“秘密中的现有私钥”;docker注册表tls证书“;具有不匹配的字段:[spec.keySize]
我在Kubernetes上安装docker注册表时遇到问题。尽管我已多次创建并删除TLS证书,但我收到通知,您的证书已过期,无法用于此规范:“秘密中的现有私钥”;docker注册表tls证书“;具有不匹配的字段:[spec.keySize],docker,kubernetes,tls1.2,docker-registry,Docker,Kubernetes,Tls1.2,Docker Registry,我在Kubernetes上安装docker注册表时遇到问题。尽管我已多次创建并删除TLS证书,但我收到通知,您的证书已过期,无法用于此规范: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Issuing 2m40s cert-manager Existing private
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 2m40s cert-manager Existing private key is not up to date for spec: [spec.keySize]
Warning DecodeFailed 2m40s cert-manager Existing private key in Secret "docker-registry-tls-certificate" does not match requirements on Certificate resource, mismatching fields: [spec.keySize]
此外,当我检查我们的证书时,我发现我们的TLS证书尚未准备就绪:
[root@kube-master-0 dockerRegistry]# kubectl get certs
NAME READY SECRET AGE
docker-registry-tls True docker-registry-tls-certificate 6m53s
docker-registry-tls-certificate False docker-registry-tls-certificate 7m14s
我们的证书yaml文件:
# 01 Staging Environment over SelfSignedCert witthout a Public DNS
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: demo-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: docker-registry-tls
spec:
# Secret names are always required.
secretName: docker-registry-tls-certificate
duration: 2160h # 90d
renewBefore: 360h # 15d
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: registry.example.com
isCA: false
keySize: 4096
keyAlgorithm: rsa
keyEncoding: pkcs1
usages:
- server auth
- client auth
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- registry.example.com
- example.com
ipAddresses:
- 192.168.50.101
- 192.168.50.102
# Issuer references are always required.
issuerRef:
name: demo-issuer
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
这个问题的根本原因是什么?我如何解决这个问题?您是否遵循了一些解决方法?请在这里分享链接任何新闻-有相同的问题吗?您是否遵循一些如何解决的方法?请在这里分享链接任何新闻-有相同的问题吗?