error in harbor-core pod secret "harborcluster-sample-harbor-harbor-core-tokencert" not found #1028
Comments
|
Hello, why using let's encrypt to create cert harborcluster-sample-harbor-harbor-core-tokencert-28st4 ? |
|
In order to use valid certificates for https .
…On Tue, 28 Mar 2023 at 2:11 PM, Thomas Coudert ***@***.***> wrote:
Hello, why using let's encrypt to create cert
harborcluster-sample-harbor-harbor-core-tokencert-28st4 ?
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUJQSC5SEUHRJVTZOSLW6KP33ANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Only core and notary need public certificates, you can use self signed certificate for harbor token. |
|
I tried to create one self signed certificate and used that inside
fullstack.yaml file but, after using my own self signed certificate harbor
core and other pods are not getting up .
And when i used the same self signed cert which was in fullstack.yaml
official doc then pods are getting but , tls is not secure .
Without tls secure we are unable to login and push the image to harbor
regestry .
Please help !! And Thanks in Advance!
…On Tue, 28 Mar 2023 at 3:03 PM, Thomas Coudert ***@***.***> wrote:
Only core and notary need public certificates, you can use self signed
certificate for harbor token.
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVULELB3UWCKDD4Q7TQDW6KV43ANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Can you share the templates for the tries you did with self signed certificate please ? |
|
Full_stack.yaml file
----------------------------
# Sample namespace
apiVersion: v1
kind: Namespace
metadata:
name: cluster-sample-ns
---
# A secret of harbor admin password.
apiVersion: v1
kind: Secret
metadata:
name: admin-core-secret
namespace: cluster-sample-ns
data:
secret: SGFyYm9yMTIzNDU=
type: Opaque
---
# A secret for minIO access.
apiVersion: v1
kind: Secret
metadata:
name: minio-access-secret
namespace: cluster-sample-ns
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: harbor-test-ca
namespace: cluster-sample-ns
data:
tls.crt:
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBMjZIaFYyNDBsQjVjckQxbE9xR1R4TU5xYVU4M0wwVDV3Tnc5VWVWNUQxVjZrV09vCkpqWGFoZzJRWnUyZGlhUkJnN1FzRkRxVWgzaWdrUUJpTXEwK2ZhYmNvdFN3Z09zS0doWGZTTXdJSG9jRm01cWsKeHJBSWJHVCtzelhlSmYwRGR1TDNrTHIwdUxYeWJFYVgrRU9mNk90cTR5NVcvaWxKT3R3bXpId3YrMW9jbFpMYgpqN0VxYUdic0pqVmI2eHFiY1c1cGk1WkxYaFBsZGdwb0FQMmpycjRpUGQ3MFNCL1JRektLdmFUMXoyZEcwUXVXCmV2TjlGYUZGa2ZYcmFrVUhDVklSMG9FeHprQXdYU3lhUnNncDZiekExWmVPR2RHd2JXalI1Z2kvUUxXMzcvbkcKZjVqQ2VFR1Bac2cwRzNyRjBKdSt5N3BwcjBMY0ExdkRCLzlEZ2N5dUxLdnliNGNkOFc2QmQzKzdIcGJlWXZyNQpMUDRIb0xkWEZEUDVMN1VCeTFHb29SYW84REtPbGh5UGJuSGdFUGVoV1Juc3hMdVpNV295UlJJRG1TdUhFZm5IClVRSEl0alNqNUpvNjhsNXhlRzBPNzBsNkF3VEE3UEEzd2NZOUNUNktnblRHSW9lVWM0d09SWlFNdnR5RG1ZUmMKWlREY1AwNFJwTENSWTVLQUc0VkcreGkvMjhPTTM4R3NpS09naXJkMi9XZE5PcHl6TzYyYk1nN1Nocm80UXphMAoraENtNzJlTHdXajNrQlpqcUJNS1RwOG9RZDFpcmxNVDcxbTN3elZJc1k0U2tZREM1NVd4Ryt6c3VBQzNUU0QwCkNTdE41d05OeDJNcUo5cTJsaTFhZjRwcDdrVzBueGZUdVdvTTk0RkV1TGtnWHphb0dtQUkxOEtnK0ZNQ0F3RUEKQVFLQ0FnRUFzTUdULy9BU1lvNFkyUWxFR2E2RnBObjhIcXFBNkFyajBTR3VPK1dveXYxbytlOHhHU2RJS1pCcgpBVnNENlEwSEtMNXNwdzhLRUFpMWVGek5xcWtnWExGWWFiY3dJV0NITGIwaWlJeWprQ1hzRG5HallMKzAxNzlqCjk4aEhjMTB2VjVPTDE2K09XY1VjUjZWOGtuR2lGU3E1U0FJNFFxM3BZSFJpeVRpOHlOV1pvWXFpSnY5VytOUzAKQW4vNDdMbnFGWnpkVmxocmFWZ3IyQmJCNHVJOXc5a0M1N1l4OUlXZXZTekUyYUVUcm9vWVJRN0ZXVWZ5QitGVgpnd1ZlSTVWUDkyRlVOSXlERDlFNjJ4R1ZTNWUxbTRXcnozbjhBNjF0Qm5CUVZJZi9tMDFqcmI3ZjBEcVpiM3liCnN3VTJZbE1wTmh6UnJWWGx6Z1hKMk80VmhLOGJuTEc4ZW5oaWhIeHpNZXhDRzc3bTBoVjZ2RDEwTzJ2NDNMYnYKNUttMllFb3RrNFV5UEZTWmc4VzAwbnJqdzVwZkpHRjlPN3Qwb2dkVStMTUV5SUdsZytGWDRBZHBHYllvV2xNNwpYdnZaWmxVUG14aThJVUw5T0lZQUtUM1MydWs2ck5lWmlCeU5lWE9GdkRXdmpYU0c1Mm9zd2ZtQkRJazRQbld1CkJpR2ZPM3VxbitWNXlWRWwyM0c2YnU2VE1TT2cwN0FTeFRHUTRKaUpMcFV0SVcreHhMYkw2NTlVRkZRTzRnQ0cKRUV4bFdLaG00bGU2WFhxVjlWRjFmck5UTWFtem5oVW5QZERTeWhVbTl3QlRPL1hxaktCWUM1T2hvZDZJSVZFTQpkclBtT01JaDd0c1JERjNQbzB2WHBYOWpMcng4eU81emZBYWlIMXVJK1NPdUd0TnBlVGtDZ2dFQkFQV3BUa3YzCmdaWHVLM3ZRZW1MV0d4WTg2Qk9CcEl5aGxqOXQwakF6ZEZwdmdINHdQMFBZdTZBSW9vdmVqSTlhQWd3bkdsNWYKc0prS0Jlck1KQngvRFFMWWRLMng5dTRIbW9Qem9hVi8zbFhtNE5PQ0hIdkxnT1ROOG1IUW94YTFPQTM2NUYwUAplNFdpb1pGUERvTyttODBPYTdQWXhnWmIrYkE4QWlKc3VLUkVjQ3NQQk9DaXdaYW1UMzVDcE52MWdEK2J3WGN0CmZjTXdPbHpDVGkyYlBLQ1hCWkMyNUdWQktPRVd2M01iaEoyL1ZtbjZab0Rnak15SXM3Uk5wa3ViRTBXcnYwWm0KNUZBQy9BUlpnL2hHSWxQTkVXbExmd2paaUo3Nkxod3VKYXA1cWNZcGF3aTBLWW1tYUw5VGRjem5aSnlMaWxLTAptemF0VW5lRWJGKzZQeDBDZ2dFQkFPVGdKUFZkQTUrMnFvZ3ZtUjNMYk1jK1g0MXhUbWF3blhNcWh5RDdYczliCmlmUm5hVE96QWlhYVJ5WFNDU2ZiQW1ZbHg0cU5EQlAyejdROU5aU1grRFFaWjM5RDZ2dmViQjBTMit1SDlub1AKZ3J0am9BTjBLTUNKUVBScS9WU1pGMWxVbWo1RGh1QStpaHo1LzNSRlVxZlc3cWdWSHlTVFl6RE96QWd6ODVuZQp0b0s1ZHd3TS9DbDIvTjJKeDdZMFlDQ1FsU0ljdFV1VnhoOTJRNng0Tkw3dlZ3NXpjd282aGc1YkxvM2V4dlpQCjExVjN4VU9RZGRIY1dnZmZiWDlWWW5pK2FIdCs2VHh6cUdCUVJKWmRXVnFYc1BOMGlnbG1UdWNkdC8vbHFlVy8KMXBJdnZRWVpweHdubWJoLzRvcDhqTzZUREU2OUtJcW9tK0crd1FJbFNpOENnZ0VBSnFDdG1CSmVCUFpEVGgrMAo3cytkeUx4Zy9aZzRDSWpyK0NOTGxwcXdvL3UrWjVrc2lYMk4yeGNnZi8vSmVFejkzMjFTbng1S3hYV25Bb21BCjhCNG1MSmxlbDJWUlg1SkFnSmtSaE5WN1gyU0RXNTZzM2VaYzZSMWRESFppL3BJV00xU05EZmorUWtBVlNhVDEKc2srSmJnL2piWThiYkNxUU0xN3NNditIZFFUeDRrTmxUL0Vub1ltYkhFNWNYOTNWZ2FyN0c4TkNjQ3VvTWFlMwo1VUh3b1l1OXEwaW0xeWtNeFgvdk1LbFdDL3ZuR1pqdS96clB5T1dCNUVzRmFBUUZYc0ludkdrM1kwRms0VVkyCkV4YnNGT004NXFLaFlnSGFrcXppRFRwUVgrTHJpQ1pCRjBoRTg4ai8xWDNKR3lRVFZPNDRITXlvNWtzUW1ZeHcKQWdsbUhRS0NBUUVBcld2UlZVRm5UNHRmWjlWNUZZUmdKaEJ5NG4rcVFsRXMzR2lxL3lpNHpERzJORVJ2Q0VkcApKOHJhZ2lQRjREY29lREhFSW8yQlMxZEdSbkhpdVhiMUVMVDNJUTFiYmdFNHRrYmw4RytUS1NXN2p6V0x0MUk2CjFyaXBTUW9RYmh1Wi80d0ZXNHhiRkdzT3g2bitFQ0crNFlJUVQ3ZkJZenR5ZXpjV2psaWZDa1lnMEtpck5heFoKSFNvVnE5K01QZGt0eFQ4SVlWS1RaSFJXTE55MXBtZG13QTRtVHNMWHRqWm1BVmJCemFteDVFelhBdUcvek5RWApFaTcrNE54QTRhelc4bHFFWEo3ckoyMFRkZmNjSVRzV1MzaUpFYytLRUZrL0RBd09zWTFaME1ZdFZaTnFqTWEvClFxd1c1Qit5amZDVjhPZm0rWHFHejVtMms3U3dGbW9lN1FLQ0FRRUFrbFJIOWdHUHJ1eTFWTjY5bVlmZVcyTEwKbFVhdENkQzV4Q2N4QkxEWndtV0RqeC9sVm1SemlSRXo4ZVlzUkRJajU1Q3pIT1E2UW84VmNBT1ZWaTVROG83TApWZUdOaXFmYmVqSm1xTmNUSStNbU9UVEozUWhBbjhST1lFMXBHTWI1SGRHUkIvTjduRU91d1l3YW1iMEY1SGhCCjJKcTlnSzQ4cm14WVNuZWlKKzZIUm0xVDZ3cTlDN0UyRkhMVEthWEZzZGxYdWdKRTFzU1ZvTzMrR0dYNEFwMGkKVHd2cWZrMVRnbEQ2OXlsbTYvRmtibzEwSEFFbG44M3pCVDRJV0hUMUM1cXdXbVRZNXVlTGZRNEN6dG1qRDhPaQpSOXBsNE84cG9sc1ZjMmoybXlBbThLdFkvNStvMXA5WmN6TDAycUEvK2tQeWl2K2c1ZjBmTUhlVEx0a0dEUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
tls.key:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNRENDQkJpZ0F3SUJBZ0lVUmowbTd5M0tMVUJjRTVCNmFYTm5UT2dhS2Jvd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2dZQXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJREFkQ1pXbHFhVzVuTVJBd0RnWURWUVFIREFkQwpaV2xxYVc1bk1SQXdEZ1lEVlFRS0RBZGxlR0Z0Y0d4bE1SRXdEd1lEVlFRTERBaFFaWEp6YjI1aGJERW9NQ1lHCkExVUVBd3dmYUdGeVltOXlMWFJ5YVdGc0xuTm9aUzV6ZVhOMFpXMWtaVzF2TG05eVp6QWVGdzB5TXpBek1qUXcKTnpBeU5ERmFGdzB6TXpBek1qRXdOekF5TkRGYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0F3SApRbVZwYW1sdVp6RVFNQTRHQTFVRUJ3d0hRbVZwYW1sdVp6RVFNQTRHQTFVRUNnd0haWGhoYlhCc1pURVJNQThHCkExVUVDd3dJVUdWeWMyOXVZV3d4S0RBbUJnTlZCQU1NSDJoaGNtSnZjaTEwY21saGJDNXphR1V1YzNsemRHVnQKWkdWdGJ5NXZjbWN3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGJvZUZYYmpTVQpIbHlzUFdVNm9aUEV3MnBwVHpjdlJQbkEzRDFSNVhrUFZYcVJZNmdtTmRxR0RaQm03WjJKcEVHRHRDd1VPcFNICmVLQ1JBR0l5clQ1OXB0eWkxTENBNndvYUZkOUl6QWdlaHdXYm1xVEdzQWhzWlA2ek5kNGwvUU4yNHZlUXV2UzQKdGZKc1JwZjRRNS9vNjJyakxsYitLVWs2M0NiTWZDLzdXaHlWa3R1UHNTcG9adXdtTlZ2ckdwdHhibW1MbGt0ZQpFK1YyQ21nQS9hT3V2aUk5M3ZSSUg5RkRNb3E5cFBYUFowYlJDNVo2ODMwVm9VV1I5ZXRxUlFjSlVoSFNnVEhPClFEQmRMSnBHeUNucHZNRFZsNDRaMGJCdGFOSG1DTDlBdGJmditjWi9tTUo0UVk5bXlEUWJlc1hRbTc3THVtbXYKUXR3RFc4TUgvME9Ceks0c3EvSnZoeDN4Ym9GM2Y3c2VsdDVpK3Zrcy9nZWd0MWNVTS9rdnRRSExVYWloRnFqdwpNbzZXSEk5dWNlQVE5NkZaR2V6RXU1a3hhakpGRWdPWks0Y1IrY2RSQWNpMk5LUGttanJ5WG5GNGJRN3ZTWG9ECkJNRHM4RGZCeGowSlBvcUNkTVlpaDVSempBNUZsQXkrM0lPWmhGeGxNTncvVGhHa3NKRmprb0FiaFViN0dML2IKdzR6ZndheUlvNkNLdDNiOVowMDZuTE03clpzeUR0S0d1amhETnJUNkVLYnZaNHZCYVBlUUZtT29Fd3BPbnloQgozV0t1VXhQdldiZkROVWl4amhLUmdNTG5sYkViN095NEFMZE5JUFFKSzAzbkEwM0hZeW9uMnJhV0xWcC9pbW51ClJiU2ZGOU81YWd6M2dVUzR1U0JmTnFnYVlBalh3cUQ0VXdJREFRQUJvNEdmTUlHY01COEdBMVVkSXdRWU1CYUEKRkhZalR1bXU2SUp5Y2U1ZEUxRWVoa21nbFFrR01Ba0dBMVVkRXdRQ01BQXdDd1lEVlIwUEJBUURBZ1R3TUJNRwpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNRXdHQTFVZEVRUkZNRU9DSDJoaGNtSnZjaTEwY21saGJDNXphR1V1CmMzbHpkR1Z0WkdWdGJ5NXZjbWVDRW5Ob1pTNXplWE4wWlcxa1pXMXZMbTl5WjRJTWFHRnlZbTl5TFhSeWFXRnMKTUEwR0NTcUdTSWIzRFFFQkRRVUFBNElDQVFCTjNSb3EyaDQ4NG1vclkzR09NTm1uOWpCSjlCbUNpdk90ZHNQeApmQkpneGppNXFHQlY2MXRMU1VBWTdZYmNmRzdmS2ZuUmpuOXVYbXRjVmxaUkQ3MDEvU3RPQnlvU2RaL0Q4NFNJCktIYUE5eG9MWlVEbzRYRGhRVm50MDRjMk5JdUF2R21hMkpoVlZzdlZ4OG4wOS9mZHFKUC85RGVYWUhRL3FFdE8KNkdaTEp1ZTNFcFpLTDZNZ0FKSjRETzQ5dTdjY1VtWGI2OFM5alpDYXViVXEzTm9ndHA2VkNxMjRNVXlOdzJlVQplTXJDRStaaXRSK1p4Yi9xUWF4dDJoelQzU3dlRXc1MzRlQ3BHT05CclhrTE05M2VMV29MdE9Ec3VCazkwakc1CmlKM1NWVExxSk9tandqbnpnNWZHK3F2MmhWWUhFNFUxUk1KWDZHdk81Mll6QzgrMnNkS0NWT3ZuTm02RXh2UDUKS1dFY2hOOWdaWjNBWlJSYmpYR0VwSktiYmthQWRIcFc5UzR0cTV2R1hySFQ4dDJJN3hKMlhpWlgwcE9UdUJsagpZVU9LaDZ5aWFsZGFtbmFMNDYrWEVNVW5nQW1FaU9RaDI4c3FFT2tsTXRYYks5bGtIRit3NDQ2czZJejdhd0QyClZSQUpQSmF2dkdhUy9teXJYTHhMNzVMMElEeHEzdzJrT2VOTEpxa29MeHI4dnM2SzBqWFo0L2ZEVzc0Wkl1Ym0KNG5hQ1VSamFrYXBGWFVoOXJKaW5XSkNrSE1rTjNnTHRXMnQyKzlLUDkrY0g4SWNHQWZPYm1adkkzSEo3VVdYVApJdU0rT1N1YUFJY0FaSUVHY1ova2Frc2tWcXFndm9ub05PNTY4MGhVcWk1T3lWSmtZRHZjQWNrc2R2dHI5amhmCkl4L016QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Cert issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: cluster-sample-ns
spec:
ca:
secretName: harbor-test-ca
---
# Certificates of ingress
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sample-public-certificate
namespace: cluster-sample-ns
spec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: Issuer
---
# Full stack Harbor
apiVersion: goharbor.io/v1beta1
kind: HarborCluster
metadata:
name: harborcluster-sample
namespace: cluster-sample-ns
spec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: letsencrypt-prod
kind: Issuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: "1.5.0"
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: "4.0.6"
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: "1.0.0"
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1
…On Tue, Mar 28, 2023 at 11:34 PM Thomas Coudert ***@***.***> wrote:
Can you share the templates for the tries you did with self signed
certificate please ?
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUMGK7JNEJ5APDQHFU3W6MR4LANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
You should use let's encrypt cert issuer for expose.core.tls and expose.notary.tls and use self signed cert issuer for core.tokenIssuer |
|
We tried with Lets encrypt with issuer and clusterIssuer type but then pod
for harbor core and other pods are kept in a failed state .
*NOTE : Could you Please share the full-stack file working one with
lets-encrypt . Also in that what we need to do for the valid tls part. That
will be great help *
full-stack.yaml (Lets-encrypt ways)
…---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-sample-ns
---
apiVersion: v1
kind: Secret
metadata:
name: admin-core-secret
namespace: cluster-sample-ns
data:
secret: SGFyYm9yMTIzNDU=
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: minio-access-secret
namespace: cluster-sample-ns
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=
type: Opaque
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cluster-sample-ns
spec:
acme:
email: ***@***.***
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---
# Certificates of ingress
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sample-public-certificate
namespace: cluster-sample-ns
spec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---
apiVersion: goharbor.io/v1beta1
kind: HarborCluster
metadata:
name: harborcluster-sample
namespace: cluster-sample-ns
spec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
kubernetes.io/tls-acme: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
kubernetes.io/tls-acme: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: letsencrypt-prod
kind: ClusterIssuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: 1.5.0
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: 4.0.6
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: 1.0.0
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1
*NOTE : Could you Please share the full-stack file working onew with
lets-encrypt . Also in that what we need to do for the valid tls part. That
will be great help *
On Thu, Mar 30, 2023 at 3:01 PM Thomas Coudert ***@***.***> wrote:
You should use let's encrypt cert issuer for expose.core.tls and
expose.notary.tls and use self signed cert issuer for core.tokenIssuer
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUPA3DUS2XJC4IPEQTLW6VHF7ANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
You should try something like this: ----------------------------
# Sample namespace
apiVersion: v1
kind: Namespace
metadata:
name: cluster-sample-ns
---
# A secret of harbor admin password.
apiVersion: v1
kind: Secret
metadata:
name: admin-core-secret
namespace: cluster-sample-ns
data:
secret: SGFyYm9yMTIzNDU=
type: Opaque
---
# A secret for minIO access.
apiVersion: v1
kind: Secret
metadata:
name: minio-access-secret
namespace: cluster-sample-ns
data:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=
type: Opaque
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cluster-sample-ns
spec:
acme:
email: [email protected]
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---
# Certificates of ingress
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sample-public-certificate
namespace: cluster-sample-ns
spec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---
apiVersion: v1
kind: Secret
metadata:
name: harbor-test-ca
namespace: cluster-sample-ns
data:
tls.crt:
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBMjZIaFYyNDBsQjVjckQxbE9xR1R4TU5xYVU4M0wwVDV3Tnc5VWVWNUQxVjZrV09vCkpqWGFoZzJRWnUyZGlhUkJnN1FzRkRxVWgzaWdrUUJpTXEwK2ZhYmNvdFN3Z09zS0doWGZTTXdJSG9jRm01cWsKeHJBSWJHVCtzelhlSmYwRGR1TDNrTHIwdUxYeWJFYVgrRU9mNk90cTR5NVcvaWxKT3R3bXpId3YrMW9jbFpMYgpqN0VxYUdic0pqVmI2eHFiY1c1cGk1WkxYaFBsZGdwb0FQMmpycjRpUGQ3MFNCL1JRektLdmFUMXoyZEcwUXVXCmV2TjlGYUZGa2ZYcmFrVUhDVklSMG9FeHprQXdYU3lhUnNncDZiekExWmVPR2RHd2JXalI1Z2kvUUxXMzcvbkcKZjVqQ2VFR1Bac2cwRzNyRjBKdSt5N3BwcjBMY0ExdkRCLzlEZ2N5dUxLdnliNGNkOFc2QmQzKzdIcGJlWXZyNQpMUDRIb0xkWEZEUDVMN1VCeTFHb29SYW84REtPbGh5UGJuSGdFUGVoV1Juc3hMdVpNV295UlJJRG1TdUhFZm5IClVRSEl0alNqNUpvNjhsNXhlRzBPNzBsNkF3VEE3UEEzd2NZOUNUNktnblRHSW9lVWM0d09SWlFNdnR5RG1ZUmMKWlREY1AwNFJwTENSWTVLQUc0VkcreGkvMjhPTTM4R3NpS09naXJkMi9XZE5PcHl6TzYyYk1nN1Nocm80UXphMAoraENtNzJlTHdXajNrQlpqcUJNS1RwOG9RZDFpcmxNVDcxbTN3elZJc1k0U2tZREM1NVd4Ryt6c3VBQzNUU0QwCkNTdE41d05OeDJNcUo5cTJsaTFhZjRwcDdrVzBueGZUdVdvTTk0RkV1TGtnWHphb0dtQUkxOEtnK0ZNQ0F3RUEKQVFLQ0FnRUFzTUdULy9BU1lvNFkyUWxFR2E2RnBObjhIcXFBNkFyajBTR3VPK1dveXYxbytlOHhHU2RJS1pCcgpBVnNENlEwSEtMNXNwdzhLRUFpMWVGek5xcWtnWExGWWFiY3dJV0NITGIwaWlJeWprQ1hzRG5HallMKzAxNzlqCjk4aEhjMTB2VjVPTDE2K09XY1VjUjZWOGtuR2lGU3E1U0FJNFFxM3BZSFJpeVRpOHlOV1pvWXFpSnY5VytOUzAKQW4vNDdMbnFGWnpkVmxocmFWZ3IyQmJCNHVJOXc5a0M1N1l4OUlXZXZTekUyYUVUcm9vWVJRN0ZXVWZ5QitGVgpnd1ZlSTVWUDkyRlVOSXlERDlFNjJ4R1ZTNWUxbTRXcnozbjhBNjF0Qm5CUVZJZi9tMDFqcmI3ZjBEcVpiM3liCnN3VTJZbE1wTmh6UnJWWGx6Z1hKMk80VmhLOGJuTEc4ZW5oaWhIeHpNZXhDRzc3bTBoVjZ2RDEwTzJ2NDNMYnYKNUttMllFb3RrNFV5UEZTWmc4VzAwbnJqdzVwZkpHRjlPN3Qwb2dkVStMTUV5SUdsZytGWDRBZHBHYllvV2xNNwpYdnZaWmxVUG14aThJVUw5T0lZQUtUM1MydWs2ck5lWmlCeU5lWE9GdkRXdmpYU0c1Mm9zd2ZtQkRJazRQbld1CkJpR2ZPM3VxbitWNXlWRWwyM0c2YnU2VE1TT2cwN0FTeFRHUTRKaUpMcFV0SVcreHhMYkw2NTlVRkZRTzRnQ0cKRUV4bFdLaG00bGU2WFhxVjlWRjFmck5UTWFtem5oVW5QZERTeWhVbTl3QlRPL1hxaktCWUM1T2hvZDZJSVZFTQpkclBtT01JaDd0c1JERjNQbzB2WHBYOWpMcng4eU81emZBYWlIMXVJK1NPdUd0TnBlVGtDZ2dFQkFQV3BUa3YzCmdaWHVLM3ZRZW1MV0d4WTg2Qk9CcEl5aGxqOXQwakF6ZEZwdmdINHdQMFBZdTZBSW9vdmVqSTlhQWd3bkdsNWYKc0prS0Jlck1KQngvRFFMWWRLMng5dTRIbW9Qem9hVi8zbFhtNE5PQ0hIdkxnT1ROOG1IUW94YTFPQTM2NUYwUAplNFdpb1pGUERvTyttODBPYTdQWXhnWmIrYkE4QWlKc3VLUkVjQ3NQQk9DaXdaYW1UMzVDcE52MWdEK2J3WGN0CmZjTXdPbHpDVGkyYlBLQ1hCWkMyNUdWQktPRVd2M01iaEoyL1ZtbjZab0Rnak15SXM3Uk5wa3ViRTBXcnYwWm0KNUZBQy9BUlpnL2hHSWxQTkVXbExmd2paaUo3Nkxod3VKYXA1cWNZcGF3aTBLWW1tYUw5VGRjem5aSnlMaWxLTAptemF0VW5lRWJGKzZQeDBDZ2dFQkFPVGdKUFZkQTUrMnFvZ3ZtUjNMYk1jK1g0MXhUbWF3blhNcWh5RDdYczliCmlmUm5hVE96QWlhYVJ5WFNDU2ZiQW1ZbHg0cU5EQlAyejdROU5aU1grRFFaWjM5RDZ2dmViQjBTMit1SDlub1AKZ3J0am9BTjBLTUNKUVBScS9WU1pGMWxVbWo1RGh1QStpaHo1LzNSRlVxZlc3cWdWSHlTVFl6RE96QWd6ODVuZQp0b0s1ZHd3TS9DbDIvTjJKeDdZMFlDQ1FsU0ljdFV1VnhoOTJRNng0Tkw3dlZ3NXpjd282aGc1YkxvM2V4dlpQCjExVjN4VU9RZGRIY1dnZmZiWDlWWW5pK2FIdCs2VHh6cUdCUVJKWmRXVnFYc1BOMGlnbG1UdWNkdC8vbHFlVy8KMXBJdnZRWVpweHdubWJoLzRvcDhqTzZUREU2OUtJcW9tK0crd1FJbFNpOENnZ0VBSnFDdG1CSmVCUFpEVGgrMAo3cytkeUx4Zy9aZzRDSWpyK0NOTGxwcXdvL3UrWjVrc2lYMk4yeGNnZi8vSmVFejkzMjFTbng1S3hYV25Bb21BCjhCNG1MSmxlbDJWUlg1SkFnSmtSaE5WN1gyU0RXNTZzM2VaYzZSMWRESFppL3BJV00xU05EZmorUWtBVlNhVDEKc2srSmJnL2piWThiYkNxUU0xN3NNditIZFFUeDRrTmxUL0Vub1ltYkhFNWNYOTNWZ2FyN0c4TkNjQ3VvTWFlMwo1VUh3b1l1OXEwaW0xeWtNeFgvdk1LbFdDL3ZuR1pqdS96clB5T1dCNUVzRmFBUUZYc0ludkdrM1kwRms0VVkyCkV4YnNGT004NXFLaFlnSGFrcXppRFRwUVgrTHJpQ1pCRjBoRTg4ai8xWDNKR3lRVFZPNDRITXlvNWtzUW1ZeHcKQWdsbUhRS0NBUUVBcld2UlZVRm5UNHRmWjlWNUZZUmdKaEJ5NG4rcVFsRXMzR2lxL3lpNHpERzJORVJ2Q0VkcApKOHJhZ2lQRjREY29lREhFSW8yQlMxZEdSbkhpdVhiMUVMVDNJUTFiYmdFNHRrYmw4RytUS1NXN2p6V0x0MUk2CjFyaXBTUW9RYmh1Wi80d0ZXNHhiRkdzT3g2bitFQ0crNFlJUVQ3ZkJZenR5ZXpjV2psaWZDa1lnMEtpck5heFoKSFNvVnE5K01QZGt0eFQ4SVlWS1RaSFJXTE55MXBtZG13QTRtVHNMWHRqWm1BVmJCemFteDVFelhBdUcvek5RWApFaTcrNE54QTRhelc4bHFFWEo3ckoyMFRkZmNjSVRzV1MzaUpFYytLRUZrL0RBd09zWTFaME1ZdFZaTnFqTWEvClFxd1c1Qit5amZDVjhPZm0rWHFHejVtMms3U3dGbW9lN1FLQ0FRRUFrbFJIOWdHUHJ1eTFWTjY5bVlmZVcyTEwKbFVhdENkQzV4Q2N4QkxEWndtV0RqeC9sVm1SemlSRXo4ZVlzUkRJajU1Q3pIT1E2UW84VmNBT1ZWaTVROG83TApWZUdOaXFmYmVqSm1xTmNUSStNbU9UVEozUWhBbjhST1lFMXBHTWI1SGRHUkIvTjduRU91d1l3YW1iMEY1SGhCCjJKcTlnSzQ4cm14WVNuZWlKKzZIUm0xVDZ3cTlDN0UyRkhMVEthWEZzZGxYdWdKRTFzU1ZvTzMrR0dYNEFwMGkKVHd2cWZrMVRnbEQ2OXlsbTYvRmtibzEwSEFFbG44M3pCVDRJV0hUMUM1cXdXbVRZNXVlTGZRNEN6dG1qRDhPaQpSOXBsNE84cG9sc1ZjMmoybXlBbThLdFkvNStvMXA5WmN6TDAycUEvK2tQeWl2K2c1ZjBmTUhlVEx0a0dEUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
tls.key:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNRENDQkJpZ0F3SUJBZ0lVUmowbTd5M0tMVUJjRTVCNmFYTm5UT2dhS2Jvd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2dZQXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJREFkQ1pXbHFhVzVuTVJBd0RnWURWUVFIREFkQwpaV2xxYVc1bk1SQXdEZ1lEVlFRS0RBZGxlR0Z0Y0d4bE1SRXdEd1lEVlFRTERBaFFaWEp6YjI1aGJERW9NQ1lHCkExVUVBd3dmYUdGeVltOXlMWFJ5YVdGc0xuTm9aUzV6ZVhOMFpXMWtaVzF2TG05eVp6QWVGdzB5TXpBek1qUXcKTnpBeU5ERmFGdzB6TXpBek1qRXdOekF5TkRGYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0F3SApRbVZwYW1sdVp6RVFNQTRHQTFVRUJ3d0hRbVZwYW1sdVp6RVFNQTRHQTFVRUNnd0haWGhoYlhCc1pURVJNQThHCkExVUVDd3dJVUdWeWMyOXVZV3d4S0RBbUJnTlZCQU1NSDJoaGNtSnZjaTEwY21saGJDNXphR1V1YzNsemRHVnQKWkdWdGJ5NXZjbWN3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGJvZUZYYmpTVQpIbHlzUFdVNm9aUEV3MnBwVHpjdlJQbkEzRDFSNVhrUFZYcVJZNmdtTmRxR0RaQm03WjJKcEVHRHRDd1VPcFNICmVLQ1JBR0l5clQ1OXB0eWkxTENBNndvYUZkOUl6QWdlaHdXYm1xVEdzQWhzWlA2ek5kNGwvUU4yNHZlUXV2UzQKdGZKc1JwZjRRNS9vNjJyakxsYitLVWs2M0NiTWZDLzdXaHlWa3R1UHNTcG9adXdtTlZ2ckdwdHhibW1MbGt0ZQpFK1YyQ21nQS9hT3V2aUk5M3ZSSUg5RkRNb3E5cFBYUFowYlJDNVo2ODMwVm9VV1I5ZXRxUlFjSlVoSFNnVEhPClFEQmRMSnBHeUNucHZNRFZsNDRaMGJCdGFOSG1DTDlBdGJmditjWi9tTUo0UVk5bXlEUWJlc1hRbTc3THVtbXYKUXR3RFc4TUgvME9Ceks0c3EvSnZoeDN4Ym9GM2Y3c2VsdDVpK3Zrcy9nZWd0MWNVTS9rdnRRSExVYWloRnFqdwpNbzZXSEk5dWNlQVE5NkZaR2V6RXU1a3hhakpGRWdPWks0Y1IrY2RSQWNpMk5LUGttanJ5WG5GNGJRN3ZTWG9ECkJNRHM4RGZCeGowSlBvcUNkTVlpaDVSempBNUZsQXkrM0lPWmhGeGxNTncvVGhHa3NKRmprb0FiaFViN0dML2IKdzR6ZndheUlvNkNLdDNiOVowMDZuTE03clpzeUR0S0d1amhETnJUNkVLYnZaNHZCYVBlUUZtT29Fd3BPbnloQgozV0t1VXhQdldiZkROVWl4amhLUmdNTG5sYkViN095NEFMZE5JUFFKSzAzbkEwM0hZeW9uMnJhV0xWcC9pbW51ClJiU2ZGOU81YWd6M2dVUzR1U0JmTnFnYVlBalh3cUQ0VXdJREFRQUJvNEdmTUlHY01COEdBMVVkSXdRWU1CYUEKRkhZalR1bXU2SUp5Y2U1ZEUxRWVoa21nbFFrR01Ba0dBMVVkRXdRQ01BQXdDd1lEVlIwUEJBUURBZ1R3TUJNRwpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNRXdHQTFVZEVRUkZNRU9DSDJoaGNtSnZjaTEwY21saGJDNXphR1V1CmMzbHpkR1Z0WkdWdGJ5NXZjbWVDRW5Ob1pTNXplWE4wWlcxa1pXMXZMbTl5WjRJTWFHRnlZbTl5TFhSeWFXRnMKTUEwR0NTcUdTSWIzRFFFQkRRVUFBNElDQVFCTjNSb3EyaDQ4NG1vclkzR09NTm1uOWpCSjlCbUNpdk90ZHNQeApmQkpneGppNXFHQlY2MXRMU1VBWTdZYmNmRzdmS2ZuUmpuOXVYbXRjVmxaUkQ3MDEvU3RPQnlvU2RaL0Q4NFNJCktIYUE5eG9MWlVEbzRYRGhRVm50MDRjMk5JdUF2R21hMkpoVlZzdlZ4OG4wOS9mZHFKUC85RGVYWUhRL3FFdE8KNkdaTEp1ZTNFcFpLTDZNZ0FKSjRETzQ5dTdjY1VtWGI2OFM5alpDYXViVXEzTm9ndHA2VkNxMjRNVXlOdzJlVQplTXJDRStaaXRSK1p4Yi9xUWF4dDJoelQzU3dlRXc1MzRlQ3BHT05CclhrTE05M2VMV29MdE9Ec3VCazkwakc1CmlKM1NWVExxSk9tandqbnpnNWZHK3F2MmhWWUhFNFUxUk1KWDZHdk81Mll6QzgrMnNkS0NWT3ZuTm02RXh2UDUKS1dFY2hOOWdaWjNBWlJSYmpYR0VwSktiYmthQWRIcFc5UzR0cTV2R1hySFQ4dDJJN3hKMlhpWlgwcE9UdUJsagpZVU9LaDZ5aWFsZGFtbmFMNDYrWEVNVW5nQW1FaU9RaDI4c3FFT2tsTXRYYks5bGtIRit3NDQ2czZJejdhd0QyClZSQUpQSmF2dkdhUy9teXJYTHhMNzVMMElEeHEzdzJrT2VOTEpxa29MeHI4dnM2SzBqWFo0L2ZEVzc0Wkl1Ym0KNG5hQ1VSamFrYXBGWFVoOXJKaW5XSkNrSE1rTjNnTHRXMnQyKzlLUDkrY0g4SWNHQWZPYm1adkkzSEo3VVdYVApJdU0rT1N1YUFJY0FaSUVHY1ova2Frc2tWcXFndm9ub05PNTY4MGhVcWk1T3lWSmtZRHZjQWNrc2R2dHI5amhmCkl4L016QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Cert issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-signed
namespace: cluster-sample-ns
spec:
ca:
secretName: harbor-test-ca
---
# Full stack Harbor
apiVersion: goharbor.io/v1beta1
kind: HarborCluster
metadata:
name: harborcluster-sample
namespace: cluster-sample-ns
spec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: self-signed
kind: Issuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: "1.5.0"
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: "4.0.6"
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: "1.0.0"
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1 |
|
Hi ,
We tried with the fullstack.yaml which you sent . File is in Attachment .
After kubectl apply ---> Core pod is not coming up . If the pod for core
won't come then Ingress will not come .
Please help in fixing those issues .
pod status :
[image: image.png]
Full-stack.yaml in attachment
Please help
…On Thu, Mar 30, 2023 at 3:21 PM Thomas Coudert ***@***.***> wrote:
You should try something like this:
----------------------------# Sample namespaceapiVersion: v1kind: Namespacemetadata:
name: cluster-sample-ns
---# A secret of harbor admin password.apiVersion: v1kind: Secretmetadata:
name: admin-core-secret
namespace: cluster-sample-nsdata:
secret: SGFyYm9yMTIzNDU=type: Opaque
---# A secret for minIO access.apiVersion: v1kind: Secretmetadata:
name: minio-access-secret
namespace: cluster-sample-nsdata:
accesskey: YWRtaW4=
secretkey: bWluaW8xMjM=type: Opaque
---apiVersion: cert-manager.io/v1kind: ClusterIssuermetadata:
name: letsencrypt-prod
namespace: cluster-sample-nsspec:
acme:
email: ***@***.***
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
---# Certificates of ingressapiVersion: cert-manager.io/v1kind: Certificatemetadata:
name: sample-public-certificate
namespace: cluster-sample-nsspec:
secretName: sample-public-certificate
dnsNames:
- harbor-trial.she.systemdemo.org
- minio-trial.she.systemdemo.org
- notary-trial.she.systemdemo.org
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
---apiVersion: v1kind: Secretmetadata:
name: harbor-test-ca
namespace: cluster-sample-nsdata:
tls.crt:
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBMjZIaFYyNDBsQjVjckQxbE9xR1R4TU5xYVU4M0wwVDV3Tnc5VWVWNUQxVjZrV09vCkpqWGFoZzJRWnUyZGlhUkJnN1FzRkRxVWgzaWdrUUJpTXEwK2ZhYmNvdFN3Z09zS0doWGZTTXdJSG9jRm01cWsKeHJBSWJHVCtzelhlSmYwRGR1TDNrTHIwdUxYeWJFYVgrRU9mNk90cTR5NVcvaWxKT3R3bXpId3YrMW9jbFpMYgpqN0VxYUdic0pqVmI2eHFiY1c1cGk1WkxYaFBsZGdwb0FQMmpycjRpUGQ3MFNCL1JRektLdmFUMXoyZEcwUXVXCmV2TjlGYUZGa2ZYcmFrVUhDVklSMG9FeHprQXdYU3lhUnNncDZiekExWmVPR2RHd2JXalI1Z2kvUUxXMzcvbkcKZjVqQ2VFR1Bac2cwRzNyRjBKdSt5N3BwcjBMY0ExdkRCLzlEZ2N5dUxLdnliNGNkOFc2QmQzKzdIcGJlWXZyNQpMUDRIb0xkWEZEUDVMN1VCeTFHb29SYW84REtPbGh5UGJuSGdFUGVoV1Juc3hMdVpNV295UlJJRG1TdUhFZm5IClVRSEl0alNqNUpvNjhsNXhlRzBPNzBsNkF3VEE3UEEzd2NZOUNUNktnblRHSW9lVWM0d09SWlFNdnR5RG1ZUmMKWlREY1AwNFJwTENSWTVLQUc0VkcreGkvMjhPTTM4R3NpS09naXJkMi9XZE5PcHl6TzYyYk1nN1Nocm80UXphMAoraENtNzJlTHdXajNrQlpqcUJNS1RwOG9RZDFpcmxNVDcxbTN3elZJc1k0U2tZREM1NVd4Ryt6c3VBQzNUU0QwCkNTdE41d05OeDJNcUo5cTJsaTFhZjRwcDdrVzBueGZUdVdvTTk0RkV1TGtnWHphb0dtQUkxOEtnK0ZNQ0F3RUEKQVFLQ0FnRUFzTUdULy9BU1lvNFkyUWxFR2E2RnBObjhIcXFBNkFyajBTR3VPK1dveXYxbytlOHhHU2RJS1pCcgpBVnNENlEwSEtMNXNwdzhLRUFpMWVGek5xcWtnWExGWWFiY3dJV0NITGIwaWlJeWprQ1hzRG5HallMKzAxNzlqCjk4aEhjMTB2VjVPTDE2K09XY1VjUjZWOGtuR2lGU3E1U0FJNFFxM3BZSFJpeVRpOHlOV1pvWXFpSnY5VytOUzAKQW4vNDdMbnFGWnpkVmxocmFWZ3IyQmJCNHVJOXc5a0M1N1l4OUlXZXZTekUyYUVUcm9vWVJRN0ZXVWZ5QitGVgpnd1ZlSTVWUDkyRlVOSXlERDlFNjJ4R1ZTNWUxbTRXcnozbjhBNjF0Qm5CUVZJZi9tMDFqcmI3ZjBEcVpiM3liCnN3VTJZbE1wTmh6UnJWWGx6Z1hKMk80VmhLOGJuTEc4ZW5oaWhIeHpNZXhDRzc3bTBoVjZ2RDEwTzJ2NDNMYnYKNUttMllFb3RrNFV5UEZTWmc4VzAwbnJqdzVwZkpHRjlPN3Qwb2dkVStMTUV5SUdsZytGWDRBZHBHYllvV2xNNwpYdnZaWmxVUG14aThJVUw5T0lZQUtUM1MydWs2ck5lWmlCeU5lWE9GdkRXdmpYU0c1Mm9zd2ZtQkRJazRQbld1CkJpR2ZPM3VxbitWNXlWRWwyM0c2YnU2VE1TT2cwN0FTeFRHUTRKaUpMcFV0SVcreHhMYkw2NTlVRkZRTzRnQ0cKRUV4bFdLaG00bGU2WFhxVjlWRjFmck5UTWFtem5oVW5QZERTeWhVbTl3QlRPL1hxaktCWUM1T2hvZDZJSVZFTQpkclBtT01JaDd0c1JERjNQbzB2WHBYOWpMcng4eU81emZBYWlIMXVJK1NPdUd0TnBlVGtDZ2dFQkFQV3BUa3YzCmdaWHVLM3ZRZW1MV0d4WTg2Qk9CcEl5aGxqOXQwakF6ZEZwdmdINHdQMFBZdTZBSW9vdmVqSTlhQWd3bkdsNWYKc0prS0Jlck1KQngvRFFMWWRLMng5dTRIbW9Qem9hVi8zbFhtNE5PQ0hIdkxnT1ROOG1IUW94YTFPQTM2NUYwUAplNFdpb1pGUERvTyttODBPYTdQWXhnWmIrYkE4QWlKc3VLUkVjQ3NQQk9DaXdaYW1UMzVDcE52MWdEK2J3WGN0CmZjTXdPbHpDVGkyYlBLQ1hCWkMyNUdWQktPRVd2M01iaEoyL1ZtbjZab0Rnak15SXM3Uk5wa3ViRTBXcnYwWm0KNUZBQy9BUlpnL2hHSWxQTkVXbExmd2paaUo3Nkxod3VKYXA1cWNZcGF3aTBLWW1tYUw5VGRjem5aSnlMaWxLTAptemF0VW5lRWJGKzZQeDBDZ2dFQkFPVGdKUFZkQTUrMnFvZ3ZtUjNMYk1jK1g0MXhUbWF3blhNcWh5RDdYczliCmlmUm5hVE96QWlhYVJ5WFNDU2ZiQW1ZbHg0cU5EQlAyejdROU5aU1grRFFaWjM5RDZ2dmViQjBTMit1SDlub1AKZ3J0am9BTjBLTUNKUVBScS9WU1pGMWxVbWo1RGh1QStpaHo1LzNSRlVxZlc3cWdWSHlTVFl6RE96QWd6ODVuZQp0b0s1ZHd3TS9DbDIvTjJKeDdZMFlDQ1FsU0ljdFV1VnhoOTJRNng0Tkw3dlZ3NXpjd282aGc1YkxvM2V4dlpQCjExVjN4VU9RZGRIY1dnZmZiWDlWWW5pK2FIdCs2VHh6cUdCUVJKWmRXVnFYc1BOMGlnbG1UdWNkdC8vbHFlVy8KMXBJdnZRWVpweHdubWJoLzRvcDhqTzZUREU2OUtJcW9tK0crd1FJbFNpOENnZ0VBSnFDdG1CSmVCUFpEVGgrMAo3cytkeUx4Zy9aZzRDSWpyK0NOTGxwcXdvL3UrWjVrc2lYMk4yeGNnZi8vSmVFejkzMjFTbng1S3hYV25Bb21BCjhCNG1MSmxlbDJWUlg1SkFnSmtSaE5WN1gyU0RXNTZzM2VaYzZSMWRESFppL3BJV00xU05EZmorUWtBVlNhVDEKc2srSmJnL2piWThiYkNxUU0xN3NNditIZFFUeDRrTmxUL0Vub1ltYkhFNWNYOTNWZ2FyN0c4TkNjQ3VvTWFlMwo1VUh3b1l1OXEwaW0xeWtNeFgvdk1LbFdDL3ZuR1pqdS96clB5T1dCNUVzRmFBUUZYc0ludkdrM1kwRms0VVkyCkV4YnNGT004NXFLaFlnSGFrcXppRFRwUVgrTHJpQ1pCRjBoRTg4ai8xWDNKR3lRVFZPNDRITXlvNWtzUW1ZeHcKQWdsbUhRS0NBUUVBcld2UlZVRm5UNHRmWjlWNUZZUmdKaEJ5NG4rcVFsRXMzR2lxL3lpNHpERzJORVJ2Q0VkcApKOHJhZ2lQRjREY29lREhFSW8yQlMxZEdSbkhpdVhiMUVMVDNJUTFiYmdFNHRrYmw4RytUS1NXN2p6V0x0MUk2CjFyaXBTUW9RYmh1Wi80d0ZXNHhiRkdzT3g2bitFQ0crNFlJUVQ3ZkJZenR5ZXpjV2psaWZDa1lnMEtpck5heFoKSFNvVnE5K01QZGt0eFQ4SVlWS1RaSFJXTE55MXBtZG13QTRtVHNMWHRqWm1BVmJCemFteDVFelhBdUcvek5RWApFaTcrNE54QTRhelc4bHFFWEo3ckoyMFRkZmNjSVRzV1MzaUpFYytLRUZrL0RBd09zWTFaME1ZdFZaTnFqTWEvClFxd1c1Qit5amZDVjhPZm0rWHFHejVtMms3U3dGbW9lN1FLQ0FRRUFrbFJIOWdHUHJ1eTFWTjY5bVlmZVcyTEwKbFVhdENkQzV4Q2N4QkxEWndtV0RqeC9sVm1SemlSRXo4ZVlzUkRJajU1Q3pIT1E2UW84VmNBT1ZWaTVROG83TApWZUdOaXFmYmVqSm1xTmNUSStNbU9UVEozUWhBbjhST1lFMXBHTWI1SGRHUkIvTjduRU91d1l3YW1iMEY1SGhCCjJKcTlnSzQ4cm14WVNuZWlKKzZIUm0xVDZ3cTlDN0UyRkhMVEthWEZzZGxYdWdKRTFzU1ZvTzMrR0dYNEFwMGkKVHd2cWZrMVRnbEQ2OXlsbTYvRmtibzEwSEFFbG44M3pCVDRJV0hUMUM1cXdXbVRZNXVlTGZRNEN6dG1qRDhPaQpSOXBsNE84cG9sc1ZjMmoybXlBbThLdFkvNStvMXA5WmN6TDAycUEvK2tQeWl2K2c1ZjBmTUhlVEx0a0dEUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
tls.key:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNRENDQkJpZ0F3SUJBZ0lVUmowbTd5M0tMVUJjRTVCNmFYTm5UT2dhS2Jvd0RRWUpLb1pJaHZjTkFRRU4KQlFBd2dZQXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJREFkQ1pXbHFhVzVuTVJBd0RnWURWUVFIREFkQwpaV2xxYVc1bk1SQXdEZ1lEVlFRS0RBZGxlR0Z0Y0d4bE1SRXdEd1lEVlFRTERBaFFaWEp6YjI1aGJERW9NQ1lHCkExVUVBd3dmYUdGeVltOXlMWFJ5YVdGc0xuTm9aUzV6ZVhOMFpXMWtaVzF2TG05eVp6QWVGdzB5TXpBek1qUXcKTnpBeU5ERmFGdzB6TXpBek1qRXdOekF5TkRGYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0F3SApRbVZwYW1sdVp6RVFNQTRHQTFVRUJ3d0hRbVZwYW1sdVp6RVFNQTRHQTFVRUNnd0haWGhoYlhCc1pURVJNQThHCkExVUVDd3dJVUdWeWMyOXVZV3d4S0RBbUJnTlZCQU1NSDJoaGNtSnZjaTEwY21saGJDNXphR1V1YzNsemRHVnQKWkdWdGJ5NXZjbWN3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRRGJvZUZYYmpTVQpIbHlzUFdVNm9aUEV3MnBwVHpjdlJQbkEzRDFSNVhrUFZYcVJZNmdtTmRxR0RaQm03WjJKcEVHRHRDd1VPcFNICmVLQ1JBR0l5clQ1OXB0eWkxTENBNndvYUZkOUl6QWdlaHdXYm1xVEdzQWhzWlA2ek5kNGwvUU4yNHZlUXV2UzQKdGZKc1JwZjRRNS9vNjJyakxsYitLVWs2M0NiTWZDLzdXaHlWa3R1UHNTcG9adXdtTlZ2ckdwdHhibW1MbGt0ZQpFK1YyQ21nQS9hT3V2aUk5M3ZSSUg5RkRNb3E5cFBYUFowYlJDNVo2ODMwVm9VV1I5ZXRxUlFjSlVoSFNnVEhPClFEQmRMSnBHeUNucHZNRFZsNDRaMGJCdGFOSG1DTDlBdGJmditjWi9tTUo0UVk5bXlEUWJlc1hRbTc3THVtbXYKUXR3RFc4TUgvME9Ceks0c3EvSnZoeDN4Ym9GM2Y3c2VsdDVpK3Zrcy9nZWd0MWNVTS9rdnRRSExVYWloRnFqdwpNbzZXSEk5dWNlQVE5NkZaR2V6RXU1a3hhakpGRWdPWks0Y1IrY2RSQWNpMk5LUGttanJ5WG5GNGJRN3ZTWG9ECkJNRHM4RGZCeGowSlBvcUNkTVlpaDVSempBNUZsQXkrM0lPWmhGeGxNTncvVGhHa3NKRmprb0FiaFViN0dML2IKdzR6ZndheUlvNkNLdDNiOVowMDZuTE03clpzeUR0S0d1amhETnJUNkVLYnZaNHZCYVBlUUZtT29Fd3BPbnloQgozV0t1VXhQdldiZkROVWl4amhLUmdNTG5sYkViN095NEFMZE5JUFFKSzAzbkEwM0hZeW9uMnJhV0xWcC9pbW51ClJiU2ZGOU81YWd6M2dVUzR1U0JmTnFnYVlBalh3cUQ0VXdJREFRQUJvNEdmTUlHY01COEdBMVVkSXdRWU1CYUEKRkhZalR1bXU2SUp5Y2U1ZEUxRWVoa21nbFFrR01Ba0dBMVVkRXdRQ01BQXdDd1lEVlIwUEJBUURBZ1R3TUJNRwpBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNRXdHQTFVZEVRUkZNRU9DSDJoaGNtSnZjaTEwY21saGJDNXphR1V1CmMzbHpkR1Z0WkdWdGJ5NXZjbWVDRW5Ob1pTNXplWE4wWlcxa1pXMXZMbTl5WjRJTWFHRnlZbTl5TFhSeWFXRnMKTUEwR0NTcUdTSWIzRFFFQkRRVUFBNElDQVFCTjNSb3EyaDQ4NG1vclkzR09NTm1uOWpCSjlCbUNpdk90ZHNQeApmQkpneGppNXFHQlY2MXRMU1VBWTdZYmNmRzdmS2ZuUmpuOXVYbXRjVmxaUkQ3MDEvU3RPQnlvU2RaL0Q4NFNJCktIYUE5eG9MWlVEbzRYRGhRVm50MDRjMk5JdUF2R21hMkpoVlZzdlZ4OG4wOS9mZHFKUC85RGVYWUhRL3FFdE8KNkdaTEp1ZTNFcFpLTDZNZ0FKSjRETzQ5dTdjY1VtWGI2OFM5alpDYXViVXEzTm9ndHA2VkNxMjRNVXlOdzJlVQplTXJDRStaaXRSK1p4Yi9xUWF4dDJoelQzU3dlRXc1MzRlQ3BHT05CclhrTE05M2VMV29MdE9Ec3VCazkwakc1CmlKM1NWVExxSk9tandqbnpnNWZHK3F2MmhWWUhFNFUxUk1KWDZHdk81Mll6QzgrMnNkS0NWT3ZuTm02RXh2UDUKS1dFY2hOOWdaWjNBWlJSYmpYR0VwSktiYmthQWRIcFc5UzR0cTV2R1hySFQ4dDJJN3hKMlhpWlgwcE9UdUJsagpZVU9LaDZ5aWFsZGFtbmFMNDYrWEVNVW5nQW1FaU9RaDI4c3FFT2tsTXRYYks5bGtIRit3NDQ2czZJejdhd0QyClZSQUpQSmF2dkdhUy9teXJYTHhMNzVMMElEeHEzdzJrT2VOTEpxa29MeHI4dnM2SzBqWFo0L2ZEVzc0Wkl1Ym0KNG5hQ1VSamFrYXBGWFVoOXJKaW5XSkNrSE1rTjNnTHRXMnQyKzlLUDkrY0g4SWNHQWZPYm1adkkzSEo3VVdYVApJdU0rT1N1YUFJY0FaSUVHY1ova2Frc2tWcXFndm9ub05PNTY4MGhVcWk1T3lWSmtZRHZjQWNrc2R2dHI5amhmCkl4L016QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---# Cert issuerapiVersion: cert-manager.io/v1kind: Issuermetadata:
name: self-signed
namespace: cluster-sample-nsspec:
ca:
secretName: harbor-test-ca
---# Full stack HarborapiVersion: goharbor.io/v1beta1kind: HarborClustermetadata:
name: harborcluster-sample
namespace: cluster-sample-nsspec:
version: 2.5.1
logLevel: info
network:
ipFamilies:
- IPv4
- IPv6
imageSource:
repository: ghcr.io/goharbor
harborAdminPasswordRef: admin-core-secret
externalURL: https://harbor-trial.she.systemdemo.org
expose:
core:
ingress:
host: harbor-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
notary:
ingress:
host: notary-trial.she.systemdemo.org
controller: default
annotations:
#cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
#kubernetes.io/tls-acme: "true"
#acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "390"
nginx.ingress.kubernetes.io/proxy-send-timeout: "900"
nginx.ingress.kubernetes.io/proxy-read-timeout: "900"
nginx.org/client-max-body-size: 50m
ingressClassName: nginx
tls:
certificateRef: sample-public-certificate
internalTLS:
enabled: true
portal: {}
registry:
metrics:
enabled: true
core:
tokenIssuer:
name: self-signed
kind: Issuer
metrics:
enabled: true
chartmuseum: {}
exporter: {}
trivy:
skipUpdate: false
storage: {}
notary:
migrationEnabled: true
database:
kind: Zlando/PostgreSQL
spec:
zlandoPostgreSql:
operatorVersion: "1.5.0"
storage: 1Gi
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
storage:
kind: MinIO
spec:
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
minIO:
operatorVersion: "4.0.6"
replicas: 2
secretRef: minio-access-secret
redirect:
enable: true
expose:
ingress:
host: minio-trial.she.systemdemo.org
tls:
certificateRef: sample-public-certificate
volumesPerServer: 2
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
cache:
kind: RedisFailover
spec:
redisFailover:
operatorVersion: "1.0.0"
server:
replicas: 1
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 250Mi
sentinel:
replicas: 1
—
Reply to this email directly, view it on GitHub
<#1028 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2MHVUOCUIVLZXX4XV7BROLW6VJSHANCNFSM6AAAAAAWGKPCZY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Hello, Sorry I can't see your attachment. Thomas |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
kubectl apply -f manifests/samples/full_stack.yaml meet error in harbor-core pod
secret "harborcluster-sample-harbor-harbor-core-tokencert" not found
secret "sample-public-certificate" not found
Kubectl describe cert harborcluster-sample-harbor-harbor-core-tokencert -n cluster-sample-ns
O/P:
Status:
Conditions:
Last Transition Time: 2023-03-24T09:07:25Z
Message: The certificate request has failed to complete and will be retried: The CSR PEM requests a commonName that is not present in the list of dnsNames or ipAddresses. If a commonName is set, ACME requires that the value is also present in the list of dnsNames or ipAddresses: "harborcluster-sample-harbor-harbor-core-tokencert" does not exist in [] or []
Observed Generation: 1
Reason: Failed
Status: False
Type: Issuing
Last Transition Time: 2023-03-24T09:07:15Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: False
Type: Ready
Failed Issuance Attempts: 1
Last Failure Time: 2023-03-24T09:07:25Z
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 69s cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 66s cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "harborcluster-sample-harbor-harbor-core-tokencert-pcldh"
Normal Requested 62s cert-manager-certificates-request-manager Created new CertificateRequest resource "harborcluster-sample-harbor-harbor-core-tokencert-28st4"
Warning Failed 58s cert-manager-certificates-issuing The certificate request has failed to complete and will be retried: The CSR PEM requests a commonName that is not present in the list of dnsNames or ipAddresses. If a commonName is set, ACME requires that the value is also present in the list of dnsNames or ipAddresses: "harborcluster-sample-harbor-harbor-core-tokencert" does not exist in [] or []
@bitsf @jsuchome @tianon @dajudge --- Please help
I am doing using lets encrypt ways ----
Fullstack file
The text was updated successfully, but these errors were encountered: