0

我是 Istio 和 K8s 的菜鸟,如果这个问题听起来有点愚蠢,我很抱歉。

我正在尝试向网关部署提供我自己的证书,我为此创建了如下秘密。

$ kubectl create -n istio-system secret tls certs --key example.comkey.pem --cert example.com.pem
$ kubectl create -n istio-system secret generic ca-certs --from-file=rootCA.pem

编辑了我的部署

sidecar.istio.io/userVolumeMount: '[{"name":"certs", "mountPath":"/etc/certs", "readonly":true},{"name":"ca-certs", "mountPath":"/etc/ca-certs", "readonly":true}]'
sidecar.istio.io/userVolume: '[{"name":"certs", "secret":{"secretName":"certs"}},{"name":"ca-certs", "secret":{"secretName":"ca-certs"}}]'

按照此处此处提供的步骤进行操作,但我仍然没有看到已安装的文件。

我错过了什么吗?

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
4

1 回答 1

1

我能够解决这个问题。我不确定这是否是正确的方法。我错过了添加volumeMountsvolumes。进行以下更改后,我可以看到我的文件已安装。

volumeMounts:
- name: certs
  mountPath: /etc/certs
  readOnly: true
- name: ca-certs
  mountPath: /etc/ca-certs
  readOnly: true

volumes:
- name: certs
  secret:
  secretName: certs
  optional: true
- name: ca-certs
  secret:
  secretName: ca-certs
  optional: true
于 2021-08-19T12:58:30.517 回答