【发布时间】:2021-03-04 06:21:07
【问题描述】:
我正在设置一个包含入口控制器证书的密钥,但是当我检查入口日志时出现以下错误
入口日志:
W0304 05:47:32.020497 7 controller.go:1153] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found. Using default certificate
W0304 05:47:32.020516 7 controller.go:1407] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found
I0304 05:47:32.114777 7 main.go:117] "successfully validated configuration, accepting" ingress="hello-kubernetes-ingress" namespace="default"
秘密:
$ kubectl create secret tls auth-tls --cert key.pem --key out.key
$ kubectl describe secret auth-tls
Name: auth-tls
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 3231 bytes
tls.key: 1732 bytes
下面是我的入口 yaml 文件
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/auth-url: https://externalauthentication/authorize
spec:
rules:
- host: hw1.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
- host: hw2.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-second
servicePort: 80
tls:
- hosts:
- externalauthentication
- hw1.yourdomain
secretName: auth-tls
【问题讨论】:
-
你是如何安装你的入口控制器的,在哪个命名空间中?这可能与权限有关。
-
我通过 minikube 插件启用了 ingress-controller,它在 kube-system 命名空间中运行
-
secret和 podhello-kubernetes-ingress在同一个命名空间,它们应该在同一个命名空间 -
@DivyaVyas 你能否验证这两个资源是否在同一个命名空间中?
-
@DivyaVyas,这个问题有什么进展吗?你解决了吗?
标签: kubernetes kubernetes-ingress kubernetes-secrets