dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/fix-harbor-cert.sh
dvirlabs 798d50ebb0 fix: Configure Harbor to use cert-manager instead of auto-generated certs 
- Change Harbor certSource from 'auto' to 'secret'
- Reference stable secret name: harbor-ingress
- Keep cert-manager.io/cluster-issuer annotation for auto certificate management
- Remove harbor-ingress-v2 workaround name
- Add cleanup script and documentation

This fixes IncorrectIssuer error where Harbor's self-signed CA
conflicted with cert-manager's Let's Encrypt certificate management.

Resolves:
- 502 errors due to TLS configuration conflict
- Failed ACME order finalization (orderNotReady)
- Certificate stuck in non-Ready state
- Duplicate certificate issuance attempts
2026-03-21 23:56:21 +02:00

67 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/bash
# Harbor + cert-manager cleanup and fix script
# This removes the Harbor-generated certificate and lets cert-manager create a clean one
set -e
echo "=== Harbor cert-manager Fix ==="
echo ""
# Step 1: Delete the old Harbor-generated TLS secret
echo "1. Deleting existing harbor-ingress secret (Harbor's self-signed cert)..."
kubectl delete secret harbor-ingress -n dev-tools --ignore-not-found=true
echo " ✓ Secret deleted"
echo ""
# Step 2: Delete any failed cert-manager Certificate resources
echo "2. Cleaning up failed cert-manager resources..."
kubectl delete certificate harbor-ingress -n dev-tools --ignore-not-found=true
kubectl delete certificaterequest -n dev-tools -l cert-manager.io/certificate-name=harbor-ingress --ignore-not-found=true
echo " ✓ Old certificates cleaned"
echo ""
# Step 3: Commit and push the fixed values.yaml
echo "3. Committing fixed Harbor values to git..."
cd "$(dirname "$0")"
git add manifests/harbor/values.yaml
git commit -m "fix: Configure Harbor to use cert-manager for TLS (secretName: harbor-ingress)"
git push
echo " ✓ Changes pushed to git"
echo ""
# Step 4: Wait for ArgoCD to sync (or trigger manually)
echo "4. Waiting for ArgoCD to sync Harbor application..."
sleep 5
kubectl patch app harbor -n argocd --type merge -p '{"operation":{"initiatedBy":{"username":"manual"},"sync":{"revision":"HEAD"}}}'
echo " ✓ ArgoCD sync triggered"
echo ""
# Step 5: Monitor the certificate issuance
echo "5. Monitoring certificate creation..."
echo " (This may take 1-2 minutes for DNS-01 validation)"
echo ""
for i in {1..24}; do
STATUS=$(kubectl get certificate harbor-ingress -n dev-tools -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' 2>/dev/null || echo "NotFound")
if [ "$STATUS" == "True" ]; then
echo " ✓ Certificate issued successfully!"
break
elif [ "$STATUS" == "NotFound" ]; then
echo " ⏳ Waiting for certificate to be created... ($i/24)"
else
echo " ⏳ Certificate status: $STATUS ($i/24)"
fi
sleep 5
done
echo ""
echo "=== Verification ==="
kubectl get certificate harbor-ingress -n dev-tools
echo ""
kubectl get secret harbor-ingress -n dev-tools
echo ""
echo "=== Complete! ==="
echo "Test Harbor at: https://harbor.dvirlabs.com"
Reference in New Issue View Git Blame Copy Permalink