我是Istio和K8s的新手,如果这个问题听起来有点蠢,我很抱歉。
我正在尝试向Gateway部署提供我自己的证书,我为其创建了如下的秘密。
$ kubectl create -n istio-system secret tls certs --key example.comkey.pem --cert example.com.pem
$ kubectl create -n istio-system secret generic ca-certs --from-file=rootCA.pem
编辑我的部署
sidecar.istio.io/userVolumeMount: '[{"name":"certs", "mountPath":"/etc/certs", "readonly":true},{"name":"ca-certs", "mountPath":"/etc/ca-certs", "readonly":true}]'
sidecar.istio.io/userVolume: '[{"name":"certs", "secret":{"secretName":"certs"}},{"name":"ca-certs", "secret":{"secretName":"ca-certs"}}]'
按照这里和这里提供的步骤,但我仍然没有看到文件挂载。
我错过了什么吗?
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
我能够解决这个问题。我不确定这是否是正确的做法。我漏加了volumeMounts和volumes。当我做了下面的修改后,我可以看到我的文件被挂载了。
volumeMounts:
- name: certs
mountPath: /etc/certs
readOnly: true
- name: ca-certs
mountPath: /etc/ca-certs
readOnly: true
volumes:
- name: certs
secret:
secretName: certs
optional: true
- name: ca-certs
secret:
secretName: ca-certs
optional: true