我在开发模式下安装了 vault helm chart 0.8.0,在 Kind 集群上安装了 nginx 入口控制器,并应用了以下入口资源:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: vault-ingress
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: vault.com
http:
paths:
- path: /v1/*
backend:
serviceName: vault
servicePort: 8200
这是https://kind.sigs.k8s.io/docs/user/ingress/中所述的 Kind 集群的补丁:
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 8200 # Vault port in K8s
hostPort: 80 # Vault port on host
- containerPort: 8200 # Vault port in K8s
hostPort: 443 # Vault port on host
执行以下 curl 命令时出现错误:
VAULT_ADDR="http://localhost"
保险库登录根
身份验证错误:查找令牌时出错:获取“http://localhost/v1/auth/token/lookup-self”:读取 tcp 127.0.0.1:34596->127.0.0.1:80:读取:对等方重置连接
Name: vault-ingress
Namespace: vault
Address: localhost
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
vault.com
/v1/* vault:8200 (10.244.1.7:8200)
Annotations: nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 2m47s (x15 over 10h) nginx-ingress-controller Scheduled for sync