Thanks a lot! You are right. The ISP is hijacking dns requests: ``` mirto@bianco500:~$ ping -c 2 1.2.3.4 PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data. --- 1.2.3.4 ping statistics ---...
Hi @tao12345666333 the problem appeared after 5 cluster restarts How I've done the tests: 1) start the cluster and wait everything goes green 2) inspect the upstream address with apisix...
Well reinstalling apisix with the tls chart modifications ``` tls: enabled: true servicePort: 443 containerPort: 9443 existingCASecret: "-----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUfUAyqeAGoxCGB6V/5qxOS/ZczrEwDQYJKoZIhvcNAQEL BQAwgZUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9t ZTEVMBMGA1UECgwMQnVzaWNvIE1pcnRvMRMwEQYDVQQLDApMYWJvcmF0b3J5MRUw EwYDVQQDDAxCdXNpY28gTWlydG8xJDAiBgkqhkiG9w0BCQEWFW1pcnRvYnVzaWNv QGdtYWlsLmNvbTAeFw0yMjAxMTcxNzQ2MDZaFw0zMjAxMTUxNzQ2MDZaMIGVMQsw CQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDTALBgNVBAcMBFJvbWUxFTATBgNV BAoMDEJ1c2ljbyBNaXJ0bzETMBEGA1UECwwKTGFib3JhdG9yeTEVMBMGA1UEAwwM QnVzaWNvIE1pcnRvMSQwIgYJKoZIhvcNAQkBFhVtaXJ0b2J1c2ljb0BnbWFpbC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7T89OolDaC7YprD0l 3q20y0cchShqovk8Nzo12prDX8CCGxv6zexaHYVKk6qFfSGJJcgHcuxLIHvnflVH Ugx9/LWOxaVz6N0i7z8hjnzxyMb2CXaTOpsbp0CdLeoEHjoZlESzAg6blIL4szPn...
Thanks @tokers How can I do this? Which type of kubernetes secret? Is the caCerficiateFilename the secret name? There is any example?
@tokers Well maybe I don't understand the documentation I created a generic secret using these commands: ``` sysop@m01serv:~/m01certs$ cd ~/m01certs sysop@m01serv:~/m01certs$ ls -lh m01ca.* -rw-r--r-- 1 root root 1,7K gen...
Hi @tokers the first probem is that the secret is namespaced. So to have a valid secret it have to be defined in the apisix namespace ``` sysop@m01serv:~/m01certs$ kubectl -n...
Hi @tokers you are right As I said in previos comments I created my own CA and signed my certificates with this CA. My working configuration is obtained doing: I...
@tokers Ok. So it seems this is the correct behaviour. For me this request can be closed. I'm just curious to understand the use for existingCASecret and certCAFilename in the...
@tokers yes. And this is exactly what I've done (see my previous replies). The question is why the curl from the apisix pod says unknown CA if the CA cert...
Il 25/02/22 13:33, Alex Zhang ha scritto: > > @tokers yes. And this is exactly what > I've done (see my previous replies). > > The question is why the...