入口控制器无法读取机密

时间:2019-06-01 04:59:54

标签: kubernetes tls1.2 kubernetes-ingress nginx-ingress kubernetes-secrets

我在Nginx入口Pod日志中收到以下错误:

  

E0601 04:15:05.883895 11 notes.go:188]错误读取Ingress的CertificateAuth注释val33-idx / dev-20190601t0309-index-data-ingress:错误获取证书:本地SSL证书val33-idx / dev-20190601t0309 -index-data-ingress-secrets未找到

下面是集群中的对象(带有kubectl get --namespace val33-idx -o yaml ...) 入口:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx-publisher
    nginx.ingress.kubernetes.io/auth-tls-secret: val33-idx/dev-20190601t0309-index-data-ingress-secrets
    nginx.ingress.kubernetes.io/auth-tls-verify-client: optional_no_ca
    nginx.ingress.kubernetes.io/limit-connections: "10"
    nginx.ingress.kubernetes.io/limit-rps: "200"
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/proxy-connect-timeout: 20s
    nginx.ingress.kubernetes.io/proxy-read-timeout: 120s
    nginx.ingress.kubernetes.io/proxy-send-timeout: 60s
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/ssl-ciphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  creationTimestamp: 2019-06-01T03:09:10Z
  generation: 4
  labels:
    app: index-data-publisher
    app.kubernetes.io/component: index-data-ingress
    app.kubernetes.io/instance: dev-20190601t0309
    app.kubernetes.io/managed-by: Tiller
    app.kubernetes.io/name: index-data-publisher
    app.kubernetes.io/part-of: index-data
    app.kubernetes.io/version: 0.6.0-0.1
    business-line: data-management
    env: dev
    helm.sh/chart: index-data-2.0.0
    index-data-component: publisher
  name: dev-20190601t0309-index-data-ingress
  namespace: val33-idx
  resourceVersion: "2532272"
  selfLink: /apis/extensions/v1beta1/namespaces/val33-idx/ingresses/dev-20190601t0309-index-data-ingress
  uid: a0867cb3-841a-11e9-a2af-0ed5588f57fc
spec:
  rules:
  - host: val33-idx.idx-data-dev.symdev.us
    http:
      paths:
      - backend:
          serviceName: dev-20190601t0309-index-data-publisher-service
          servicePort: 3000
        path: /publisher/(.+)
  tls:
  - hosts:
    - val33-idx.idx-data-dev.symdev.us
    secretName: val33-idx/dev-20190601t0309-index-data-ingress-secrets

秘密:

apiVersion: v1
data:
  ca.crt: Ii0tLS0tQkV...
  dhparam.pem: Ii0tLS0tQkVH...
  tls.crt: Ii0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLVxuTUlJRGZ6Q0NBbWVnQ...
  tls.key: Ii0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBRE...
kind: Secret
metadata:
  creationTimestamp: 2019-06-01T03:09:10Z
  labels:
    app: index-data-publisher
    app.kubernetes.io/component: index-data-ingress-secrets
    app.kubernetes.io/instance: dev-20190601t0309
    app.kubernetes.io/managed-by: Tiller
    app.kubernetes.io/name: index-data-publisher
    app.kubernetes.io/part-of: index-data
    app.kubernetes.io/version: 0.6.0-0.1
    business-line: data-management
    env: dev
    helm.sh/chart: index-data-2.0.0
    index-data-component: publisher
  name: dev-20190601t0309-index-data-ingress-secrets
  namespace: val33-idx
  resourceVersion: "2526472"
  selfLink: /api/v1/namespaces/val33-idx/secrets/dev-20190601t0309-index-data-ingress-secrets
  uid: a066a3a0-841a-11e9-a2af-0ed5588f57fc
type: kubernetes.io/tls

以及入口控制器的部署:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
  creationTimestamp: 2019-06-01T03:09:10Z
  generation: 4
  labels:
    app: index-data-publisher
    app.kubernetes.io/component: index-data-ingress
    app.kubernetes.io/instance: dev-20190601t0309
    app.kubernetes.io/managed-by: Tiller
    app.kubernetes.io/name: index-data-publisher
    app.kubernetes.io/part-of: index-data
    app.kubernetes.io/version: 0.6.0-0.1
    business-line: data-management
    env: dev
    helm.sh/chart: index-data-2.0.0
    index-data-component: publisher
  name: dev-20190601t0309-index-data-ingress
  namespace: val33-idx
  resourceVersion: "2532354"
  selfLink: /apis/extensions/v1beta1/namespaces/val33-idx/deployments/dev-20190601t0309-index-data-ingress
  uid: a081af59-841a-11e9-a2af-0ed5588f57fc
spec:
  progressDeadlineSeconds: 2147483647
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: index-data-publisher
      app.kubernetes.io/component: index-data-ingress-pod
      app.kubernetes.io/instance: dev-20190601t0309
      app.kubernetes.io/managed-by: Tiller
      app.kubernetes.io/name: index-data-publisher
      app.kubernetes.io/part-of: index-data
      app.kubernetes.io/version: 0.6.0-0.1
      business-line: data-management
      env: dev
      helm.sh/chart: index-data-2.0.0
      index-data-component: publisher
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        checksum/config: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      creationTimestamp: null
      labels:
        app: index-data-publisher
        app.kubernetes.io/component: index-data-ingress-pod
        app.kubernetes.io/instance: dev-20190601t0309
        app.kubernetes.io/managed-by: Tiller
        app.kubernetes.io/name: index-data-publisher
        app.kubernetes.io/part-of: index-data
        app.kubernetes.io/version: 0.6.0-0.1
        business-line: data-management
        env: dev
        helm.sh/chart: index-data-2.0.0
        index-data-component: publisher
      name: dev-20190601t0309-index-data-ingress-pod
    spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --default-backend-service=val33-idx/dev-20190601t0309-index-data-default-backend-service
        - --configmap=val33-idx/dev-20190601t0309-index-data-ingress-config
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx-publisher
        - --watch-namespace=val33-idx
        - --v=5
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: dev-20190601t0309-index-data-nginx
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 33
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: dev-20190601t0309-index-data-ingress-account
      serviceAccountName: dev-20190601t0309-index-data-ingress-account
      terminationGracePeriodSeconds: 60

我在这里做错了什么?请帮助。

0 个答案:

没有答案
相关问题
最新问题