K8S 版本:1.14.2
易斯蒂奥版本:1.12.4
操作系统:CentOS 7
按照本指南操作,但发生了错误。
https://istio.io/docs/examples/bookinfo/
$ kubectl describe rs details-v1-c5b5f496d
....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 8m38s (x18 over 19m) replicaset-controller Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
[root@centos-10-90-152-38 k8s]# kubectl get mutatingwebhookconfiguration istio-sidecar-injector -o yaml -o jsonpath='{.webhooks[0].clientConfig.caBundle}' | md5sum
7a67a48a97a2c079958225147a65d7cb -
[root@centos-10-90-152-38 k8s]# kubectl -n istio-system get secret istio.istio-sidecar-injector-service-account -o jsonpath='{.data.root-cert.pem}' | md5sum
7a67a48a97a2c079958225147a65d7cb -
从 istio.io:
"x509:由未知颁发机构签名的证书相关错误通常是由 Webhook 配置中的空 caBundle 引起的。">
以下链接中提供了故障排除提示:
istio.io:创建配置失败并显示 x509 证书错误