openssl授予Kubernetes入口控制器伪造证书 [英] openssl giving Kubernetes Ingress Controller Fake Certificate
本文介绍了openssl授予Kubernetes入口控制器伪造证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经配置了ssl证书,如果我访问https://<domain>.com
,我看到我的证书已成功配置,但是当我尝试通过以下命令检查证书时
I have configured ssl certificate, if I visit https://<domain>.com
, I see that my certificate is configured successfully but when I try to check certificate by following command
openssl s_client -connect <domain>.com:443 | openssl x509 -noout -subject -issuer
我得到Kubernetes Ingress Controller Fake Certificate
我的ingres配置是:
My ingres config is :
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
name: nginx-echo
spec:
tls:
- hosts:
- domain.com
secretName: domain.com
rules:
- host: domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: website-lorem
port:
number: 80
with命令给出相同的伪证书:
openssl s_client -connect <domain>.com:443 -servername <domain> | openssl x509 -noout -subject -issuer
with command gives the same fake certificate:
openssl s_client -connect <domain>.com:443 -servername <domain> | openssl x509 -noout -subject -issuer
日志:
6 flags.go:205] Watching for Ingress class: nginx
W1029 22:02:36.331841 6 flags.go:210] Ingresses with an empty class will also be processed by this Ingress controllernginx
W1029 22:02:36.332409 6 flags.go:252] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W1029 22:02:36.332525 6 client_config.go:552] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I1029 22:02:36.332855 6 main.go:231] Creating API client for https://<ip>:443
I1029 22:02:36.342532 6 main.go:275] Running in Kubernetes cluster version v1.19 (v1.19.2) - git (clean) commit f57430*** - platform linux/amd64
I1029 22:02:36.470142 6 main.go:105] SSL fake certificate created /etc/ingress-controller/ssl/default-fake-certificate.pem
I1029 22:02:36.472357 6 main.go:113] Enabling new Ingress features available since Kubernetes v1.18
W1029 22:02:36.476751 6 main.go:125] No IngressClass resource with name nginx found. Only annotation will be used.
I1029 22:02:36.485119 6 ssl.go:528] loading tls certificate from certificate path /usr/local/certificates/cert and key path /usr/local/certificates/key
I1029 22:02:36.544518 6 nginx.go:263] Starting NGINX Ingress controller
推荐答案
问题是那个
- -不是default-ssl-certificate标志
- 未设置中间证书
现在可以正常工作了.
https://github.com/kubernetes/ingress-nginx/issues/6398
这篇关于openssl授予Kubernetes入口控制器伪造证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文