jobservice log x509: certificate ERROR

[hongruiji]

Harbor 2.4.2
Use helm install The jobservice ERROR log :

2025-04-11T08:02:46Z [ERROR] [/jobservice/hook/hook_agent.go:155]: Retry: sending hook event error: Post "https://harbor-core:443/service/notifications/tasks/48122": x509: certificate is valid for ingress.local, not harbor-core, evt=status change: job=bf0697eab91c1bd508678a6e@1744329600, status=Success, revision=1744329557->https://harbor-core:443/service/notifications/tasks/48122, duration=1m1.798529875s

helm install 没有开启内部tls 加密。 检查harbor-core ConfigMap 中，调用harbor-core 或者 jobservice 相关配置是使用的http协议，没有https相关，harbor-core 的tls 证书也未配置。 根据日志内容，像是从jobservice 调用 harbor-core时使用的https ，并且证书中的CN为ingress.local。 请给出后续排查建议。 谢谢！

[hongruiji]

补充下： harbor 功能正常，只是有以上报错日志。

[stonezdj]

Please run the following command to check your installation.

k exec -it <jobservice_pod> -- bash
env |grep INTERNAL
INTERNAL_TLS_ENABLED=false
env |grep CORE
<the url of core should be http>

[lechugaletal]

Hi! it seems like the TLS Server certificate configured at the Harbor Core service is issued with Subject "CN=ingress.local". A solution for this could be:

• Issue a TLS Server certificate with subject "CN=harbor-core"
• Add a config option to the jobservice instance to allow "skip tls verify" so that it does not verify the subject of the certificate serverd by harbor CORE.

This second option could be useful to implement 🐢.

[github-actions[bot]]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.