自学内容网 自学内容网
自学内容网 > 正文

解决kubesphere x509: certificate signed by unknown authority问题(Kubesphere 配置镜像仓库)

🕗 发布于 2024-10-18 19:02 kubesphere  

问题

registry自签的证书,配置secret失败提示certificate signed by unknown authority
在这里插入图片描述

解决办法

通过configmap加载自签的CA证书

  • 查看 CA 证书的位置,在 Harbor 部署时,查看证书生成的位置及值:
ls /etc/docker/certs.d/
cat /etc/docker/certs.d/registry.opsxlab.cn/ca.crt

-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIBADANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtyZWdp
c3RyeS1jYTAeFw0yNDEwMTcxMzE5MTZaFw0zNDEwMTUxMzE5MTZaMBYxFDASBgNV
BAMTC3JlZ2lzdHJ5LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
npOr1/ZEqzED6dlRU6tT1Brx9wHY7GiPCxkRUrqI4HGEHhdpcQoEjzYrkwvRrf6T
BWjdV9heUp73nDu2W+4qVZ4REjcmJBPZQjjzB47/AuI8/kPM6XFoXJfOPNw7XS1S
lcLl+OMSJfH4WhBdKaQ2Y7QeyPhm8Kwl+U2WEvvX8Qe/DJnvH4NISnTuhvguq1a0
P0EMjrVjiYZ2wNLX4gVMCowVCH3w3eJH1S+4Psc61PMh/zsV+jl4ReQoPSUl0Xsa
Oe41rfT+09KHrXIgKw0t4JPcu9TvAENfUZ5tV9Gw+qyyW3FzJzfSNt+Qm3ZirL7+
XmePPg2IMQcoD1iKQCj03wIDAQABo1owWDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUFZB5nrmbMkUJ5fFppRCMkB3O6owwFgYDVR0R
BA8wDYILcmVnaXN0cnktY2EwDQYJKoZIhvcNAQELBQADggEBAFfRfqIAOpriDEfW
II3OAiFLClgqx0j0oJwr/GBnGSPrm0LSq0Z1RUyChiAq+eaM0RdKAcYUxuQwF2Az
OM28iHXrfIkn+HxqwVNt9MIIcfSvEbGq5/Ffpx/TTV5IRbmPxatMuzokY3RkiAyB
4T1NIlNvF5N0+hPlHeoVjns4Rrf19/0J734NaT6BK2YQSYgc+DXY1W7S546syuaJ
go3t0pQOWmrPIwVSXUXLl7gWvgLC7ByaEv55avVshOpsiscpF+NZax671WdPe1Pr
WsmgThuxlYdEHa65T+/Me/lK6Ip+ZPD9eKt3aDv+PLMGZI7iyj10csoFfySsqGYq
G56GWs4=
-----END CERTIFICATE-----

界面创建configmap:工作台>企业空间>System-workspace>项目>kubesphere-system>配置>配置字典

  • 新建registry-ca

在这里插入图片描述

在这里插入图片描述

  • 编辑 ks-apiserver deployment 文件,进行 configmap 的挂载:
    在这里插入图片描述

  • 更多操作=>编辑设置
    在这里插入图片描述

  • 存储卷=>挂载配置字典或保密字典
    在这里插入图片描述

  • 路径是:/etc/ssl/certs/ca.crt
    在这里插入图片描述

在这里插入图片描述

  • 点确认前没有出现报错.

在这里插入图片描述

  • 这里报错是正常的,deployment会被重建
    在这里插入图片描述
    过一会刷新下就恢复正常了

验证

配置=>保密字典=>创建

在这里插入图片描述
在这里插入图片描述

kubesphere的devops报错

Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io username=admin

2024-10-18 02:00:28.497+0000 [id=193]WARNINGo.s.c.s.ResourceBundleMessageSource#getResourceBundle: ResourceBundle [org.acegisecurity.messages] not found for MessageSource: Can't find bundle for base name org.acegisecurity.messages, locale en
2024-10-18 02:00:28.498+0000 [id=193]WARNINGo.a.p.l.a.BindAuthenticator2#handleBindException: Failed to bind to LDAP: userDnuid=admin,ou=Users,dc=kubesphere,dc=io  username=admin
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2991)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2905)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:262)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:280)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.acegisecurity.ldap.DefaultInitialDirContextFactory.connect(DefaultInitialDirContextFactory.java:180)
at org.acegisecurity.ldap.DefaultInitialDirContextFactory.newInitialDirContext(DefaultInitialDirContextFactory.java:261)
at org.acegisecurity.ldap.LdapTemplate.execute(LdapTemplate.java:123)
at org.acegisecurity.ldap.LdapTemplate.retrieveEntry(LdapTemplate.java:165)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.bindWithDn(BindAuthenticator.java:87)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator.authenticate(BindAuthenticator.java:72)
at org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2.authenticate(BindAuthenticator2.java:49)
at org.acegisecurity.providers.ldap.LdapAuthenticationProvider.retrieveUser(LdapAuthenticationProvider.java:233)
at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider$1.retrieveUser(AbstractUserDetailsAuthenticationProvider.java:52)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:133)
at org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:66)
at org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:200)
at org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:47)

解决办法

修改默认的账户密码,修改为登录kubesphere的账号密码

路径 配置=>保密字典=>devops-jenkins

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
改完之后重新部署devops-controller,devops-apiserver,devops-jenkins 这三个服务
在这里插入图片描述


原文地址:https://blog.csdn.net/qq_44732146/article/details/143035259

免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!

相关文章

自学内容网
Copyright © 2015-2024