个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
38
4
描述错误在这里关注了 doco,但它已经过时了,所以不得不猜测... https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-letsencrypt-certificate-application-gateway 。应用 list 时,它仅创建一个 http 监听器,而不是 https。它没有创建证书,并出现“未找到 secret ”错误。
agic = mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.4.0
cert-manager = quay.io/jetstack/cert-manager-controller:v1.4.3
aks kubernetes = 1.20.7
复制请参阅下面的 yaml。如果我调整为使用手动创建的 secret /证书,则效果很好。当我尝试通过 LetsEncrypt 创建时,我在 AGIC pod 上收到“SecretNotFound”错误。
入口 Controller 详细信息
kubectl describe pod <ingress controller >.Name: ingress-appgw-deployment-9ffdc54cb-629hg
Namespace: kube-system
Priority: 0
Node: aks-default-32636497-vmss000000/10.94.112.4
Start Time: Wed, 18 Aug 2021 09:59:16 +0100
Labels: app=ingress-appgw
kubernetes.azure.com/managedby=aks
pod-template-hash=9ffdc54cb
Annotations: checksum/config: 78a4d434072823accba40908961d40922d59acb0000a42182add8d60cde0c9a1
cluster-autoscaler.kubernetes.io/safe-to-evict: true
kubernetes.azure.com/metrics-scrape: true
prometheus.io/path: /metrics
prometheus.io/port: 8123
prometheus.io/scrape: true
resource-id:
/subscriptions/2bc7b65e-18d6-42ae-afb2-e66d50be6b05/resourceGroups/rg-prd-agwaks-210818-0950/providers/Microsoft.ContainerService/managedC...
Status: Running
IP: 10.94.112.10
IPs:
IP: 10.94.112.10
Controlled By: ReplicaSet/ingress-appgw-deployment-9ffdc54cb
Containers:
ingress-appgw-container:
Container ID: containerd://93e66897c6646d7f6efbf9496646633f13424917a183e85790df0e6c17cc7a91
Image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.4.0
Image ID: sha256:533f2cbe57fa92d27be5939f8ef8dc50537d6e1240502c8c727ac4020545dd34
Port: <none>
Host Port: <none>
State: Running
Started: Wed, 18 Aug 2021 09:59:18 +0100
Ready: True
Restart Count: 0
Limits:
cpu: 700m
memory: 100Mi
Requests:
cpu: 100m
memory: 20Mi
Liveness: http-get http://:8123/health/alive delay=15s timeout=1s period=20s #success=1 #failure=3
Readiness: http-get http://:8123/health/ready delay=5s timeout=1s period=10s #success=1 #failure=3
Environment Variables from:
ingress-appgw-cm ConfigMap Optional: false
Environment:
AZURE_CLOUD_PROVIDER_LOCATION: /etc/kubernetes/azure.json
AGIC_POD_NAME: ingress-appgw-deployment-9ffdc54cb-629hg (v1:metadata.name)
AGIC_POD_NAMESPACE: kube-system (v1:metadata.namespace)
KUBERNETES_PORT_443_TCP_ADDR: aks-prd-agwaks-210818-0950-dns-37f5d052.hcp.northeurope.azmk8s.io
KUBERNETES_PORT: tcp://aks-prd-agwaks-210818-0950-dns-37f5d052.hcp.northeurope.azmk8s.io:443
KUBERNETES_PORT_443_TCP: tcp://aks-prd-agwaks-210818-0950-dns-37f5d052.hcp.northeurope.azmk8s.io:443
KUBERNETES_SERVICE_HOST: aks-prd-agwaks-210818-0950-dns-37f5d052.hcp.northeurope.azmk8s.io
Mounts:
/etc/kubernetes/azure.json from cloud-provider-config (ro)
/var/run/secrets/kubernetes.io/serviceaccount from ingress-appgw-sa-token-cdmtp (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
cloud-provider-config:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/azure.json
HostPathType: File
ingress-appgw-sa-token-cdmtp:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-appgw-sa-token-cdmtp
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
I0818 19:43:07.518122 1 configbuilder.go:221] Invalid custom port configuration (0). Setting listener port to default : 80
I0818 19:43:07.518180 1 requestroutingrules.go:111] Bound basic rule: rr-12754dc8633d87433e25740857ea6708 to listener: fl-12754dc8633d87433e25740857ea6708 ([dev.rhod3rz.com ], 80) for backend pool pool-default-aspnetapp-dev-80-bp-80 and backend http settings bp-default-aspnetapp-dev-80-80-aspnetapp-dev
I0818 19:43:07.518319 1 event.go:278] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"aspnetapp-dev", UID:"8086e92d-f9a4-4806-afd1-42c24f4f0722", APIVersion:"extensions/v1beta1", ResourceVersion:"90240", FieldPath:""}): type: 'Warning' reason: 'SecretNotFound' Unable to find the secret associated to secretId: [default/dev]
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b4c6dcdbd087c6cef4dbc1c0d8dbdbdf9ad7dbd9" rel="noreferrer noopener nofollow">[email protected]</a>
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: example-issuer-account-key
solvers:
- http01:
ingress:
class: azure/application-gateway
---
apiVersion: v1
kind: Pod
metadata:
name: aspnetapp-dev
labels:
app: aspnetapp-dev
spec:
containers:
- image: "mcr.microsoft.com/dotnet/core/samples:aspnetapp"
name: aspnetapp-image
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: aspnetapp-dev
spec:
selector:
app: aspnetapp-dev
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: aspnetapp-dev
annotations:
kubernetes.io/ingress.class: azure/application-gateway
cert-manager.io/cluster-issuer: letsencrypt-staging
cert-manager.io/acme-challenge-type: http01
spec:
tls:
- hosts:
- "dev.rhod3rz.com"
- secretName: dev
rules:
- host: "dev.rhod3rz.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: aspnetapp-dev
port:
number: 80
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning BadConfig 40m (x2 over 40m) cert-manager TLS entry 0 is invalid: TLS entry for hosts [dev.rhod3rz.com] must specify a secretName
Warning BadConfig 40m (x2 over 40m) cert-manager TLS entry 1 is invalid: secret "dev" for ingress TLS has no hosts specified
Warning SecretNotFound 40m (x2 over 40m) azure/application-gateway Unable to find the secret associated to secretId: [default/dev]
最佳答案
如果您将集群发行者与入口一起使用,则必须传递以下值
privateKeySecretRef:
name: example-issuer-account-key
在入口内仅作为 secret 。
如果您将使用命令进行检查
kubectl get secret
您将在 namespace 内看到 secret :example-issuer-account-key
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ddafb5b2b9eeafa79db2a8a9b1b2b2b6f3beb2b0" rel="noreferrer noopener nofollow">[email protected]</a>
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: example-issuer-account-key
solvers:
- http01:
ingress:
class: azure/application-gateway
入口
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: aspnetapp-dev
annotations:
kubernetes.io/ingress.class: azure/application-gateway
cert-manager.io/cluster-issuer: letsencrypt-staging
cert-manager.io/acme-challenge-type: http01
spec:
tls:
- hosts:
- "dev.rhod3rz.com"
- secretName: example-issuer-account-key
rules:
- host: "dev.rhod3rz.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: aspnetapp-dev
port:
number: 80
另请注意,您正在使用来自 let's encrypt 的临时证书,因此您可能会在浏览器中看到 SSL 错误,因为它是临时证书。
对于生产用例,您必须更改clusterissuer中的服务器。
关于azure - AppGateway/AKS/AGIC/Let's Encrypt 不起作用 - 未找到 secret ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68839058/
38
4
0
这个问题在这里已经有了答案: Why don't Java's +=, -=, *=, /= compound assignment operators require casting? (11 个
我搜索了很多,但没有一个链接能帮助我解决这个问题。我得到了 ORA-21500: internal error code, arguments: [%s], [%s], [%s], [%s], [%s
我正在做 RegexOne 正则表达式教程,它有一个 question关于编写正则表达式以删除不必要的空格。 教程中提供的解决方案是 We can just skip all the starting
([\s\S]+|\s?) 中 |\s? 的目的或作用是什么?如果没有它,表达式会不会与 ([\s\S]+) 相同? 最佳答案 这不是完全相同的。 ([\s\S]+|\s?) 会匹配空字符串,而 ([
这个正则表达式有一组还是两组? 我正在尝试使用第二组访问 bookTitle 但出现错误: Pattern pattern = Pattern.compile("^\\s*(.*?)\\s+-\\s+
在 C 中给定一个字符串指针 s,下面的迭代会做什么?即它以什么方式遍历字符串? for (++s ; *s; ++s); 最佳答案 for (++s ; *s;++s) 表示 将指针 s 递增到字符
我正在用一个 node.js 应用程序解析一个大列表并有这段代码 sizeCode = dbfr.CN_DESC.split('\s+-\s*|\s*-\s+') 这似乎不起作用,因为它返回了 [ '
我正在编写一个简单的字符串连接程序。 该程序按照我发布的方式运行。但是,我首先使用以下代码编写它来查找字符串的结尾: while (*s++) ; 但是,这个方法并没有奏效。我传递给它的字符串
这个问题已经有答案了: What does (?和aramchand来自Mohandas Karamchand G 因此,在使用这些匹配来分割字符串后,您最终会得到 {"M", "K", "G"} 注
我正在尝试转换 Map到 List使用 lambda。 本质上,我想将键和值与 '=' 连接起来之间。这看起来微不足道,但我找不到如何去做。 例如 Map map = new HashMap<>();
我正在经历 K & R,并且在递增指针时遇到困难。练习 5.3(第 107 页)要求您使用指针编写一个 strcat 函数。 在伪代码中,该函数执行以下操作: 将 2 个字符串作为输入。 找到字符串
在下面的代码中,pS 和 s.pS 在最后一行是否保证相等?也就是说,在语句S s = S();中,是否可以确定不会构造一个临时的S? #include using namespace std; s
演示示例代码: public void ReverseString(char[] s) { for(int i = 0, j = s.Length-1; i < j; i++, j--){
我一直在寻找类似于 .NET examples 中的示例的 PowerShell 脚本.取一个 New-TimeSpan 并显示为 1 天 2 小时 3 分钟 4 秒。排除其零的地方,在需要的地方添加
def func(s): s = s + " is corrected" return s string_list = ["She", "He"] for s in string_li
我是 python 的新手。当我在互联网上搜索 lambda 时。我在 lambda_functions 中找到了这个声明. processFunc = collapse and (lambda s:
我最近开始学习正则表达式,并试图为上面的问题写一个正则表达式。如果限制只放在一个字母上(例如不超过 2 个“b”),这并不困难。 那么答案就是:a* c*(b|ε)a* c*(b|ε)a* c* 但是
当我运行 npm install 时出现以下错误,但我无法修复它。 我试过:npm install -g windows-build-tools 也没有修复这个错误 ERR! configure
有很多有趣的haskell网上可以找到片段。 This post可以在 this (awesome) Stack Overflow question 下找到. The author写道: discou
我知道以下三行代码旨在将字符串提取到$ value中并将其存储在$ header中。但是我不知道$value =~ s/^\s+//;和$value =~ s/\s+$//;之间有什么区别。 $val
我是一名优秀的程序员,十分优秀!