我正在尝试在 GKE 上使用 cert-manager 运行 helloworld-go 示例。
我在没有边车注入的情况下安装了 Istio,证书管理器 0.11 并设置了自动 SSL 和 DNS。 当我运行kubectl get ksvc时,它显示IngressNotConfigured.知道为什么吗?
$ kubectl get ksvc
NAME URL LATESTCREATED LATESTREADY READY REASON
helloworld-go https://helloworld-go.default.redhost.cloud helloworld-go-mc27h helloworld-go-mc27h Unknown IngressNotConfigured
$ kubectl describe ksvc helloworld-go
Status:
Address:
URL: http://helloworld-go.default.svc.cluster.local
Conditions:
Last Transition Time: 2019-11-26T15:19:51Z
Status: True
Type: ConfigurationsReady
Last Transition Time: 2019-11-26T15:31:25Z
Message: Ingress has not yet been reconciled.
Reason: IngressNotConfigured
Status: Unknown
Type: Ready
Last Transition Time: 2019-11-26T15:31:25Z
Message: Ingress has not yet been reconciled.
Reason: IngressNotConfigured
Status: Unknown
Type: RoutesReady
Latest Created Revision Name: helloworld-go-mc27h
Latest Ready Revision Name: helloworld-go-mc27h
Observed Generation: 1
Traffic:
Latest Revision: true
Percent: 100
Revision Name: helloworld-go-mc27h
URL: https://helloworld-go.default.redhost.cloud
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 23m service-controller Created Configuration "helloworld-go"
Normal Created 23m service-controller Created Route "helloworld-go"
Normal Updated 11m (x7 over 23m) service-controller Updated Service "helloworld-go"
添加标签serving.knative.dev/visibility=cluster-local使问题消失,但只能在内部访问,而无需 SSL。
问题是我已经安装了常规的 Istio,你特别需要带有 SDS 的 Istio。 https://knative.dev/docs/serving/using-auto-tls/
另外,请确保使用 cert-manager 0.10.0,因为当前不支持 0.11.0。 https://github.com/knative/serving/issues/6011
一旦我做了这些,一切都可以工作:
NAME URL LATESTCREATED LATESTREADY READY REASON
helloworld-go https://helloworld-go.default.redhost.cloud helloworld-go-mc27h helloworld-go-mc27h True```