我正在设置一个包含入口控制器证书的机密,但在检查入口日志时出现以下错误
入口日志:
W0304 05:47:32.020497 7 controller.go:1153] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found. Using default certificate
W0304 05:47:32.020516 7 controller.go:1407] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found
I0304 05:47:32.114777 7 main.go:117] "successfully validated configuration, accepting" ingress="hello-kubernetes-ingress" namespace="default"
Secret:
$ kubectl create secret tls auth-tls --cert key.pem --key out.key
$ kubectl describe secret auth-tls
Name: auth-tls
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 3231 bytes
tls.key: 1732 bytes
下面是我的 ingress yaml 文件
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/auth-url: https://externalauthentication/authorize
spec:
rules:
- host: hw1.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
- host: hw2.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-second
servicePort: 80
tls:
- hosts:
- externalauthentication
- hw1.yourdomain
secretName: auth-tls
这俩Ingress
和Secret
是命名空间资源。您可以通过以下方式检查自己:
$ kubectl api-resources --namespaced=true
NAME SHORTNAMES APIGROUP NAMESPACED KIND
...
secrets true Secret
...
ingresses ing extensions true Ingress
ingresses ing networking.k8s.io true Ingress
他们只能在自己的范围内工作名称空间 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/。因此,在您的用例中,您需要将它们都放在(Ingress
and Secret
)在同一个命名空间中。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)