问题描述
在Kubernetes上安装docker注册表时遇到问题。尽管我已经反复创建并删除了TLS证书,但仍收到有关此规范的证书已过期的通知:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
normal Issuing 2m40s cert-manager Existing private key is not up to date for spec: [spec.keySize]
Warning DecodeFailed 2m40s cert-manager Existing private key in Secret "docker-registry-tls-certificate" does not match requirements on Certificate resource,mismatching fields: [spec.keySize]
此外,当我检查我们的证书时,我发现我们的TLS证书尚未准备就绪:
[root@kube-master-0 dockerRegistry]# kubectl get certs
NAME READY SECRET AGE
docker-registry-tls True docker-registry-tls-certificate 6m53s
docker-registry-tls-certificate False docker-registry-tls-certificate 7m14s
我们的证书Yaml文件:
# 01 Staging Environment over SelfSignedCert witthout a Public DNS
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
Metadata:
name: demo-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
Metadata:
name: docker-registry-tls
spec:
# Secret names are always required.
secretName: docker-registry-tls-certificate
duration: 2160h # 90d
renewBefore: 360h # 15d
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: registry.example.com
isCA: false
keySize: 4096
keyAlgorithm: rsa
keyEncoding: pkcs1
usages:
- server auth
- client auth
# At least one of a DNS Name,URI,or IP address is required.
dnsNames:
- registry.example.com
- example.com
ipAddresses:
- 192.168.50.101
- 192.168.50.102
# Issuer references are always required.
issuerRef:
name: demo-issuer
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer,change this to that issuer group.
group: cert-manager.io
此问题的根本原因是什么?如何解决该问题?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)