0

我正在尝试为安装在 Kubernetes 中的 Kong 2.7 设置 SSL 证书,但我没有让它按预期工作。我尝试遵循本指南甚至在讨论中寻找额外的帮助。

curl -X POST http://kong-admin:8001/certificates -F "cert=kong.lan.pem" -F "key=kong.lan.key" -F "snis[0]=mydomain.net"

这是我的回应:

{
  "fields": {
    "cert": "invalid certificate: x509.new: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data",
    "key": "invalid key: pkey.new:load_key: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data"
  },
  "message": "2 schema violations (cert: invalid certificate: x509.new: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data; key: invalid key: pkey.new:load_key: asn1/a_d2i_fp.c:197:error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data)",
  "name": "schema violation",
  "code": 2
}

Kong 使用 helm chart 部署:

$ helm repo add kong https://charts.konghq.com
$ helm repo update

$ helm install kong/kong --generate-name --set ingressController.enabled=true --set admin.enabled=True --set admin.http.enabled=True --set ingress.enabled=True --set proxy.ingress.enabled=True --set admin.type=LoadBalancer --set proxy.type=LoadBalancer

你们有谁知道如何使它工作或如何将 tls.crt 和 tls.key 添加到 Kong Deployment 中?

4

1 回答 1

1

你只是错过了@curl 命令上传文件

curl -X POST http://kong-admin:8001/certificates -F "cert=@kong.lan.pem" -F "key=@kong.lan.key" -F "snis[0]=mydomain.net"

curl -X POST http://localhost:8001/certificates -F "cert=kong.lan.pem" -F "key=kong.lan.key" -F "snis[0]=mydomain.net"

将发送

POST /certificates HTTP/1.1
Host: localhost:8001
User-Agent: curl/7.68.0
Accept: */*
Content-Length: 363
Content-Type: multipart/form-data; boundary=------------------------d67ae21b533e5746

--------------------------d67ae21b533e5746
Content-Disposition: form-data; name="cert"

kong.lan.pem
--------------------------d67ae21b533e5746
Content-Disposition: form-data; name="key"

kong.lan.key
--------------------------d67ae21b533e5746
Content-Disposition: form-data; name="snis[0]"

mydomain.net
--------------------------d67ae21b533e5746--

echo "toto" >| kong.lan.pem
curl -X POST http://localhost:8001/certificates -F "cert=@kong.lan.pem" -F "key=kong.lan.key" -F "snis[0]=mydomain.net"

将发送

POST /certificates HTTP/1.1
Host: localhost:8001
User-Agent: curl/7.68.0
Accept: */*
Content-Length: 421
Content-Type: multipart/form-data; boundary=------------------------973b3467e461334a

--------------------------973b3467e461334a
Content-Disposition: form-data; name="cert"; filename="kong.lan.pem"
Content-Type: application/octet-stream

toto

--------------------------973b3467e461334a
Content-Disposition: form-data; name="key"

kong.lan.key
--------------------------973b3467e461334a
Content-Disposition: form-data; name="snis[0]"

mydomain.net
--------------------------973b3467e461334a--
于 2022-01-19T16:10:46.457 回答