harbor证书x509: certificate signed by unknown authority

 

将 Harbor 提供的仓库添加到 helm repo 中或者login登陆,由于是私有仓库,采用的自建的 https 证书,这里就需要提供 ca 证书和私钥文件了,否则会出现证书校验失败的错误x509: certificate signed by unknown authority

我们通过下面这种方式可以解决登陆的问题,但 仓库添加到 helm repo还是报509错误

#cat /etc/docker/daemon.json
{
    "registry-mirrors": ["http://hub-mirror.c.163.com"],
    "exec-opts": ["native.cgroupdriver=systemd"],
     "insecure-registries": ["harbor.wangxu.com"]
}
# kubectl get secret harbor-harbor-ingress -n kube-ops -o jsonpath="{.data.ca\.crt}" | base64 --decode
-----BEGIN CERTIFICATE-----
MIIC9TCCAd2gAwIBAgIRAM2CUZBSggJ/HoppMkua/iMwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAxMJaGFyYm9yLWNhMB4XDTE5MTAyMTA3Mzc0MloXDTIwMTAyMDA3
Mzc0MlowFDESMBAGA1UEAxMJaGFyYm9yLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxESo6Xvu6qSqWbQB5rUJrgApm6/ULxzzLp+4XAXfRKG7EYnQ
JC+UuXJkGXRDV+b26sJd13QwwmM1HfnzlmEw7+E4dTWhB0lJ+hivNQyLrkfjoqL0
S+4bpnLbQanqzmcpx4km07lAy/TT71LZAF8k2l3VcOAQFoQKsf2u6peTnqEMmadI
dIA2TuzltxXz2imadbVSAW8ZSxE8EhDWHA+QZ6PhMPzEqG1qOkf1JEP3V8SrbmQa
wygptlTXOx4w+lEU+Fr4sefmQL7LhaDAkP/lzJIP+qwCXWsVQnA8bCSOU0bpo0dV
yBSembVRjIUiwvQJZAwBormOkM1m4+chyBVeZQIDAQABo0IwQDAOBgNVHQ8BAf8E
BAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBABP3bdIbG54hem5xNsMeWZgQN9H4gNv5
txaJkVAhcM3AahsfJ7QAxM5lcSUMW8P95YJCQ6fYpNcpMORwqYuv5sUlhr0YDyYn
PlFTpbcdikGfygBgBG4xxvj1Qnf9GF8p7TUBZqtrfw7k4o0C0/IUG7Dz/KO7vweN
KyIPMCvFcMx1MPmZDc1ej9uaEiD49CQUPdi6dpAcnmw5qpn8fYyFJKJxHGvurKMx
BD9zsJj+9CE/8LH0ITlPUrB8gHT08z9+wSkH8JDNxrqbxchIE5wscp0Lo7p5TzJ5
fKde35XSKfFYMjC7mli237DSEXnNlZ/1z6OMWLlev/wEY4ezeJuQeM0=
-----END CERTIFICATE-----
#可以添加信任

chmod 644 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

#将上述ca.crt添加到/etc/pki/tls/certs/ca-bundle.crt即可

chmod 444 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# helm repo add course https://harbor.wangxu.com/chartrepo/course --username=admin --password=Harbor12345
"course" has been added to your repositories

 

posted on 2019-10-25 11:18  光阴8023  阅读(14251)  评论(0编辑  收藏  举报