在 Rancher 中将证书管理器用于自签名证书
[英]Using cert-manager for self signed certificates in Rancher
问题描述
I'm using Rancher for my PoC.
我正在为我的 PoC 使用 Rancher。 As part of stack I'm using harbor as helm chart registry and container registry.作为堆栈的一部分,我使用 harbor 作为 helm chart registry 和 container registry。 I'm following this tutorial about how to configure self signed certificate in Ranchor for Harbor in this case.在这种情况下,我正在关注本教程,了解如何在 Harbor 的 Ranchor 中配置自签名证书。
I'm interested about how to use cert-manager for managing self-signed certificate in any cluster in Rancher.我对如何使用 cert-manager 在 Rancher 的任何集群中管理自签名证书很感兴趣。 Currently cert-manager is running in rancher cluster (because rancher is using self-signed certificate too).目前 cert-manager 在 rancher 集群中运行(因为 rancher 也在使用自签名证书)。 Have I install cert-manager in all of my clusters in which I need to have an integration with Harbor.我是否在需要与 Harbor 集成的所有集群中安装了 cert-manager。 Since certificate is currently not configured, I'm always getting that error x509: certificate signed by unknown authority .由于当前未配置证书,我总是收到错误x509: certificate signed by unknown authority 。
1 个解决方案
解决方案1
0 2022-04-12 06:16:36
Check if, in the context of your tutorial, the page " Updating a Private CA Certificate "检查在您的教程的上下文中,页面“ 更新私有 CA 证书”
It includes "Reconfigure Rancher agents to trust the private CA"它包括“重新配置 Rancher 代理以信任私有 CA”
For each cluster under Rancher management (except the
localRancher management cluster) run the following command using theKubeconfigfile of the Rancher management cluster (RKE or K3S).localRancher 管理集群除外),使用 Rancher 管理集群(RKE 或 K3S)的Kubeconfig文件运行以下命令。kubectl patch clusters.management.cattle.io <REPLACE_WITH_CLUSTERID> \ -p '{"status":{"agentImage":"dummy"}}' --type mergeThis command will cause all Agent Kube.netes resources to be reconfigured with the checksum of the new certificate.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.