如何在 Kubernetes 中覆盖 Kong Gateway 默认证书

【问题标题】:How to override Kong Gateway default certificates in Kubernetes如何在 Kubernetes 中覆盖 Kong Gateway 默认证书
【发布时间】:2022-01-19 14:39:30
【问题描述】:

我正在尝试为安装在 Kubernetes 中的 Kong 2.7 设置 SSL 证书,但我没有让它按预期工作。我试图关注这个guide。甚至在discussion 寻求更多帮助。

curl -X POST http://kong-admin:8001/certificates -F "cert=kong.lan.pem" -F "key=kong.lan.key" -F "snis[0]=mydomain.net"

这是我的回应:

{
  "fields": {
    "cert": "invalid certificate: x509.new: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data",
    "key": "invalid key: pkey.new:load_key: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data"
  },
  "message": "2 schema violations (cert: invalid certificate: x509.new: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data; key: invalid key: pkey.new:load_key: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data)",
  "name": "schema violation",
  "code": 2
}

使用 helm chart 部署 Kong:

$ helm repo add kong https://charts.konghq.com
$ helm repo update

$ helm install kong/kong --generate-name --set ingressController.enabled=true --set admin.enabled=True --set admin.http.enabled=True --set ingress.enabled=True --set proxy.ingress.enabled=True --set admin.type=LoadBalancer --set proxy.type=LoadBalancer

你们中有人知道如何使它工作或如何将 tls.crt 和 tls.key 添加到 Kong Deployment 中吗?

【问题讨论】:

    标签: ssl kubernetes https kong kong-ingress


    【解决方案1】:

    你只是错过了 curl 命令上传文件的@

    curl -X POST http://kong-admin:8001/certificates -F "cert=@kong.lan.pem" -F "key=@kong.lan.key" -F "snis[0]=mydomain.net"

    curl -X POST http://localhost:8001/certificates -F "cert=kong.lan.pem" -F "key=kong.lan.key" -F "snis[0]=mydomain.net"

    将发送

    POST /certificates HTTP/1.1
Host: localhost:8001
User-Agent: curl/7.68.0
Accept: */*
Content-Length: 363
Content-Type: multipart/form-data; boundary=------------------------d67ae21b533e5746

--------------------------d67ae21b533e5746
Content-Disposition: form-data; name="cert"

kong.lan.pem
--------------------------d67ae21b533e5746
Content-Disposition: form-data; name="key"

kong.lan.key
--------------------------d67ae21b533e5746
Content-Disposition: form-data; name="snis[0]"

mydomain.net
--------------------------d67ae21b533e5746--

    echo "toto" >| kong.lan.pem
curl -X POST http://localhost:8001/certificates -F "cert=@kong.lan.pem" -F "key=kong.lan.key" -F "snis[0]=mydomain.net"

    将发送

    POST /certificates HTTP/1.1
Host: localhost:8001
User-Agent: curl/7.68.0
Accept: */*
Content-Length: 421
Content-Type: multipart/form-data; boundary=------------------------973b3467e461334a

--------------------------973b3467e461334a
Content-Disposition: form-data; name="cert"; filename="kong.lan.pem"
Content-Type: application/octet-stream

toto

--------------------------973b3467e461334a
Content-Disposition: form-data; name="key"

kong.lan.key
--------------------------973b3467e461334a
Content-Disposition: form-data; name="snis[0]"

mydomain.net
--------------------------973b3467e461334a--

    【讨论】:

      猜你喜欢
      • 2014-09-02
      • 2012-02-21
      • 1970-01-01
      • 2020-01-17
      • 1970-01-01
      • 1970-01-01
      • 2014-04-04
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode