Drollery Medieval drollery of a knight on a horse

🏆 欢迎来到本站: https://xuchangwei.com/希望这里有你感兴趣的内容

flowery border with man falling
flowery border with man falling

trouble-nginx

nginx

ingress-nginx

tls: failed to verify certificate: x509

遇到问题: [root@proxy ingress]# k apply -f monitoring-ingress-2.yaml Error from server (InternalError): error when creating "monitoring-ingress-2.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": failed to call webhook: Post "https://ingress-nginx-controller-admission.ingress-nginx.svc/networking/v1/ingresses?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "nil1")

检查: kubectl -n ingress-nginx get validatingwebhookconfigurations ingress-nginx-admission -ojsonpath='{.webhooks[0].clientConfig.caBundle}'| md5sum kubectl -n ingress-nginx get secret ingress-nginx-admission -ojsonpath='{.data.ca}'| md5sum

kubectl -n ingress-nginx-dev get validatingwebhookconfigurations ingress-nginx-admission-dev -ojsonpath='{.webhooks[0].clientConfig.caBundle}'| md5sum kubectl -n ingress-nginx-dev get secret ingress-nginx-admission -ojsonpath='{.data.ca}'| md5sum

解决: CA=$(kubectl -n ingress-nginx-dev get secret ingress-nginx-admission -ojsonpath='{.data.ca}') kubectl patch validatingwebhookconfigurations ingress-nginx-admission-dev –type='json' -p='[{"op": "add", "path": "/webhooks/0/clientConfig/caBundle", "value":"'$CA'"}]'

CA=$(kubectl -n ingress-nginx get secret ingress-nginx-admission -ojsonpath='{.data.ca}') kubectl patch validatingwebhookconfigurations ingress-nginx-admission –type='json' -p='[{"op": "add", "path": "/webhooks/0/clientConfig/caBundle", "value":"'$CA'"}]'

参考:https://github.com/kubernetes/ingress-nginx/issues/5968