[英]Using cert-manager for self signed certificates in Rancher
I'm using Rancher for my PoC.我正在为我的 PoC 使用 Rancher。 As part of stack I'm using harbor as helm chart registry and container registry.
作为堆栈的一部分,我使用 harbor 作为 helm chart registry 和 container registry。 I'm following this tutorial about how to configure self signed certificate in Ranchor for Harbor in this case.
在这种情况下,我正在关注本教程,了解如何在 Harbor 的 Ranchor 中配置自签名证书。
I'm interested about how to use cert-manager for managing self-signed certificate in any cluster in Rancher.我对如何使用 cert-manager 在 Rancher 的任何集群中管理自签名证书很感兴趣。 Currently cert-manager is running in rancher cluster (because rancher is using self-signed certificate too).
目前 cert-manager 在 rancher 集群中运行(因为 rancher 也在使用自签名证书)。 Have I install cert-manager in all of my clusters in which I need to have an integration with Harbor.
我是否在需要与 Harbor 集成的所有集群中安装了 cert-manager。 Since certificate is currently not configured, I'm always getting that error x509: certificate signed by unknown authority .
由于当前未配置证书,我总是收到错误x509: certificate signed by unknown authority 。
Check if, in the context of your tutorial, the page " Updating a Private CA Certificate "检查在您的教程的上下文中,页面“ 更新私有 CA 证书”
It includes "Reconfigure Rancher agents to trust the private CA"它包括“重新配置 Rancher 代理以信任私有 CA”
For each cluster under Rancher management (except the
local
Rancher management cluster) run the following command using theKubeconfig
file of the Rancher management cluster (RKE or K3S).对于 Rancher 管理下的每个集群(
local
Rancher 管理集群除外),使用 Rancher 管理集群(RKE 或 K3S)的Kubeconfig
文件运行以下命令。kubectl patch clusters.management.cattle.io <REPLACE_WITH_CLUSTERID> \ -p '{"status":{"agentImage":"dummy"}}' --type merge
This command will cause all Agent Kube.netes resources to be reconfigured with the checksum of the new certificate.
此命令将导致使用新证书的校验和重新配置所有代理 Kube.netes 资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.