Kubernetes &引用;x509:由未知机构签署的证书“;在istio中创建pod时出错
K8S版本:1.14.2 Istio版本:1.12.4 操作系统:CentOS 7 遵循此指南,但出现了错误 从istio.io: “x509:由未知权限签署的证书相关错误通常是由webhook配置中的空caBundle引起的。” 以下链接提供了故障排除提示:Kubernetes &引用;x509:由未知机构签署的证书“;在istio中创建pod时出错,kubernetes,istio,Kubernetes,Istio,K8S版本:1.14.2 Istio版本:1.12.4 操作系统:CentOS 7 遵循此指南,但出现了错误 从istio.io: “x509:由未知权限签署的证书相关错误通常是由webhook配置中的空caBundle引起的。” 以下链接提供了故障排除提示: $ kubectl describe rs details-v1-c5b5f496d .... Events: Type Reason Age From
$ kubectl describe rs details-v1-c5b5f496d
....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 8m38s (x18 over 19m) replicaset-controller Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
[root@centos-10-90-152-38 k8s]# kubectl get mutatingwebhookconfiguration istio-sidecar-injector -o yaml -o jsonpath='{.webhooks[0].clientConfig.caBundle}' | md5sum
7a67a48a97a2c079958225147a65d7cb -
[root@centos-10-90-152-38 k8s]# kubectl -n istio-system get secret istio.istio-sidecar-injector-service-account -o jsonpath='{.data.root-cert\.pem}' | md5sum
7a67a48a97a2c079958225147a65d7cb -