“秘密中的现有私钥”；docker注册表tls证书“；具有不匹配的字段：[spec.keySize]_Docker_Kubernetes_Tls1.2_Docker Registry

“秘密中的现有私钥”；docker注册表tls证书“；具有不匹配的字段：[spec.keySize]

docker kubernetes

“秘密中的现有私钥”；docker注册表tls证书“；具有不匹配的字段：[spec.keySize],docker,kubernetes,tls1.2,docker-registry,Docker,Kubernetes,Tls1.2,Docker Registry,我在Kubernetes上安装docker注册表时遇到问题。尽管我已多次创建并删除TLS证书，但我收到通知，您的证书已过期，无法用于此规范： Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Issuing 2m40s cert-manager Existing private

我在Kubernetes上安装docker注册表时遇到问题。尽管我已多次创建并删除TLS证书，但我收到通知，您的证书已过期，无法用于此规范：

Events:
  Type     Reason        Age    From          Message
  ----     ------        ----   ----          -------
  Normal   Issuing       2m40s  cert-manager  Existing private key is not up to date for spec: [spec.keySize]
  Warning  DecodeFailed  2m40s  cert-manager  Existing private key in Secret "docker-registry-tls-certificate" does not match requirements on Certificate resource, mismatching fields: [spec.keySize]

此外，当我检查我们的证书时，我发现我们的TLS证书尚未准备就绪：

[root@kube-master-0 dockerRegistry]# kubectl get certs
NAME                              READY   SECRET                            AGE
docker-registry-tls               True    docker-registry-tls-certificate   6m53s
docker-registry-tls-certificate   False   docker-registry-tls-certificate   7m14s

我们的证书yaml文件：

# 01 Staging Environment over SelfSignedCert witthout a Public DNS
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: demo-issuer
spec:
  selfSigned: {}

---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: docker-registry-tls
spec:
  # Secret names are always required.
  secretName: docker-registry-tls-certificate
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
  commonName: registry.example.com
  isCA: false
  keySize: 4096
  keyAlgorithm: rsa
  keyEncoding: pkcs1
  usages:
    - server auth
    - client auth
  # At least one of a DNS Name, URI, or IP address is required.
  dnsNames:
  - registry.example.com
  - example.com
  ipAddresses:
  - 192.168.50.101
  - 192.168.50.102
  # Issuer references are always required.
  issuerRef:
    name: demo-issuer
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: Issuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
    group: cert-manager.io

这个问题的根本原因是什么？我如何解决这个问题？

您是否遵循了一些解决方法？请在这里分享链接任何新闻-有相同的问题吗？您是否遵循一些如何解决的方法？请在这里分享链接任何新闻-有相同的问题吗？