解决kubesphere x509: certificate signed by unknown authority问题(Kubesphere 配置镜像仓库)

数据库 2024-11-01 17:24:57 阅读次数: 0

问题

registry自签的证书,配置secret失败提示certificate signed by unknown authority
在这里插入图片描述

解决办法

通过configmap加载自签的CA证书

  • 查看 CA 证书的位置,在 Harbor 部署时,查看证书生成的位置及值:
ls /etc/docker/certs.d/
cat /etc/docker/certs.d/registry.opsxlab.cn/ca.crt

-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIBADANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtyZWdp
c3RyeS1jYTAeFw0yNDEwMTcxMzE5MTZaFw0zNDEwMTUxMzE5MTZaMBYxFDASBgNV
BAMTC3JlZ2lzdHJ5LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
npOr1/ZEqzED6dlRU6tT1Brx9wHY7GiPCxkRUrqI4HGEHhdpcQoEjzYrkwvRrf6T
BWjdV9heUp73nDu2W+4qVZ4REjcmJBPZQjjzB47/AuI8/kPM6XFoXJfOPNw7XS1S
lcLl+OMSJfH4WhBdKaQ2Y7QeyPhm8Kwl+U2WEvvX8Qe/DJnvH4NISnTuhvguq1a0
P0EMjrVjiYZ2wNLX4gVMCowVCH3w3eJH1S+4Psc61PMh/zsV+jl4ReQoPSUl0Xsa
Oe41rfT+09KHrXIgKw0t4JPcu9TvAENfUZ5tV9Gw+qyyW3FzJzfSNt+Qm3ZirL7+
XmePPg2IMQcoD1iKQCj03wIDAQABo1owWDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUFZB5nrmbMkUJ5fFppRCMkB3O6owwFgYDVR0R
BA8wDYILcmVnaXN0cnktY2EwDQYJKoZIhvcNAQELBQADggEBAFfRfqIAOpriDEfW
II3OAiFLClgqx0j0oJwr/GBnGSPrm0LSq0Z1RUyChiAq+eaM0RdKAcYUxuQwF2Az
OM28iHXrfIkn+HxqwVNt9MIIcfSvEbGq5/Ffpx/TTV5IRbmPxatMuzokY3RkiAyB
4T1NIlNvF5N0+hPlHeoVjns4Rrf19/0J734NaT6BK2YQSYgc+DXY1W7S546syuaJ
go3t0pQOWmrPIwVSXUXLl7gWvgLC7ByaEv55avVshOpsiscpF+NZax671WdPe1Pr
WsmgThuxlYdEHa65T+/Me/lK6Ip+ZPD9eKt3aDv+PLMGZI7iyj10csoFfySsqGYq
G56GWs4=
-----END CERTIFICATE-----

界面创建configmap:工作台>企业空间>System-workspace>项目>kubesphere-system>配置>配置字典

  • 新建registry-ca

在这里插入图片描述

在这里插入图片描述

  • 编辑 ks-apiserver deployment 文件,进行 configmap 的挂载:
    在这里插入图片描述

  • 更多操作=>编辑设置
    在这里插入图片描述

  • 存储卷=>挂载配置字典或保密字典
    在这里插入图片描述

  • 路径是:/etc/ssl/certs/ca.crt
    在这里插入图片描述

在这里插入图片描述

  • 点确认前没有出现报错.

在这里插入图片描述

  • 这里报错是正常的,deployment会被重建
    在这里插入图片描述
    过一会刷新下就恢复正常了

验证

配置=>保密字典=>创建

在这里插入图片描述
在这里插入图片描述

kubesphere的devops报错

Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io username=admin

2024-10-18 02:00:28.497+0000 [id=193]	WARNING	o.s.c.s.ResourceBundleMessageSource#getResourceBundle: ResourceBundle [org.acegisecurity.messages] not found for MessageSource: Can't find bundle for base name org.acegisecurity.messages, locale en
2024-10-18 02:00:28.498+0000 [id=193]	WARNING	o.a.p.l.a.BindAuthenticator2#handleBindException: Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io  username=admin
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
	at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
	at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2991)
	at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2905)
	at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
	at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
	at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
	at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
	at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
	at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
	at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
	at org.acegisecurity.ldap.DefaultInitialDirContextFactory.connect(DefaultInitialDirContextFactory.java:180)
	at org.acegisecurity.ldap.DefaultInitialDirContextFactory.newInitialDirContext(DefaultInitialDirContextFactory.java:261)
	at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:123)
	at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
	at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87)
	at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72)
	at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
	at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider$1.retrieveUser(AbstractUserDetailsAuthenticationProvider.java:52)
	at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:133)
	at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:66)
	at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
	at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)

解决办法

修改默认的账户密码,修改为登录kubesphere的账号密码

路径 配置=>保密字典=>devops-jenkins

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
改完之后重新部署devops-controller,devops-apiserver,devops-jenkins 这三个服务
在这里插入图片描述

猜你喜欢

转载自blog.csdn.net/qq_44732146/article/details/143035259
今日推荐
周排行
Elasticsearch Log GC 日志分析详解
C++调用C出现的undefined reference 之坑------缺extern "C"
WordPress无法建立到WordPress.org的安全连接
《Spark大数据处理技术》PDF版
生成二维码功能(js前端)
day2csv
LeetCode 104. 二叉树的最大深度(C#实现)——二叉树,BFS,DFS,递归,迭代
Together
【矿工配餐_IOI2007Miners 】
HDU - 4135 Co-prime(分解质因数&容斥原理)
每日归档
更多
2025-03-21(0)
2025-03-20(0)
2025-03-19(0)
2025-03-18(0)
2025-03-17(0)
2025-03-16(0)
2025-03-15(0)
2025-03-14(0)
2025-03-13(0)
2025-03-12(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022