我的 GKE 中有一个 NGINX Ingress。我想让我的 URL 安全。但不幸的是我无法通过证书管理器实现这一点。我看到一个创建托管证书的选项。但我不确定是否有注释允许我在 NGINX Ingress 中使用 google 管理的证书。控制器。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-https
namespace: non-default
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "nginx"
networking.gke.io/managed-certificates: "managed-certificate"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/issuer: "letsencrypt-production"
spec:
tls:
- hosts:
- example.com
secretName: selfsigned-cert-tls
rules:
- host: example.com
http:
paths:
- path: "/"
backend:
serviceName: hello-service
servicePort: hello-port
- path: "/kube"
backend:
serviceName: hello-kubernetes
servicePort: 80
当我使用 cert-manager 创建证书时,证书状态显示“Kubernetes Ingress Controller Fake Certificate”
我收到错误消息:
错误验证“ mysql.yaml”:错误验证数据:ValidationError(Deployment.spec.template.spec.volumes [0]):io.k8s.kubernetes.pkg.api.v1.Volume中的未知字段“ path”;)
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mysql
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- image: mysql:5.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql
key: password
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mapping-sandbox-test
mountPath: /var/lib/mysql
volumes:
- name: mapping-sandbox-test
path: gs://<bucket-name>
google-cloud-storage kubernetes google-kubernetes-engine docker-volume
我正在尝试使用 kustomize 重命名我的服务。
我收到以下错误:
Error: couldn't find target core_v1_Service|~X|~P|SERVICE_NAME|~S for json patch
这是我的基本服务文件:
apiVersion: v1
kind: Service
metadata:
labels:
version: IMAGE_TAG
name: SERVICE_NAME
namespace: my-namespace
spec:
ports:
- name: http-service
port: 8080
protocol: TCP
targetPort: http-service
selector:
app.kubernetes.io/name:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
sessionAffinity: None
type: ClusterIP
这是我的 kustomization.yaml 文件,我在其中定义了 patchJson6902:
patchesJson6902:
#- target:
# group: apps
# version: v1
# kind: Deployment
# name: DEPLOYMENT_NAME
# path: patch_deployment.yaml
- target:
group: core
version: v1
kind: Service
name: SERVICE_NAME …我想为我的 GKE 工作负载创建一个内部入口。我想知道我可以使用什么注释,以便在入口中设置静态内部IP 地址/名称。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-https
namespace: istio-system
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "gce-internal"
ingress.gcp.kubernetes.io/pre-shared-cert: my-cert
helm.sh/chart: {{ include "devtools.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
backend:
serviceName: istio-ingressgateway-backend
servicePort: 443
我知道它将创建一个带有内部 IP 的入口,但是我想设置一个我已经在区域/子网中创建的静态 IP。是否可以这样做,如果是,是否有相同的注释
google-cloud-platform google-kubernetes-engine kubernetes-ingress