如何让入口在 Microk8s 中使用我的 TLS 证书
[英]How to make ingress use my TLS Certificate in Microk8s
问题描述
I have the following Ingress configuration:
我有以下入口配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-ingress
spec:
rules:
- host: example-adress.com
http:
paths:
- path: /apple
pathType: Prefix
backend:
service:
name: apple-service
port:
number: 80
- path: /banana
pathType: Prefix
backend:
service:
name: banana-service
port:
number: 80
tls:
- hosts:
- example-adress.com
secretName: testsecret-tls
And i also created the Secret:我还创造了秘密:
apiVersion: v1
kind: Secret
metadata:
name: testsecret-tls
namespace: default
data:
tls.crt: path to .crt
tls.key: Zpath to .key
type: kubernetes.io/tls
But when i connect to one of my services and check the certificate it says that it uses a cert created by Kubernetes Ingress Controller Fake certificate.但是,当我连接到我的一项服务并检查证书时,它说它使用由 Kubernetes Ingress Controller 假证书创建的证书。 When i run microk8s kubectl describe ingress i get the following output:当我运行 microk8s kubectl describe ingress 时,我得到以下 output:
Name: http-ingress
Namespace: default
Address: 127.0.0.1
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
testsecret-tls terminates example-adress.com
Rules:
Host Path Backends
---- ---- --------
example-adress.com
/apple apple-service:80 (10.1.55.17:5678)
/banana banana-service:80 (10.1.55.10:5678)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 28m nginx-ingress-controller Ingress default/http-ingress
Normal UPDATE 20m (x2 over 28m) nginx-ingress-controller Ingress default/http-ingress
What do i need to change to make my Ingress use my Cert instead of generating a new one everytime?我需要改变什么才能让我的 Ingress 使用我的证书而不是每次都生成一个新证书?
1 个解决方案
解决方案1
1 已采纳 2021-04-27 09:20:21
Posting this out of comment as it works.发布此评论,因为它有效。
Based on your tls secret yaml, you tried to add certificate and private key using paths, which is not supported currently ( reference ) Fragment from reference:根据您的 tls 机密 yaml,您尝试使用当前不支持的路径添加证书和私钥( 参考)来自参考的片段:
When using this type of Secret, the
tls.keyand thetls.crtkey must be provided in thedata(orstringData) field of the Secret configuration, although the API server doesn't actually validate the values for each key.data(或stringData)字段中提供tls.key和tls.crt密钥,尽管 API 服务器实际上并不验证每个密钥的值。
Therefore there are two suggestions how to move forward:因此,有两个建议如何前进:
- Add base64 encrypted values for key and certificate to tls secret将密钥和证书的 base64 加密值添加到 tls 机密
- Allow kubernetes do it for you with the following command:
kubectl create secret tls testsecret-tls --cert=tls.cert --key=tls.key允许 kubernetes 使用以下命令为您执行此操作: kubectl create secret tls testsecret-tls --cert=tls.cert --key=tls.key
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.