本文介绍了TLSOption CipherSuites无法在Istio Ingress Gateway上运行的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经在Istio Ingress Gateway对象上部署了CipherSuite:
I have deployed a CipherSuite on an Istio Ingress Gateway object:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: hello-istio-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- hosts:
- "*"
port:
name: https-wildcard
number: 444
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
cipherSuites: "[ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256]"
但是从kubectl我得到了错误
But from kubectl I get the error
admission webhook "pilot.validation.istio.io" denied the request: error decoding configuration: YAML decoding error:
json: cannot unmarshal string into Go value of type []json.RawMessage
任何想法我的清单可能有什么问题吗?
Any ideas what could be wrong with my manifest?
谢谢.
最诚挚的问候,rforberger
Best regards,rforberger
推荐答案
从cipherSuites中删除"字符.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: hello-istio-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- hosts:
- "*"
port:
name: https-wildcard
number: 444
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
cipherSuites: [ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256]
$ kubectl apply -f gateway.yaml
gateway.networking.istio.io/hello-istio-gateway created
这篇关于TLSOption CipherSuites无法在Istio Ingress Gateway上运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!