无法从 <inline> 加载受信任的 CA 证书
Failed to load trusted CA certificates from <inline>
无法在网关上设置 mTLS。如果我设置网关 mode: MUTUAL 然后 istio-ingressgateway 输出
Failed to load trusted CA certificates from <inline>。我正在使用 Cloudflare origin pull CA cert。 mode: SIMPLE 秘密按预期工作。
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: mysite.com-cer
namespace: istio-system
type: kubernetes.io/tls
files:
- tls.key=certs/mysite.com.key
- tls.crt=certs/mysite.com.cer
- ca.crt=certs/cloudflare-ca.crt
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gw
spec:
servers:
- hosts:
- 'mysite.com'
- '*.mysite.com'
port:
number: 1443
name: https
protocol: HTTPS
tls:
mode: MUTUAL
credentialName: mysite.com-cer
Istio 1.12.1
检查生成的密钥中 ca.crt 值的内容,确保它是有效的证书。
Failed to load trusted CA certificates from <inline>表示证书为空或无效。
无法在网关上设置 mTLS。如果我设置网关 mode: MUTUAL 然后 istio-ingressgateway 输出
Failed to load trusted CA certificates from <inline>。我正在使用 Cloudflare origin pull CA cert。 mode: SIMPLE 秘密按预期工作。
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: mysite.com-cer
namespace: istio-system
type: kubernetes.io/tls
files:
- tls.key=certs/mysite.com.key
- tls.crt=certs/mysite.com.cer
- ca.crt=certs/cloudflare-ca.crt
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gw
spec:
servers:
- hosts:
- 'mysite.com'
- '*.mysite.com'
port:
number: 1443
name: https
protocol: HTTPS
tls:
mode: MUTUAL
credentialName: mysite.com-cer
Istio 1.12.1
检查生成的密钥中 ca.crt 值的内容,确保它是有效的证书。
Failed to load trusted CA certificates from <inline>表示证书为空或无效。