问题描述
我正在设置一个包含入口控制器证书的机密,但在检查入口日志时出现以下错误
入口日志:
W0304 05:47:32.020497 7 controller.go:1153] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found. Using default certificate
W0304 05:47:32.020516 7 controller.go:1407] Error getting SSL certificate "default/auth-tls": local SSL certificate default/auth-tls was not found
I0304 05:47:32.114777 7 main.go:117] "successfully validated configuration,accepting" ingress="hello-kubernetes-ingress" namespace="default"
秘密:
$ kubectl create secret tls auth-tls --cert key.pem --key out.key
$ kubectl describe secret auth-tls
Name: auth-tls
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/tls
Data
====
tls.crt: 3231 bytes
tls.key: 1732 bytes
下面是我的入口 yaml 文件
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
Metadata:
name: hello-kubernetes-ingress
annotations:
kubernetes.io/ingress.class: Nginx
Nginx.ingress.kubernetes.io/auth-url: https://externalauthentication/authorize
spec:
rules:
- host: hw1.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-first
servicePort: 80
- host: hw2.yourdomain
http:
paths:
- backend:
serviceName: hello-kubernetes-second
servicePort: 80
tls:
- hosts:
- externalauthentication
- hw1.yourdomain
secretName: auth-tls
解决方法
Ingress
和 Secret
都是命名空间资源。您可以通过以下方式检查自己:
$ kubectl api-resources --namespaced=true
NAME SHORTNAMES APIGROUP NAMESPACED KIND
...
secrets true Secret
...
ingresses ing extensions true Ingress
ingresses ing networking.k8s.io true Ingress
他们只能在他们的 namespace 内工作。因此,在您的用例中,您需要将它们(Ingress
和 Secret
)放在同一个命名空间中。