在Azure上使用cert-manager和istio订购证书时出现问题

时间:2019-08-07 14:06:33

标签: azure kubernetes ssl-certificate istio cert-manager

我想在运行istio的kubernetes集群中使用cert-manager订购证书。不幸的是,我的证书不是由证书经理下达的。在我的cert-manager pod的日志中,我发现此消息一遍又一遍地成为垃圾邮件:

cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="istio-system/controller-certificate-1405129842-0"

cert-manager/controller/challenges "level"=0 "msg"="syncing item" "key"="istio-system/controller-certificate-1405129842-0"

cert-manager/controller/challenges/http01/selfCheck/http01/ensurePod "level"=0 "msg"="found one existing HTTP01 solver pod" "dnsName"="<somename>.westeurope.cloudapp.azure.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-6k5fk" "related_resource_namespace"="istio-system" "reso
urce_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"

cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "level"=0 "msg"="found one existing HTTP01 solver Service for
challenge resource" "dnsName"="<somename>.westeurope.cloudapp.azure.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-wkz8d" "related_r
esource_namespace"="istio-system" "resource_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"

cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress "level"=0 "msg"="found one existing HTTP01 solver ingress" "dn
sName"="<somename>.westeurope.cloudapp.azure.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-8b6lf" "related_resource_namespace"="ist
io-system" "resource_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"

cert-manager/controller/challenges "msg"="propagation check failed" "error"="wrong status code '404', expected '200'" "dnsName"="
.westeurope.cloudapp.azure.com" "resource_kind"="Challenge" "resource_name"="controller-certificate-1405129842-0" "resource_namespace"="istio-system" "type"="http-01"

我正在结合Istio使用在Azure中运行的Kubernetes 1.9.9。我想要istio-ingressgateway的证书,以便可以通过Ingressgateway负载均衡器使用https公开我的服务。 我不确定为什么以及返回错误代码404的原因是什么?

我尝试按照本教程进行操作:https://medium.com/@gregoire.waymel/istio-cert-manager-lets-encrypt-demystified-c1cbed011d67

这是我的网关


apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
  #namespace: istio-system
  labels:
    app: ingressgateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      protocol: HTTPS
      name: https-default
    tls:
      mode: SIMPLE
      serverCertificate: "sds"
      privateKey: "sds"
      credentialName: "controller-certificate"
    hosts:
    - "*"

...根据教程,这是我的另一个网关:


apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-autogenerated-k8s-ingress
  namespace: istio-system
  labels:
    app: ingressgateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      protocol: HTTP2
      name: http
    hosts:
    - "*"

这是我的证书的样子。

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: controller-certificate
  namespace: istio-system
spec:
  secretName: controller-certificate
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer
  commonName: <somename>.westeurope.cloudapp.azure.com
  dnsNames:
  - <somename>.westeurope.cloudapp.azure.com
  acme:
    config:
    - http01:
        ingressClass: istio
      domains:
      - <somename>.westeurope.cloudapp.azure.com

在这种情况下,是否有人知道要查找什么或什么可能导致错误代码404?

0 个答案:

没有答案