higress
higress copied to clipboard
Published
20 hours ago •
alibaba
alibaba
fix: add full push when higress-https configmap updated and fix certmagic storage
Ⅰ. Describe what this PR did
- 当 higress-https 配置映射更新时,ingress 将全量推送。
- 修复 configMgr.GetConfig 的错误。
- 修复 certmagic 配置映射存储分片不能生效问题。
- 修复 RenewalWindowRatio 配置不能生效的问题。
Ⅱ. Does this pull request fix one issue?
Ⅲ. Why don't you add test cases (unit test/integration test)?
阿里云 新加波 搭了 higress cluster
- higress-https configmap && ingress
apiVersion: v1
kind: ConfigMap
metadata:
name: higress-https
namespace: higress-system
data:
cert: |
automaticHttps: true
renewBeforeDays: 14999 # RenewMaxDays = 15000,为了测试Renew
fallbackForInvalidSecret: false
acmeIssuer:
- ak: test
sk: test
email: [email protected]
name: letsencrypt
credentialConfig:
- cacertSecret: foo-com-ca-secret
domains:
- 8.222.156.101.sslip.io
tlsSecret: foo-com-secret
tlsIssuer: letsencrypt
version: test
---
apiVersion: v1
kind: Namespace
metadata:
name: higress-course
---
apiVersion: v1
kind: Service
metadata:
name: echo-server
namespace: higress-course
spec:
selector:
app: echo-server
ports:
- protocol: TCP
port: 8080
targetPort: 3000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-server
namespace: higress-course
labels:
app: echo-server
spec:
replicas: 1
selector:
matchLabels:
app: echo-server
template:
metadata:
labels:
app: echo-server
spec:
containers:
- name: echo-server
image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/echo-server:1.3.0
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: 10m
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-foo
namespace: higress-course
spec:
ingressClassName: higress
tls:
- hosts:
- "8.222.156.101.sslip.io"
rules:
- host: "8.222.156.101.sslip.io"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: echo-server
port:
number: 8080
- 生成 configmap sharding
root@iZt4ndl8svou8s8c3akegmZ:~# kubectl get configmap -n higress-system | grep higress-cert-store
higress-cert-store-certificates-92abe106 3 160m
higress-cert-store-default 9 160m
higress-cert-store-certificates-92abe106 yaml 如下:
apiVersion: v1
data:
9b706ce0: '{"k":"certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io/8.222.156.101.sslip.io.json","v":"ewoJInNhbnMiOiBbCgkJIjguMjIyLjE1Ni4xMDEuc3NsaXAuaW8iCgldLAoJImlzc3Vlcl9kYXRhIjogewoJCSJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2VydC8wNGQyY2FkYWFhZGQyZjY0YWI3YzA2OWI2ZDU5ODQ0ZjgxZWQiLAoJCSJjYSI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvZGlyZWN0b3J5IgoJfQp9"}'
15282d9d: '{"k":"certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io/8.222.156.101.sslip.io.key","v":"LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNwcXdweGNwbG1UQzgvTnVpSW1DSk5yb3VqV251Wmx1TXJOckRXejdONG5vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNEtBWkUyMnFXOXBWeks5b1pYWHdtZlVmZGY1cDlCSVZvYy9hTU56Qy8zUUw2dHdzYm1QVwpEWCtvU0gxVDFLdlhadmlFY3NXWm41dUJIV0pYLy9iYzlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="}'
a0f678b9: '{"k":"certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io/8.222.156.101.sslip.io.crt","v":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqVENDQXhPZ0F3SUJBZ0lTQk5MSzJxcmRMMlNyZkFhYmJWbUVUNEh0TUFvR0NDcUdTTTQ5QkFNRE1ESXgKQ3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEVlFRS0V3MU1aWFFuY3lCRmJtTnllWEIwTVFzd0NRWURWUVFERXdKRgpOakFlRncweU5EQTNNVEV3TXpFME5ERmFGdzB5TkRFd01Ea3dNekUwTkRCYU1DRXhIekFkQmdOVkJBTVRGamd1Ck1qSXlMakUxTmk0eE1ERXVjM05zYVhBdWFXOHdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBVGcKb0JrVGJhcGIybFhNcjJobGRmQ1o5UjkxL21uMEVoV2h6OW93M01ML2RBdnEzQ3h1WTlZTmY2aElmVlBVcTlkbQorSVJ5eFptZm00RWRZbGYvOXR6Mm80SUNHRENDQWhRd0RnWURWUjBQQVFIL0JBUURBZ2VBTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1CMEdBMVVkRGdRV0JCU3gKditvM2lqZldkZmYxSml1SnZNb2d0V2J6bERBZkJnTlZIU01FR0RBV2dCU1RKMGFZQTZsUmFJNlkxc1JDU05zagp2MWlVMGpCVkJnZ3JCZ0VGQlFjQkFRUkpNRWN3SVFZSUt3WUJCUVVITUFHR0ZXaDBkSEE2THk5bE5pNXZMbXhsCmJtTnlMbTl5WnpBaUJnZ3JCZ0VGQlFjd0FvWVdhSFIwY0RvdkwyVTJMbWt1YkdWdVkzSXViM0puTHpBaEJnTlYKSFJFRUdqQVlnaFk0TGpJeU1pNHhOVFl1TVRBeExuTnpiR2x3TG1sdk1CTUdBMVVkSUFRTU1Bb3dDQVlHWjRFTQpBUUlCTUlJQkJBWUtLd1lCQkFIV2VRSUVBZ1NCOVFTQjhnRHdBSGNBUHhkTFQ5Y2lSMWlVSFdVY2hMNE5FdTJRCk4zOGZoV3Jyd2I4b2hlejRaRzRBQUFHUW9BQWlCUUFBQkFNQVNEQkdBaUVBbUl2a3JMTGZVQkFzS1V5TWxLWU4KRU5qcEFBb29NNUgweEtJM0x5U2lHNVlDSVFDSFJkNDRKdTh6NHBVWjRWMXBtMEtlMDhWQUZ0aERBc2s0N3BwVgp3NlFydVFCMUFIYi9pRDhLdHZ1VlVjSmh6UFdIdWpTMHBNMjdLZHhvUWdxZjVtZE1XanAwQUFBQmtLQUFJaklBCkFBUURBRVl3UkFJZ2ZDYytmckF3aUgxVS8yNng3VjFlaVQxTExNSFV4ZDRkdHFNQ1VPVXJXdk1DSUJwTnFnT3gKbmhTVkt1Yk0vd0NlcnZoWmxQWmFwemlWUWxyNG9sL2hTTUFITUFvR0NDcUdTTTQ5QkFNREEyZ0FNR1VDTUdmMQpvREIyTW81TWxIbFdTTnptbEhYcUdZblV6QXFsUkxHVmhQTmFBc3NkZUJib0k5MzNJcnhOSjBFOU1mL0RXZ0l4CkFQSFNUOG4zQWh4MXBBYkF2aFpMUFZTV3NNUkdxbUVMMk0vekE3TnM3TmVQbTVQc05OT2pXS0h4TjZIZ2Y3Q1kKYlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRVZ6Q0NBaitnQXdJQkFnSVJBTEJYUHBGemx5ZHcyN1NIeXpwRkt6Z3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qUXdNekV6TURBd01EQXcKV2hjTk1qY3dNekV5TWpNMU9UVTVXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpSVzVqY25sd2RERUxNQWtHQTFVRUF4TUNSVFl3ZGpBUUJnY3Foa2pPUFFJQkJnVXJnUVFBSWdOaUFBVFo4WjVHCmgvZ2hjV0NvSnV1aitybnEyaDI1RXFmVUp0bFJGTEZoZkhXV3Z5SUxPUi9WdnRFS1Jxb3RQRW9KaEM2K1FKVlYKNlJsQU4yWjE3VEpPZHdSSitIQjd3eGpuenZkeEVQNnNkTmdBMU8xdEhITVdNeENjT3JMcWJHTDB2YmlqZ2ZndwpnZlV3RGdZRFZSMFBBUUgvQkFRREFnR0dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNECkFUQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlNUSjBhWUE2bFJhSTZZMXNSQ1NOc2oKdjFpVTBqQWZCZ05WSFNNRUdEQVdnQlI1dEZubWU3Ymw1QUZ6Z0FpSXlCcFk5dW1iYmpBeUJnZ3JCZ0VGQlFjQgpBUVFtTUNRd0lnWUlLd1lCQlFVSE1BS0dGbWgwZEhBNkx5OTRNUzVwTG14bGJtTnlMbTl5Wnk4d0V3WURWUjBnCkJBd3dDakFJQmdabmdRd0JBZ0V3SndZRFZSMGZCQ0F3SGpBY29CcWdHSVlXYUhSMGNEb3ZMM2d4TG1NdWJHVnUKWTNJdWIzSm5MekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBZll0N1NpQTFzZ1dHQ0lwdW5rNDZyNEFFeElSYwpNeGtLZ1VoTmxycnYxQjIxaE9hWE4vNW1pRStMT1RicmNtVS9NOXl2QzZNVlk3MzBHTkZvTDhJaEo4ajh2ck9MCnBNWTIyT1A2YmFTMWs5WU1ydERUbHdKSG9HYnkwNFRoVFVlQkRrc1M5Uml1SHZpY1pxQmVkUWRJRjY1cFp1aHAKZURjR0JjTGlZYXNRci9FTzVneHh0THlUbWdzSFNPVlNCY0ZPbjlsZ3Y3TEVDUHE5aTdtZkgzbXB4Z3JSS1N4SApwT29aMEtYTWNCK2hIdXZsa2xIbnR2Y0kwbU1NUTBtaFlqNnF0TUZTdGtGMVJwQ0czSVBkSXdwVkNRcXU4R1Y3CnM4dWJrblJ6cyszQy9CbTE5UkZPb2lQcERrd3Z5TmZ2bVExNFhreXFxS0s1b1o4emhEMzJrRlJRa3hhOHVaU3UKaDRhVEltRnhrbnUzOXdhQnhJUlhFNGpLeGxBbVFjNFFqRlpvcTFLbVFxUWcwSi8xSkY4UmxGdkphczFWY2pMdgpZbHZVQjJ0Nm5wTzZvUWpCM2wrUE5mMERwUUg3aVV4M1d6NUFqUUNpNkwyNUZqeUUwNnE2QlovUWxtdFlkbC84ClpZYW80U1JxUEVzLzZjQWlGK1FmNXpnMlVrYVd0RHBobDFMS011VE5Mb3R2c1g5OUhQNjlWMmZhTnllZ29kUTAKTHlUQXByL3ZUMDFZUEU0NnZOc0RMZ0srNGNMNlRyekMvYTRXY21GNVNSSjkzOHpydi9kdUpITFhRSWt1NXYwKwpFd095NTlIZG0wUFQvRXIvODRkRFYwQ1NqZFIvMlh1Wk0za3B5c1NLTGdEMWNLaURBK0lSZ3VPREN4Zk85Y3lZCklnNDZ2OW1GbUJ2eUgwND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="}'
kind: ConfigMap
metadata:
annotations:
higress.io/cert-https: "true"
creationTimestamp: "2024-07-11T01:52:00Z"
name: higress-cert-store-certificates-92abe106
namespace: higress-system
resourceVersion: "15408"
uid: 9da8d7d3-b1b5-4d80-87e8-b9d33d943f22
- https://8.222.156.101.sslip.io/
- renew 测试
renew 日志如下:
024-07-11T03:44:43.233612Z info cert certMgr manageSync domains done
1.720670080033656e+09 info maintenance start to renew ManagedCertificates
1.7206700800337026e+09 info maintenance cache certKey {"cert_key": "00ad3244c475b7dc411c030285ee8e820dd13109f5e5809b6cbe154cb2108125"}
1.7206700800337105e+09 info maintenance cert name {"cert_name": "8.222.156.101.sslip.io"}
2024-07-11T03:54:40.033718Z info cert certmgr cache GetConfigForCert
2024-07-11T03:54:40.034000Z info cert certmgr config: &{0.9999333333333333 0x1eac500 <nil> false [0xc0009ac140] false {p256} <nil> {false map[]} ConfigmapStorage false 0xc0009aec40 0xc000c29ef0}
1.7206700800340085e+09 info maintenance need to renew cert name {"cert_name": "8.222.156.101.sslip.io"}
1.7206700800433915e+09 info maintenance add cert to renewQueue {"cert_name": "8.222.156.101.sslip.io"}
1.7206700800434122e+09 info maintenance certificate expires soon; queuing for renewal {"identifiers": ["8.222.156.101.sslip.io"], "remaining": 7771800.9565886}
1.7206700800435774e+09 info maintenance attempting certificate renewal {"identifiers": ["8.222.156.101.sslip.io"], "remaining": 7771800.95642431}
1.720670080064369e+09 info renew acquiring lock {"identifier": "8.222.156.101.sslip.io"}
1.720670080065242e+09 info renew lock acquired {"identifier": "8.222.156.101.sslip.io"}
1.7206700800709496e+09 info renew renewing certificate {"identifier": "8.222.156.101.sslip.io", "remaining": 7771800.929052114}
2024-07-11T03:54:40.071066Z info cert certmgr receive event:%!d(string=cert_obtaining)ata:map[forced:false identifier:8.222.156.101.sslip.io issuer:acme-v02.api.letsencrypt.org-directory remaining:2158h50m0.929052114s renewal:true]
1.7206700800783591e+09 info waiting on internal rate limiter {"identifiers": ["8.222.156.101.sslip.io"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[email protected]"}
1.7206700800792503e+09 info done waiting on internal rate limiter {"identifiers": ["8.222.156.101.sslip.io"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[email protected]"}
1.7206700812960255e+09 info acme_client authorization finalized {"identifier": "8.222.156.101.sslip.io", "authz_status": "valid"}
1.7206700812960458e+09 info acme_client validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/1830530677/286215397237"}
1.7206700826325202e+09 info acme_client successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/04d4b7ab2866579e13c0b7bd807fd447807e"}
1.7206700826571453e+09 info renew certificate renewed successfully {"identifier": "8.222.156.101.sslip.io"}
2024-07-11T03:54:42.659062Z info cert certmgr receive event:%!d(string=cert_obtained)ata:map[certificate_path:certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io/8.222.156.101.sslip.io.crt identifier:8.222.156.101.sslip.io issuer:acme-v02.api.letsencrypt.org-directory metadata_path:certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io/8.222.156.101.sslip.io.json private_key_path:certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io/8.222.156.101.sslip.io.key remaining:2158h50m0.929052114s renewal:true storage_path:certificates/acme-v02.api.letsencrypt.org-directory/8.222.156.101.sslip.io]
2024-07-11T03:54:42.663277Z info cert update secret, domain:8.222.156.101.sslip.io, secretName:foo-com-secret, privateKey:-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIMCa8oIQRoMtdWDKd1pzz4oU5dHPgPJDugAGYpE9h2A/oAoGCCqGSM49
AwEHoUQDQgAE2BEF3zoVzL2Pt+DwK2bvH7SPuiYlhf6wfpSvMz9yzaGVAqQ0MmO+
1HcAtOb+56jpNeooas+AtxD5d9kt8H1rDg==
-----END EC PRIVATE KEY-----
, certificate:-----BEGIN CERTIFICATE-----
MIIDizCCAxGgAwIBAgISBNS3qyhmV54TwLe9gH/UR4B+MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NjAeFw0yNDA3MTEwMjU0NDFaFw0yNDEwMDkwMjU0NDBaMCExHzAdBgNVBAMTFjgu
MjIyLjE1Ni4xMDEuc3NsaXAuaW8wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY
EQXfOhXMvY+34PArZu8ftI+6JiWF/rB+lK8zP3LNoZUCpDQyY77UdwC05v7nqOk1
6ihqz4C3EPl32S3wfWsOo4ICFjCCAhIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR0
7hHQq7w1qQ3QdkIjunQgq3tOBTAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxl
bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzAhBgNV
HREEGjAYghY4LjIyMi4xNTYuMTAxLnNzbGlwLmlvMBMGA1UdIAQMMAowCAYGZ4EM
AQIBMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAPxdLT9ciR1iUHWUchL4NEu2Q
N38fhWrrwb8ohez4ZG4AAAGQn+3S0QAABAMARjBEAiAQmBQu+f08Rl/QB7saLene
hC6lHC6YgTmpcjQAlfkfaAIgHDvUzMKScC7kU4Eg9NzwLHAcs2OdUIgYLe5mQPEC
fiEAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAZCf7dMOAAAE
AwBGMEQCIGsa3I3rj+qSC6FmrRgEjN7AnUg1jqo+y9Xdg6qzlviyAiA6/L/o9b6u
454pZzIlGXYPBnI9wxrg6oCJzn+bfszaXjAKBggqhkjOPQQDAwNoADBlAjEAqQXW
pd1Beq28WQ+pHu/03HxR6s0vzL/t1TWq/z6zB8UfdAAe2DSVIjlRWprDvwuCAjAg
1hNDw4PGW9cVOO6w6rYLCq6x5fVxDGtj2QJwql1PIgc8AMXp5kBDTb5x2M5J1i4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
Ig46v9mFmBvyH04=
-----END CERTIFICATE-----
, notBefore:2024-07-11 02:54:42 +0000 UTC, notAfter:2024-10-09 02:54:41 +0000 UTC, isRenew:true
1.7206700826769848e+09 info renew releasing lock {"identifier": "8.222.156.101.sslip.io"}
1.7206700826770115e+09 info reloading managed certificate {"identifiers": ["8.222.156.101.sslip.io"]}
1.7206700829618974e+09 debug removed certificate from cache {"subjects": ["8.222.156.101.sslip.io"], "expiration": 1728441881, "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "00ad3244c475b7dc411c030285ee8e820dd13109f5e5809b6cbe154cb2108125", "cache_size": 0, "cache_capacity": 0}
1.7206700829619248e+09 debug added certificate to cache {"subjects": ["8.222.156.101.sslip.io"], "expiration": 1728442481, "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "a45d839a3aaa736cc1c978fa465ae3ba605c1b97fef1c4581cea03d01ab273e7", "cache_size": 1, "cache_capacity": 0}
1.720670082961932e+09 info replaced certificate in cache {"subjects": ["8.222.156.101.sslip.io"], "new_expiration": 1728442481}
foo-com-secretsecret yaml info 如下:
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqVENDQXhPZ0F3SUJBZ0lTQk5MSzJxcmRMMlNyZkFhYmJWbUVUNEh0TUFvR0NDcUdTTTQ5QkFNRE1ESXgKQ3pBSkJnTlZCQVlUQWxWVE1SWXdGQVlEVlFRS0V3MU1aWFFuY3lCRmJtTnllWEIwTVFzd0NRWURWUVFERXdKRgpOakFlRncweU5EQTNNVEV3TXpFME5ERmFGdzB5TkRFd01Ea3dNekUwTkRCYU1DRXhIekFkQmdOVkJBTVRGamd1Ck1qSXlMakUxTmk0eE1ERXVjM05zYVhBdWFXOHdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBVGcKb0JrVGJhcGIybFhNcjJobGRmQ1o5UjkxL21uMEVoV2h6OW93M01ML2RBdnEzQ3h1WTlZTmY2aElmVlBVcTlkbQorSVJ5eFptZm00RWRZbGYvOXR6Mm80SUNHRENDQWhRd0RnWURWUjBQQVFIL0JBUURBZ2VBTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1CMEdBMVVkRGdRV0JCU3gKditvM2lqZldkZmYxSml1SnZNb2d0V2J6bERBZkJnTlZIU01FR0RBV2dCU1RKMGFZQTZsUmFJNlkxc1JDU05zagp2MWlVMGpCVkJnZ3JCZ0VGQlFjQkFRUkpNRWN3SVFZSUt3WUJCUVVITUFHR0ZXaDBkSEE2THk5bE5pNXZMbXhsCmJtTnlMbTl5WnpBaUJnZ3JCZ0VGQlFjd0FvWVdhSFIwY0RvdkwyVTJMbWt1YkdWdVkzSXViM0puTHpBaEJnTlYKSFJFRUdqQVlnaFk0TGpJeU1pNHhOVFl1TVRBeExuTnpiR2x3TG1sdk1CTUdBMVVkSUFRTU1Bb3dDQVlHWjRFTQpBUUlCTUlJQkJBWUtLd1lCQkFIV2VRSUVBZ1NCOVFTQjhnRHdBSGNBUHhkTFQ5Y2lSMWlVSFdVY2hMNE5FdTJRCk4zOGZoV3Jyd2I4b2hlejRaRzRBQUFHUW9BQWlCUUFBQkFNQVNEQkdBaUVBbUl2a3JMTGZVQkFzS1V5TWxLWU4KRU5qcEFBb29NNUgweEtJM0x5U2lHNVlDSVFDSFJkNDRKdTh6NHBVWjRWMXBtMEtlMDhWQUZ0aERBc2s0N3BwVgp3NlFydVFCMUFIYi9pRDhLdHZ1VlVjSmh6UFdIdWpTMHBNMjdLZHhvUWdxZjVtZE1XanAwQUFBQmtLQUFJaklBCkFBUURBRVl3UkFJZ2ZDYytmckF3aUgxVS8yNng3VjFlaVQxTExNSFV4ZDRkdHFNQ1VPVXJXdk1DSUJwTnFnT3gKbmhTVkt1Yk0vd0NlcnZoWmxQWmFwemlWUWxyNG9sL2hTTUFITUFvR0NDcUdTTTQ5QkFNREEyZ0FNR1VDTUdmMQpvREIyTW81TWxIbFdTTnptbEhYcUdZblV6QXFsUkxHVmhQTmFBc3NkZUJib0k5MzNJcnhOSjBFOU1mL0RXZ0l4CkFQSFNUOG4zQWh4MXBBYkF2aFpMUFZTV3NNUkdxbUVMMk0vekE3TnM3TmVQbTVQc05OT2pXS0h4TjZIZ2Y3Q1kKYlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRVZ6Q0NBaitnQXdJQkFnSVJBTEJYUHBGemx5ZHcyN1NIeXpwRkt6Z3dEUVlKS29aSWh2Y05BUUVMQlFBdwpUekVMTUFrR0ExVUVCaE1DVlZNeEtUQW5CZ05WQkFvVElFbHVkR1Z5Ym1WMElGTmxZM1Z5YVhSNUlGSmxjMlZoCmNtTm9JRWR5YjNWd01SVXdFd1lEVlFRREV3eEpVMUpISUZKdmIzUWdXREV3SGhjTk1qUXdNekV6TURBd01EQXcKV2hjTk1qY3dNekV5TWpNMU9UVTVXakF5TVFzd0NRWURWUVFHRXdKVlV6RVdNQlFHQTFVRUNoTU5UR1YwSjNNZwpSVzVqY25sd2RERUxNQWtHQTFVRUF4TUNSVFl3ZGpBUUJnY3Foa2pPUFFJQkJnVXJnUVFBSWdOaUFBVFo4WjVHCmgvZ2hjV0NvSnV1aitybnEyaDI1RXFmVUp0bFJGTEZoZkhXV3Z5SUxPUi9WdnRFS1Jxb3RQRW9KaEM2K1FKVlYKNlJsQU4yWjE3VEpPZHdSSitIQjd3eGpuenZkeEVQNnNkTmdBMU8xdEhITVdNeENjT3JMcWJHTDB2YmlqZ2ZndwpnZlV3RGdZRFZSMFBBUUgvQkFRREFnR0dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNECkFUQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUFNQjBHQTFVZERnUVdCQlNUSjBhWUE2bFJhSTZZMXNSQ1NOc2oKdjFpVTBqQWZCZ05WSFNNRUdEQVdnQlI1dEZubWU3Ymw1QUZ6Z0FpSXlCcFk5dW1iYmpBeUJnZ3JCZ0VGQlFjQgpBUVFtTUNRd0lnWUlLd1lCQlFVSE1BS0dGbWgwZEhBNkx5OTRNUzVwTG14bGJtTnlMbTl5Wnk4d0V3WURWUjBnCkJBd3dDakFJQmdabmdRd0JBZ0V3SndZRFZSMGZCQ0F3SGpBY29CcWdHSVlXYUhSMGNEb3ZMM2d4TG1NdWJHVnUKWTNJdWIzSm5MekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBZll0N1NpQTFzZ1dHQ0lwdW5rNDZyNEFFeElSYwpNeGtLZ1VoTmxycnYxQjIxaE9hWE4vNW1pRStMT1RicmNtVS9NOXl2QzZNVlk3MzBHTkZvTDhJaEo4ajh2ck9MCnBNWTIyT1A2YmFTMWs5WU1ydERUbHdKSG9HYnkwNFRoVFVlQkRrc1M5Uml1SHZpY1pxQmVkUWRJRjY1cFp1aHAKZURjR0JjTGlZYXNRci9FTzVneHh0THlUbWdzSFNPVlNCY0ZPbjlsZ3Y3TEVDUHE5aTdtZkgzbXB4Z3JSS1N4SApwT29aMEtYTWNCK2hIdXZsa2xIbnR2Y0kwbU1NUTBtaFlqNnF0TUZTdGtGMVJwQ0czSVBkSXdwVkNRcXU4R1Y3CnM4dWJrblJ6cyszQy9CbTE5UkZPb2lQcERrd3Z5TmZ2bVExNFhreXFxS0s1b1o4emhEMzJrRlJRa3hhOHVaU3UKaDRhVEltRnhrbnUzOXdhQnhJUlhFNGpLeGxBbVFjNFFqRlpvcTFLbVFxUWcwSi8xSkY4UmxGdkphczFWY2pMdgpZbHZVQjJ0Nm5wTzZvUWpCM2wrUE5mMERwUUg3aVV4M1d6NUFqUUNpNkwyNUZqeUUwNnE2QlovUWxtdFlkbC84ClpZYW80U1JxUEVzLzZjQWlGK1FmNXpnMlVrYVd0RHBobDFMS011VE5Mb3R2c1g5OUhQNjlWMmZhTnllZ29kUTAKTHlUQXByL3ZUMDFZUEU0NnZOc0RMZ0srNGNMNlRyekMvYTRXY21GNVNSSjkzOHpydi9kdUpITFhRSWt1NXYwKwpFd095NTlIZG0wUFQvRXIvODRkRFYwQ1NqZFIvMlh1Wk0za3B5c1NLTGdEMWNLaURBK0lSZ3VPREN4Zk85Y3lZCklnNDZ2OW1GbUJ2eUgwND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNwcXdweGNwbG1UQzgvTnVpSW1DSk5yb3VqV251Wmx1TXJOckRXejdONG5vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNEtBWkUyMnFXOXBWeks5b1pYWHdtZlVmZGY1cDlCSVZvYy9hTU56Qy8zUUw2dHdzYm1QVwpEWCtvU0gxVDFLdlhadmlFY3NXWm41dUJIV0pYLy9iYzlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
annotations:
higress.io/cert-domain: 8.222.156.101.sslip.io
higress.io/cert-notAfter: "2024-10-09 03:14:41"
higress.io/cert-notBefore: "2024-07-11 03:14:42"
higress.io/cert-renew: "true"
higress.io/cert-renew-time: "2024-07-11 04:14:42"
higress.io/cert-source: letsencrypt
creationTimestamp: "2024-07-11T01:52:10Z"
name: foo-com-secret
namespace: higress-system
resourceVersion: "15409"
uid: abde9c14-3cd0-4279-abe4-de900ed2e896
type: kubernetes.io/tls
这里看到 secret已经Renew
https://8.222.156.101.sslip.io/
证书签发日期变更成最新日期。
