[英]Kubectl tls patch returning “not patched”
I am trying to patch istio-ingressgateway service with ACM by the following我正在尝试通过以下方式使用 ACM 修补istio-ingressgateway服务
kubectl -n istio-system patch service istio-ingressgateway -p "$(cat<<EOF
metadata:
name: istio-ingressgateway
namespace: istio-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx-1:123456789:certificate/xxxx-xxx-xxxxxxxxxxx"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
type: LoadBalancer
externalTrafficPolicy: Cluster
selector:
app: istio-ingressgateway
istio: ingressgateway
EOF
)"
but it is returning not patched .但它返回未修补。 Whats wrong here?
这里有什么问题?
The problem is the indentation try to put your patch on a yaml file:问题是缩进尝试将您的补丁放在 yaml 文件中:
ingress_patch.yaml ingress_patch.yaml
metadata:
name: istio-ingressgateway
namespace: istio-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx-1:123456789:certificate/xxxx-xxx-xxxxxxxxxxx"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
type: LoadBalancer
externalTrafficPolicy: Cluster
selector:
app: istio-ingressgateway
istio: ingressgateway
Then apply it as follows:然后按如下方式应用它:
kubectl -n istio-system patch service istio-ingressgateway -p "$(cat ./ingress_patch.yaml)"
I am posting this as a community wiki answer for better visibility.我将此作为社区 wiki 答案发布,以提高可见度。
As I mentioned in comments there is related github issue about Istio Ingress TLS key management use ACM .正如我在评论中提到的,有关于Istio Ingress TLS 密钥管理使用 ACM 的相关 github 问题。
Despite what @wolmi said what is true, because the indentation was wrong, there are more issues which need to be covered when you're trying to combine istio with ELB and ACM.尽管@wolmi 所说的是真的,因为缩进是错误的,当您尝试将istio与ELB和 ACM 结合时,还有更多问题需要解决。
It's well described in 3 below answers.它在下面的 3 个答案中得到了很好的描述。
Especially worth to take look and 3 below comments from above github issue.特别值得一看,下面 3 条来自 github 问题的评论。
Additionally there is a thread about that on discuss.istio.io此外,在 Discussion.istio.io 上有一个关于此的主题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.