创建ManagedCertificate会导致“状态:FailedNotVisible". [英] Creating a ManagedCertificate results in "Status: FailedNotVisible"

查看:197
本文介绍了创建ManagedCertificate会导致“状态:FailedNotVisible".的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

使用Kubernetes 1.12.6-gke.7或更高版本,可以创建ManagedCertificate,然后从将服务公开到Internet的入口资源中引用该ManagedCertificate.

Using Kubernetes 1.12.6-gke.7 or higher it is possible to create a ManagedCertificate which is then referenced from an Ingress Resource exposing a Service to the Internet.

运行kubectl describemanagedcertificate证书名称首先表示该证书处于置备状态,但最终变为FailedNotVisible.

Running kubectl describe managedcertificate certificate-name first indicates the certificate is in a Provisioning state but eventually goes to FailedNotVisible.

尽管使用的静态IP和DNS都可以很好地解析为该服务的http版本,但所有ManagedCertificate最终都处于状态:FailedNotVisible"状态.

Despite using a Static IP and DNS that resolves fine to the http version of said service all ManagedCertificate's end up in a "Status: FailedNotVisible" state.

我在做什么概述

  1. 生成保留的(静态)外部IP地址

  1. Generating a reserved (static) external IP Address

在CloudDNS中将DNS A记录配置为subdomain.domain.com,以从步骤1中生成IP地址.

Configuring DNS A record in CloudDNS to subdomain.domain.com to generated IP address from step 1.

过一会儿

kubectl描述托管证书子域-域证书

kubectl describe managedcertificate subdomain-domain-certificate

结果为状态:FailedNotVisible".

results in "Status: FailedNotVisible".

Name:         subdomain-domain-certificate
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  networking.gke.io/v1beta1
Kind:         ManagedCertificate
Metadata:
  Creation Timestamp:  2019-04-15T17:35:22Z
  Generation:          1
  Resource Version:    52637
  Self Link:           /apis/networking.gke.io/v1beta1/namespaces/default/managedcertificates/subdomain-domain-certificate
  UID:                 d8e5a0a4-5fa4-11e9-984e-42010a84001c
Spec:
  Domains:
    subdomain.domain.com
Status:
  Certificate Name:    mcrt-ac63730e-c271-4826-9154-c198d654f9f8
  Certificate Status:  Provisioning
  Domain Status:
    Domain:  subdomain.domain.com
    Status:  FailedNotVisible
Events:
  Type    Reason  Age   From                            Message
  ----    ------  ----  ----                            -------
  Normal  Create  56m   managed-certificate-controller  Create SslCertificate mcrt-ac63730e-c271-4826-9154-c198d654f9f8

据我了解,是否正确配置了负载均衡器(在ManagedCertificate资源的后台进行)和DNS(可以很好地解析为非https端点),检查出证书应该进入状态:活动状态?

From what I understand if the Load Balancer is configured correctly (done under the hood in the ManagedCertificate resource) and the DNS (which resolves fine to the non https endpoint) checks out the certificate should go in to a Status: Active state?

推荐答案

我的问题背后的问题最终是DNSSEC配置错误.通过 https://dnssec-analyzer.verisignlabs.com/运行DNS之后,我能够确定并解决问题.

The issue underlying my problem ended up being a DNSSEC misconfiguration. After running the DNS through https://dnssec-analyzer.verisignlabs.com/ I was able to identify and fix the issue.

这篇关于创建ManagedCertificate会导致“状态:FailedNotVisible".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆