问题
I have deployed a CipherSuite on an Istio Ingress Gateway object:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: hello-istio-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- hosts:
- "*"
port:
name: https-wildcard
number: 444
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
cipherSuites: "[ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256]"
But from kubectl I get the error
admission webhook "pilot.validation.istio.io" denied the request: error decoding configuration: YAML decoding error:
json: cannot unmarshal string into Go value of type []json.RawMessage
Any ideas what could be wrong with my manifest?
Thanks in advance.
Best regards, rforberger
回答1:
Remove the " chars from the cipherSuites.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: hello-istio-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- hosts:
- "*"
port:
name: https-wildcard
number: 444
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
cipherSuites: [ECDHE-RSA-AES256-GCM-SHA384|ECDHE-RSA-AES128-GCM-SHA256]
$ kubectl apply -f gateway.yaml
gateway.networking.istio.io/hello-istio-gateway created
来源:https://stackoverflow.com/questions/60431110/tlsoption-ciphersuites-does-not-work-on-istio-ingress-gateway