CipherSuites无法在Istio

CipherSuites无法在Istio

本文介绍了TLSOption CipherSuites无法在Istio Ingress Gateway上运行的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经在Istio Ingress Gateway对象上部署了CipherSuite:

I have deployed a CipherSuite on an Istio Ingress Gateway object:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: hello-istio-gateway
spec:
  selector:
    istio: ingressgateway  # use Istio default gateway implementation
  servers:
  - hosts:
    - "*"
    port:
      name: https-wildcard
      number: 444
      protocol: HTTPS
    tls:
      mode: SIMPLE
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
      cipherSuites: "[ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256]"

但是从kubectl我得到了错误

But from kubectl I get the error

admission webhook "pilot.validation.istio.io" denied the request: error decoding configuration: YAML decoding error:
json: cannot unmarshal string into Go value of type []json.RawMessage

任何想法我的清单可能有什么问题吗?

Any ideas what could be wrong with my manifest?

谢谢.

最诚挚的问候,rforberger

Best regards,rforberger

推荐答案

cipherSuites中删除"字符.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: hello-istio-gateway
spec:
  selector:
    istio: ingressgateway  # use Istio default gateway implementation
  servers:
  - hosts:
    - "*"
    port:
      name: https-wildcard
      number: 444
      protocol: HTTPS
    tls:
      mode: SIMPLE
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
      cipherSuites: [ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256]
$ kubectl apply -f gateway.yaml
gateway.networking.istio.io/hello-istio-gateway created

这篇关于TLSOption CipherSuites无法在Istio Ingress Gateway上运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-01 21:42