Managed Certificate in Ingress, Domain Status is FailedNotVisible
我只是在这里遵循本教程:https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs#creating_an_ingress_with_a_managed_certificate
一切正常,直到我部署我的证书并等待20分钟以使其显示为:
1 2 3 4 5 6 | Status: Certificate Name: daojnfiwlefielwrfn Certificate Status: Provisioning Domain Status: Domain: moviedecisionengine.com Status: FailedNotVisible |
该域显然有效,所以我想念什么?
编辑:
这是证书:
1 2 3 4 5 6 7 | apiVersion: networking.gke.io/v1beta1 kind: ManagedCertificate metadata: name: moviedecisionengine spec: domains: - moviedecisionengine.com |
入口:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: ingress.gcp.kubernetes.io/pre-shared-cert: mcrt-14cb8169-25ba-4712-bca5-cb612562a00b ingress.kubernetes.io/backends: '{"k8s-be-31721--1cd1f38313af9089":"HEALTHY"}' ingress.kubernetes.io/forwarding-rule: k8s-fw-default-showcase-mde-ingress--1cd1f38313af9089 ingress.kubernetes.io/https-forwarding-rule: k8s-fws-default-showcase-mde-ingress--1cd1f38313af9089 ingress.kubernetes.io/https-target-proxy: k8s-tps-default-showcase-mde-ingress--1cd1f38313af9089 ingress.kubernetes.io/ssl-cert: mcrt-14cb8169-25ba-4712-bca5-cb612562a00b ingress.kubernetes.io/target-proxy: k8s-tp-default-showcase-mde-ingress--1cd1f38313af9089 ingress.kubernetes.io/url-map: k8s-um-default-showcase-mde-ingress--1cd1f38313af9089 kubernetes.io/ingress.global-static-ip-name: 34.107.208.110 networking.gke.io/managed-certificates: moviedecisionengine creationTimestamp:"2020-01-16T19:44:13Z" generation: 4 name: showcase-mde-ingress namespace: default resourceVersion:"1039270" selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/showcase-mde-ingress uid: 92a2f91f-3898-11ea-b820-42010a800045 spec: backend: serviceName: showcase-mde servicePort: 80 rules: - host: moviedecisionengine.com http: paths: - backend: serviceName: showcase-mde servicePort: 80 - host: www.moviedecisionengine.com http: paths: - backend: serviceName: showcase-mde servicePort: 80 status: loadBalancer: ingress: - ip: 34.107.208.110 |
最后,负载均衡器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | apiVersion: v1 kind: Service metadata: creationTimestamp:"2020-01-13T22:41:27Z" labels: app: showcase-mde name: showcase-mde namespace: default resourceVersion:"2298" selfLink: /api/v1/namespaces/default/services/showcase-mde uid: d5a77d7b-3655-11ea-af7f-42010a800157 spec: clusterIP: 10.31.251.46 externalTrafficPolicy: Cluster ports: - nodePort: 31721 port: 80 protocol: TCP targetPort: 80 selector: app: showcase-mde sessionAffinity: None type: LoadBalancer status: loadBalancer: ingress: - ip: 35.232.156.172 |
对于
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | Name: moviedecisionengine Namespace: default Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"networking.gke.io/v1beta1","kind":"ManagedCertificate","metadata":{"annotations":{},"name":"moviedecisionengine","namespace... API Version: networking.gke.io/v1beta1 Kind: ManagedCertificate Metadata: Creation Timestamp: 2020-01-17T16:47:19Z Generation: 3 Resource Version: 1042869 Self Link: /apis/networking.gke.io/v1beta1/namespaces/default/managedcertificates/moviedecisionengine UID: 06c97b69-3949-11ea-b820-42010a800045 Spec: Domains: moviedecisionengine.com Status: Certificate Name: mcrt-14cb8169-25ba-4712-bca5-cb612562a00b Certificate Status: Provisioning Domain Status: Domain: moviedecisionengine.com Status: FailedNotVisible Events: <none> |
我成功地将
让我详细说明一下:
复制步骤:
-
使用
gcloud 创建IP地址 - 更新DNS条目
- 创建一个部署
- 创建服务
- 创建证书
- 创建一个入口资源
使用gcloud创建IP地址
调用以下命令以创建静态IP地址:
使用以下命令检查新创建的IP地址:
更新DNS条目
转到
使用与上面创建的相同地址的
等待其应用。
使用
创建一个部署
下面是将响应流量的示例部署:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | apiVersion: apps/v1 kind: Deployment metadata: name: hello spec: selector: matchLabels: app: hello version: 1.0.0 replicas: 3 template: metadata: labels: app: hello version: 1.0.0 spec: containers: - name: hello image:"gcr.io/google-samples/hello-app:1.0" env: - name:"PORT" value:"50001" |
使用命令
应用
您可以更改此部署以适合您的应用程序,但请注意您的应用程序将响应的端口。
创建服务
使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | apiVersion: v1 kind: Service metadata: name: hello-service spec: type: NodePort selector: app: hello version: 1.0.0 ports: - name: hello-port protocol: TCP port: 50001 targetPort: 50001 |
使用命令
应用
创建证书
如指南中所示,您可以使用以下示例创建
1 2 3 4 5 6 7 | apiVersion: networking.gke.io/v1beta1 kind: ManagedCertificate metadata: name: example-certificate spec: domains: - DOMAIN.NAME |
使用命令
应用
The status
FAILED_NOT_VISIBLE indicates that certificate provisioning failed for a domain because of a problem with DNS or the load balancing configuration. Make sure that DNS is configured so that the certificate's domain resolves to the IP address of the load balancer.
-- Google Cloud documentation
此证书的创建应受到您之前提供的DNS条目的影响。
创建一个入口资源
以下是
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress annotations: kubernetes.io/ingress.global-static-ip-name: example-address networking.gke.io/managed-certificates: example-certificate spec: rules: - host: DOMAIN.NAME http: paths: - path: / backend: serviceName: hello-service servicePort: hello-port |
使用命令
应用
整个过程大约需要20-25分钟。