0

无法在网关上设置 mTLS。如果我设置网关mode: MUTUAL然后istio-ingressgateway输出 Failed to load trusted CA certificates from <inline>。我正在使用Cloudflare origin pull CA certmode: SIMPLE秘密工作如预期。

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

generatorOptions:
  disableNameSuffixHash: true

secretGenerator:
  - name: mysite.com-cer
    namespace: istio-system
    type: kubernetes.io/tls
    files:
      - tls.key=certs/mysite.com.key
      - tls.crt=certs/mysite.com.cer
      - ca.crt=certs/cloudflare-ca.crt

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gw

spec:
  servers:
    - hosts:
        - 'mysite.com'
        - '*.mysite.com'

      port:
        number: 1443
        name: https
        protocol: HTTPS

      tls:
        mode: MUTUAL
        credentialName: mysite.com-cer

Istio 1.12.1

4

1 回答 1

2

检查生成的密钥中 ca.crt 值的内容,确保它是有效的证书。

Failed to load trusted CA certificates from <inline>表示证书为空或无效。

于 2021-12-28T11:17:03.460 回答