1

我使用ArgoCD并通过 NGINX 入口发布了 UI,如下所示:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: svc-cert-prod
  namespace: argocd
spec:
  secretName: argo-cert-prod
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: "cd.example.io"
  dnsNames:
    - "cd.example.io"
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    # If you encounter a redirect loop or are getting a 307 response code
    # then you need to force the nginx ingress to connect to the backend using HTTPS.
    #
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
    - host: cd.example.io
      http:
        paths:
          - backend:
              serviceName: argocd-server
              servicePort: https
            path: /
  tls:
    - hosts:
        - cd.example.io
      secretName: argo-cert-prod
---

当我查看 NGINX 容器日志时,它显示

I0524 20:13:05.721610       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:05.920550       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.121675       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.321001       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.524940       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.720776       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:06.922470       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing...
I0524 20:13:07.122135       7 store.go:448] secret argocd/argo-cert-prod was updated and it is used in ingress annotations. Parsing.

为什么它每秒显示一条消息?我还安装了https://goharbor.io/,它也使用 NGINX 入口。但我没有收到港湾的任何消息。

我使用 Rancher,它显示:

在此处输入图像描述

这对间隔消息负责吗?

4

1 回答 1

3

该消息意味着某些东西一直在更新您的秘密。

这可能是两个具有相同秘密名称的 Ingress 之间的冲突。

您正在使用cert-manager,因此请检查您在此处使用的密钥名称对于该命名空间中的所有 Ingress 是唯一的,并且没有其他使用具有该名称的密钥。

另外,请确保除了cert-manager尝试更新机密之外什么都没有。也许你有其他东西可以处理试图用相同名称编写秘密的秘密。

UPD:根据您的更新 - 是的,它负责间隔消息。

于 2020-05-24T20:31:53.400 回答