堆栈内存溢出
  简体   繁体   English

Kubectl tls 补丁返回“未修补”

[英]Kubectl tls patch returning “not patched”

 原文  2020-08-25 11:57:01       amazon-web-services/ ssl/ kubernetes/ istio

问题描述

I am trying to patch istio-ingressgateway service with ACM by the following我正在尝试通过以下方式使用 ACM 修补istio-ingressgateway服务


kubectl -n istio-system patch service istio-ingressgateway -p "$(cat<<EOF
metadata:
  name: istio-ingressgateway
  namespace: istio-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx-1:123456789:certificate/xxxx-xxx-xxxxxxxxxxx"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Cluster
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
EOF
)"

but it is returning not patched .但它返回未修补 Whats wrong here?这里有什么问题?

2 个解决方案

解决方案1
 4 已采纳  2020-08-25 12:32:25

The problem is the indentation try to put your patch on a yaml file:问题是缩进尝试将您的补丁放在 yaml 文件中:

ingress_patch.yaml ingress_patch.yaml

metadata:
  name: istio-ingressgateway
  namespace: istio-system
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx-1:123456789:certificate/xxxx-xxx-xxxxxxxxxxx"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Cluster
  selector:
    app: istio-ingressgateway
    istio: ingressgateway

Then apply it as follows:然后按如下方式应用它:

kubectl -n istio-system patch service istio-ingressgateway -p "$(cat ./ingress_patch.yaml)"

解决方案2
 3  

I am posting this as a community wiki answer for better visibility.我将此作为社区 wiki 答案发布,以提高可见度。

As I mentioned in comments there is related github issue about Istio Ingress TLS key management use ACM .正如我在评论中提到的,有关于Istio Ingress TLS 密钥管理使用 ACM 的相关 github 问题。

Despite what @wolmi said what is true, because the indentation was wrong, there are more issues which need to be covered when you're trying to combine istio with ELB and ACM.尽管@wolmi 所说的是真的,因为缩进是错误的,当您尝试将istioELB和 ACM 结合时,还有更多问题需要解决。

It's well described in 3 below answers.它在下面的 3 个答案中得到了很好的描述。

Especially worth to take look and 3 below comments from above github issue.特别值得一看,下面 3 条来自 github 问题的评论。

  • Answer provided by @cmcconnell1. 答案由@ cmcconnell1提供。
  • Answer provided by @eduardobaitello 答案由@eduardobaitello提供
  • Answer provided by @eduardobaitello 答案由@eduardobaitello提供

Additionally there is a thread about that on discuss.istio.io此外,在 Discussion.istio.io 上一个关于此的主题

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 EKS 上的 kubectl exec/logs 返回“远程错误:tls:内部错误” - kubectl exec/logs on EKS returns "remote error: tls: internal error" aws eks 集群的 kubectl 身份验证 - kubectl authentication to aws eks cluster kubectl命令超时没有详细信息 - kubectl commands timeout without details kops - 获取错误的 kubectl 上下文 - kops - get wrong kubectl context 在 aws cloudshell 上启用 kubectl 自动完成 - Enable kubectl autocompletion on aws cloudshell Terraform AWS EKS kubectl 配置 - Terraform AWS EKS kubectl configuration 内部 AWS TLS 证书 - Internal AWS TLS Certificates AWS EKS - kubectl 日志 [pod 名称] - AWS EKS - kubectl logs [pod name] Kubectl 不适用于 AWS EC2 实例 - Kubectl is not working on AWS EC2 instance 在EC2 ubuntu实例上使用kubectl拒绝连接? - Connection refused with kubectl on EC2 ubuntu instance?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM