harbor证书x509: certificate signed by unknown authority
将 Harbor 提供的仓库添加到 helm repo 中或者login登陆,由于是私有仓库,采用的自建的 https 证书,这里就需要提供 ca 证书和私钥文件了,否则会出现证书校验失败的错误x509: certificate signed by unknown authority
。
我们通过下面这种方式可以解决登陆的问题,但 仓库添加到 helm repo还是报509错误
#cat /etc/docker/daemon.json { "registry-mirrors": ["http://hub-mirror.c.163.com"], "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries": ["harbor.wangxu.com"] }
# kubectl get secret harbor-harbor-ingress -n kube-ops -o jsonpath="{.data.ca\.crt}" | base64 --decode -----BEGIN CERTIFICATE----- MIIC9TCCAd2gAwIBAgIRAM2CUZBSggJ/HoppMkua/iMwDQYJKoZIhvcNAQELBQAw FDESMBAGA1UEAxMJaGFyYm9yLWNhMB4XDTE5MTAyMTA3Mzc0MloXDTIwMTAyMDA3 Mzc0MlowFDESMBAGA1UEAxMJaGFyYm9yLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAxESo6Xvu6qSqWbQB5rUJrgApm6/ULxzzLp+4XAXfRKG7EYnQ JC+UuXJkGXRDV+b26sJd13QwwmM1HfnzlmEw7+E4dTWhB0lJ+hivNQyLrkfjoqL0 S+4bpnLbQanqzmcpx4km07lAy/TT71LZAF8k2l3VcOAQFoQKsf2u6peTnqEMmadI dIA2TuzltxXz2imadbVSAW8ZSxE8EhDWHA+QZ6PhMPzEqG1qOkf1JEP3V8SrbmQa wygptlTXOx4w+lEU+Fr4sefmQL7LhaDAkP/lzJIP+qwCXWsVQnA8bCSOU0bpo0dV yBSembVRjIUiwvQJZAwBormOkM1m4+chyBVeZQIDAQABo0IwQDAOBgNVHQ8BAf8E BAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQF MAMBAf8wDQYJKoZIhvcNAQELBQADggEBABP3bdIbG54hem5xNsMeWZgQN9H4gNv5 txaJkVAhcM3AahsfJ7QAxM5lcSUMW8P95YJCQ6fYpNcpMORwqYuv5sUlhr0YDyYn PlFTpbcdikGfygBgBG4xxvj1Qnf9GF8p7TUBZqtrfw7k4o0C0/IUG7Dz/KO7vweN KyIPMCvFcMx1MPmZDc1ej9uaEiD49CQUPdi6dpAcnmw5qpn8fYyFJKJxHGvurKMx BD9zsJj+9CE/8LH0ITlPUrB8gHT08z9+wSkH8JDNxrqbxchIE5wscp0Lo7p5TzJ5 fKde35XSKfFYMjC7mli237DSEXnNlZ/1z6OMWLlev/wEY4ezeJuQeM0= -----END CERTIFICATE-----
#可以添加信任 chmod 644 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem #将上述ca.crt添加到/etc/pki/tls/certs/ca-bundle.crt即可 chmod 444 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# helm repo add course https://harbor.wangxu.com/chartrepo/course --username=admin --password=Harbor12345 "course" has been added to your repositories