6
k8s创建ingress报错: certificate signed by unknown authority
source link: https://huanghantao.github.io/2022/04/27/k8s%E5%88%9B%E5%BB%BAingress%E6%8A%A5%E9%94%99-certificate-signed-by-unknown-authority/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
k8s创建ingress报错: certificate signed by unknown authority
Comments Word Count: 217(words) Read Count: 1(minutes)
报错如下:
Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-
controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout= 10s": x509: certificate signed by
unknown authority(111301)
找了一圈网上的做法是这样的:
kubectl delete ValidatingWebhookConfiguration ingress-nginx-admission
但是这样仅仅是避开了问题,不是根本原因。
我遇到的一个原因就是:新旧的nginx ingress
同时存在导致的。
例如,我配置nginx ingress
的ConfigMap
的时候,这样写的:
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
data:
proxy-body-size: 0
这里的0
写错了,应该是string
类型才行。
然后,在apply yaml
的时候,执行到ConfigMap
自然就会报错了。
当修复了ConfigMap
之后,再次apply
,就导致新旧的nginx ingress
同时存在,最后导致证书出现了问题。
所以,正确的做法是,完全删除nginx ingress
后,再次apply
一遍即可。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK