How to configure a Private CA cert for S3 Backend #21175
harrisonbc
started this conversation in
General
Replies: 1 comment
-
You can diagnostic the problem by compare the the content of the cert file.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm trying to setup harbor with an S3 backend on kubernetes via the helm chart.
If I use a S3 service (minio) with a well know certificate then all is well, however if the S3 service has a cert signed by a private CA then I get errors in the registry pod: "tls: failed to verify certificate: x509: certificate signed by unknown authority" err.message="unknown error""
This is despite having set caBundleSecretName as documented in the harbor helm values file here: https://github.com/goharbor/harbor-helm/blob/main/values.yaml
Which states the following: (Lines 186-189)
Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
The secret must contain keys named "ca.crt" which will be injected into the trust store
of registry's containers.
caBundleSecretName:
Can anyone offer any assistance?
Beta Was this translation helpful? Give feedback.
All reactions