed
Status: False
Type: Issuing
Last Transition Time: 2023-03-24T09:07:15Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: False
Type: Ready
Failed Issuance Attempts: 1
Last Failure Time: 2023-03-24T09:07:25Z
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 69s cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 66s cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "harborcluster-sample-harbor-harbor-core-tokencert-pcldh"
Normal Requested 62s cert-manager-certificates-request-manager Created new CertificateRequest resource "harborcluster-sample-harbor-harbor-core-tokencert-28st4"
Warning Failed 58s cert-manager-certificates-issuing The certificate request has failed to complete and will be retried: The CSR PEM requests a commonName that is not present in the list of dnsNames or ipAddresses. If a commonName is set, ACME requires that the value is also present in the list of dnsNames or ipAddresses: "harborcluster-sample-harbor-harbor-core-tokencert" does not exist in [] or []
@bitsf @jsuchome @tianon @dajudge --- Please help
I am doing using lets encrypt ways ----
Fullstack file
The text was updated successfully, but these errors were encountered: