部署应用拉取镜像失败,harbor证书不对

Choerodon User Guide-Continuous Delivery
#1

  • Choerodon平台版本:1.0.0

  • 运行环境:自主搭建

  • 问题描述:

    一键部署的猪齿鱼,harbor的证书供应商只给了一个一级域名的,zzz.com的证书。说是只有一级域名证书,没有到harbor.zzz.com的证书。
    我就用这个证书执行的harbor证书配置,文档是这个:https://open.hand-china.com/document-center/doc/product/10003/10426?doc_id=125713&doc_code=1762#有公网域名
    我们有两个k8s集群,一个是猪齿鱼部署的集群,一个是应用发布环境。
    现在部署应用镜像能上传到harbor,在harbor库里也能看到。但是另一个发布环境拉取镜像报错

  • 报错信息:

Events:
  Type     Reason   Age                From     Message
  ----     ------   ----               ----     -------
  Normal   BackOff  24s (x2 over 25s)  kubelet  Back-off pulling image "harbor.zzz.com/operation/cloud-center:2022.3.21-105510-master"
  Warning  Failed   24s (x2 over 25s)  kubelet  Error: ImagePullBackOff
  Normal   Pulling  12s (x2 over 25s)  kubelet  Pulling image "harbor.zzz.com/operation/cloud-center:2022.3.21-105510-master"
  Warning  Failed   12s (x2 over 25s)  kubelet  Failed to pull image "harbor.zzz.com/operation/cloud-center:2022.3.21-105510-master": rpc error: code = Unknown desc = failed to pull and unpack image "harbor.zzz.com/operation/cloud-center:2022.3.21-105510-master": failed to resolve reference "harbor.zzz.com/operation/cloud-center:2022.3.21-105510-master": failed to do request: Head https://harbor.zzz.com/v2/operation/cloud-center/manifests/2022.3.21-105510-master: x509: certificate is valid for ingress.local, not harbor.zzz.com
  • 建议:

    只有一级域名的证书行吗?
    这个 “x509: certificate is valid for ingress.local, not harbor.zzz.com” 报错是哪里没设置对吗

#2

是证书的问题。换成harbor.xxx.com就可以了