我的书签
添加书签
移除书签- You have a ca-bundle, or single public certificates of your CA, which is used by the webproxy.
- Take a look at the docker-compose.yml and the configuration of trivy-adapter. It looks something like this:
- note the binding which mounts to and add your ca-bundle or the single public-certificates into the mount-location, by copying them.
- (opt) if the host-path doesn’t fit for your case, you can also configure another path in the docker-compose file. be aware, that you might have to manually change this, if there are changes on new releases of trivy/harbor.
Depending on if you changed the path or not an update might overwrite the folder or mount from a different location. The following process makes sure, you don’t run into anything unexpected
- backup your certificates to a folder, which is unrelated to harbor-configuration
- upgrade harbor as always
- check if the mount is the same as the folder where your certificates reside (normally
./common/config/shared/trust-certificates) - check if trivy is able to get CVE data
