我想在运行istio的kubernetes集群中使用cert-manager订购证书。不幸的是,我的证书不是由证书经理下达的。在我的cert-manager pod的日志中,我发现此消息一遍又一遍地成为垃圾邮件:
cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="istio-system/controller-certificate-1405129842-0"
cert-manager/controller/challenges "level"=0 "msg"="syncing item" "key"="istio-system/controller-certificate-1405129842-0"
cert-manager/controller/challenges/http01/selfCheck/http01/ensurePod "level"=0 "msg"="found one existing HTTP01 solver pod" "dnsName"="<somename>.westeurope.cloudapp.azure.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-6k5fk" "related_resource_namespace"="istio-system" "reso
urce_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"
cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "level"=0 "msg"="found one existing HTTP01 solver Service for
challenge resource" "dnsName"="<somename>.westeurope.cloudapp.azure.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-wkz8d" "related_r
esource_namespace"="istio-system" "resource_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"
cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress "level"=0 "msg"="found one existing HTTP01 solver ingress" "dn
sName"="<somename>.westeurope.cloudapp.azure.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-8b6lf" "related_resource_namespace"="ist
io-system" "resource_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"
cert-manager/controller/challenges "msg"="propagation check failed" "error"="wrong status code '404', expected '200'" "dnsName"="
.westeurope.cloudapp.azure.com" "resource_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"
我正在结合Istio使用在Azure中运行的Kubernetes 1.9.9。我想要istio-ingressgateway的证书,以便可以通过Ingressgateway负载均衡器使用https公开我的服务。 我不确定为什么以及返回错误代码404的原因是什么?
我尝试按照本教程进行操作:https://medium.com/@gregoire.waymel/istio-cert-manager-lets-encrypt-demystified-c1cbed011d67。
这是我的网关
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: test-gateway
#namespace: istio-system
labels:
app: ingressgateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
protocol: HTTPS
name: https-default
tls:
mode: SIMPLE
serverCertificate: "sds"
privateKey: "sds"
credentialName: "controller-certificate"
hosts:
- "*"
...根据教程,这是我的另一个网关:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-autogenerated-k8s-ingress
namespace: istio-system
labels:
app: ingressgateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
protocol: HTTP2
name: http
hosts:
- "*"
这是我的证书的样子。
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: controller-certificate
namespace: istio-system
spec:
secretName: controller-certificate
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: <somename>.westeurope.cloudapp.azure.com
dnsNames:
- <somename>.westeurope.cloudapp.azure.com
acme:
config:
- http01:
ingressClass: istio
domains:
- <somename>.westeurope.cloudapp.azure.com
在这种情况下,是否有人知道要查找什么或什么可能导致错误代码404?