如何让入口在 Microk8s 中使用我的 TLS 证书
How to make ingress use my TLS Certificate in Microk8s
我有以下 Ingress 配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-ingress
spec:
rules:
- host: example-adress.com
http:
paths:
- path: /apple
pathType: Prefix
backend:
service:
name: apple-service
port:
number: 80
- path: /banana
pathType: Prefix
backend:
service:
name: banana-service
port:
number: 80
tls:
- hosts:
- example-adress.com
secretName: testsecret-tls
我还创造了秘密:
apiVersion: v1
kind: Secret
metadata:
name: testsecret-tls
namespace: default
data:
tls.crt: path to .crt
tls.key: Zpath to .key
type: kubernetes.io/tls
但是当我连接到我的一项服务并检查证书时,它说它使用了由 Kubernetes Ingress Controller 假证书创建的证书。
当我 运行 microk8s kubectl describe ingress 我得到以下输出:
Name: http-ingress
Namespace: default
Address: 127.0.0.1
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
testsecret-tls terminates example-adress.com
Rules:
Host Path Backends
---- ---- --------
example-adress.com
/apple apple-service:80 (10.1.55.17:5678)
/banana banana-service:80 (10.1.55.10:5678)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 28m nginx-ingress-controller Ingress default/http-ingress
Normal UPDATE 20m (x2 over 28m) nginx-ingress-controller Ingress default/http-ingress
我需要更改什么才能让我的 Ingress 使用我的证书而不是每次都生成一个新证书?
发布此评论,因为它有效。
根据您的tls secret yaml,您尝试使用目前不支持的路径添加证书和私钥(reference)
参考片段:
When using this type of Secret, the tls.key and the tls.crt key must be provided in the data (or stringData) field of the Secret configuration, although the API server doesn't actually validate the values for each key.
因此有两个关于如何前进的建议:
- 将密钥和证书的 base64 加密值添加到 tls secret
- 允许 kubernetes 使用以下命令为您执行此操作:
kubectl create secret tls testsecret-tls --cert=tls.cert --key=tls.key
我有以下 Ingress 配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-ingress
spec:
rules:
- host: example-adress.com
http:
paths:
- path: /apple
pathType: Prefix
backend:
service:
name: apple-service
port:
number: 80
- path: /banana
pathType: Prefix
backend:
service:
name: banana-service
port:
number: 80
tls:
- hosts:
- example-adress.com
secretName: testsecret-tls
我还创造了秘密:
apiVersion: v1
kind: Secret
metadata:
name: testsecret-tls
namespace: default
data:
tls.crt: path to .crt
tls.key: Zpath to .key
type: kubernetes.io/tls
但是当我连接到我的一项服务并检查证书时,它说它使用了由 Kubernetes Ingress Controller 假证书创建的证书。 当我 运行 microk8s kubectl describe ingress 我得到以下输出:
Name: http-ingress
Namespace: default
Address: 127.0.0.1
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
testsecret-tls terminates example-adress.com
Rules:
Host Path Backends
---- ---- --------
example-adress.com
/apple apple-service:80 (10.1.55.17:5678)
/banana banana-service:80 (10.1.55.10:5678)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 28m nginx-ingress-controller Ingress default/http-ingress
Normal UPDATE 20m (x2 over 28m) nginx-ingress-controller Ingress default/http-ingress
我需要更改什么才能让我的 Ingress 使用我的证书而不是每次都生成一个新证书?
发布此评论,因为它有效。
根据您的tls secret yaml,您尝试使用目前不支持的路径添加证书和私钥(reference) 参考片段:
When using this type of Secret, the
tls.keyand thetls.crtkey must be provided in thedata(orstringData) field of the Secret configuration, although the API server doesn't actually validate the values for each key.
因此有两个关于如何前进的建议:
- 将密钥和证书的 base64 加密值添加到 tls secret
- 允许 kubernetes 使用以下命令为您执行此操作:
kubectl create secret tls testsecret-tls --cert=tls.cert --key=tls.key