lgy1027 commented on issue #648: URL: https://github.com/apache/apisix-ingress-controller/issues/648#issuecomment-905160227
> @lgy1027 When requesting apisix returns tls internal error, please take a look at the error log of apisix. > > BTW, Please show us the configuration in apisix or etcd ,such as route and upstream and tls. 这是apisix的报错  ```` apiVersion: apisix.apache.org/v1 kind: ApisixRoute metadata: creationTimestamp: "2021-08-25T03:46:44Z" generation: 1 managedFields: - apiVersion: apisix.apache.org/v2beta1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:http: {} manager: ___Test_Client_in_base_infra_adapter_gateway_apisix.exe operation: Update time: "2021-08-25T03:46:44Z" - apiVersion: apisix.apache.org/v2beta1 fieldsType: FieldsV1 fieldsV1: f:status: .: {} f:conditions: {} manager: apisix-ingress-controller operation: Update time: "2021-08-25T03:46:45Z" name: grpc-test namespace: lgy resourceVersion: "4785087" selfLink: /apis/apisix.apache.org/v1/namespaces/lgy/apisixroutes/grpc-test uid: fd5da37e-1ae3-4426-b4d0-9a769975f31e spec: http: - authentication: enable: false keyauth: {} type: keyAuth backend: serviceName: grpc servicePort: 50051 weight: 100 match: hosts: - test.grpc.com paths: - /helloworld.Greeter/SayHello name: grpc websocket: false status: conditions: - lastTransitionTime: "2021-08-25T03:46:45Z" message: Sync Successfully reason: ResourcesSynced status: "True" type: ResourcesAvailable ```` upstream.yaml ```` apiVersion: apisix.apache.org/v1 kind: ApisixUpstream metadata: creationTimestamp: "2021-08-25T03:46:44Z" generation: 1 managedFields: - apiVersion: apisix.apache.org/v1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:portLevelSettings: {} manager: ___Test_Client_in_base_infra_adapter_gateway_apisix.exe operation: Update time: "2021-08-25T03:46:44Z" - apiVersion: apisix.apache.org/v1 fieldsType: FieldsV1 fieldsV1: f:status: .: {} f:conditions: {} manager: apisix-ingress-controller operation: Update time: "2021-08-25T03:46:45Z" name: grpc namespace: lgy resourceVersion: "4785084" selfLink: /apis/apisix.apache.org/v1/namespaces/lgy/apisixupstreams/grpc uid: 1931023f-74e9-4275-a41a-e77dba284927 spec: portLevelSettings: - port: 50051 scheme: grpc status: conditions: - lastTransitionTime: "2021-08-25T03:46:45Z" message: Sync Successfully reason: ResourcesSynced status: "True" type: ResourcesAvailable ```` atls.yaml ```` apiVersion: apisix.apache.org/v1 kind: ApisixTls metadata: creationTimestamp: "2021-08-25T03:46:44Z" generation: 1 managedFields: - apiVersion: apisix.apache.org/v1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:hosts: {} f:secret: .: {} f:name: {} f:namespace: {} manager: ___Test_Client_in_base_infra_adapter_gateway_apisix.exe operation: Update time: "2021-08-25T03:46:44Z" - apiVersion: apisix.apache.org/v1 fieldsType: FieldsV1 fieldsV1: f:status: .: {} f:conditions: {} manager: apisix-ingress-controller operation: Update time: "2021-08-25T03:46:45Z" name: grpc namespace: lgy resourceVersion: "4785085" selfLink: /apis/apisix.apache.org/v1/namespaces/lgy/apisixtlses/grpc uid: 63210be9-0e51-4a2b-873b-c59494f1e46c spec: hosts: - test.grpc.com secret: name: grpc namespace: lgy status: conditions: - lastTransitionTime: "2021-08-25T03:46:45Z" message: Sync Successfully reason: ResourcesSynced status: "True" type: ResourcesAvailable ```` secret.yaml ```` apiVersion: v1 data: cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM3RENDQWRTZ0F3SUJBZ0lSQUo3dVA5WjhXcUxZS1NWeXBwNUtHVFV3RFFZSktvWklodmNOQVFFTEJRQXcKR0RFV01CUUdBMVVFQXhNTmRHVnpkQzVuY25CakxtTnZiVEFlRncweU1UQTRNalF3TnpFek16VmFGdzB5TWpBNApNalF3TnpFek16VmFNQmd4RmpBVUJnTlZCQU1URFhSbGMzUXVaM0p3WXk1amIyMHdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRElPc2FmT1dnY0k4aDlLVUZvOWIxaEhiK2JaaXk3UUxaTXM0eWkKR1ZjN1JUdlQrbzdaRG5zUW5wbTJXckgrY3orRHZpaG9ZRisvZ3cxcm5iMTJnRWx0TU5qTGErcjRYZENkbGpBOQordDhXeDhCU1VYUTRBWUhIbEt2RTVQTXo2Q1poM2ErRm9rUzRnSVhiSUZrQWl2cGZFMTZySFhjeGovRVR6UGk5CjI0NWlTWjQ0dVhqMHNHejhBMFdzdndoWStSU3VaM3NCRkUya1VHWU1URkFXLzRCWTdlckpzN3Y2d0x1dzJqVk8KQ3R2b01sWkRBSXpPajZwZUgvQWZ2a1NBWndTeWk3QWZxYllYSHJ1VXNoQjVQZjhMRm1UcGxGZmFEU2V6OUJuaApXYldYTWhWUy9welRYR1NSdm1MT1dzKzIzN015VTBvb08ySmN0cXZXNG1ZcEwzOHRBZ01CQUFHak1UQXZNQTRHCkExVWREd0VCL3dRRUF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdFd0RRWUoKS29aSWh2Y05BUUVMQlFBRGdnRUJBSVoyaDBISFBnWEFhNCtPQkN1K0NPWFllVVVmRDBjdU9DMlRlMHFnOGp CcApwOXNGZWJOdGRCVlRVVkdBaGplMGdJWERhMUd3UG8zTlh5d3JOeWVKckZwUUtLS1lKNzZvdGFyU3FwOHNJQTJXClFzQU15eGh5N2hVZlBYbWZaZ3RNbmVtYW9DdkF3Z0hyL2VYZTdwWjh4dGZ3L1QwRW9GZnl3SWZjQTNwUm5pVU4KK0lOMUZ2Y3BYaHpqVFpTUDUreUVBTGNGWFpNeTU1V2FUVUt5K3BzUjNwMWRFQmtMdUhCa1ZjcWM2VTA2dGtFKwpKZksxV3dFMDB2MHM5U0t2eUZwVGsyaUdHNUdoMllGdEpDdXRCOFRDd296eWFiVlYwaUh5RG5KVWZzY1B2Mld6CnZyNkIxVCtmUVQ4QWJuOXVhL1VTMG11am04cVdLd1pJT3R5RThHakVlbWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeURyR256bG9IQ1BJZlNsQmFQVzlZUjIvbTJZc3UwQzJUTE9Nb2hsWE8wVTcwL3FPCjJRNTdFSjZadGxxeC9uTS9nNzRvYUdCZnY0TU5hNTI5ZG9CSmJURFl5MnZxK0YzUW5aWXdQZnJmRnNmQVVsRjAKT0FHQng1U3J4T1R6TStnbVlkMnZoYUpFdUlDRjJ5QlpBSXI2WHhOZXF4MTNNWS94RTh6NHZkdU9Za21lT0xsNAo5TEJzL0FORnJMOElXUGtVcm1kN0FSUk5wRkJtREV4UUZ2K0FXTzNxeWJPNytzQzdzTm8xVGdyYjZESldRd0NNCnpvK3FYaC93SDc1RWdHY0Vzb3V3SDZtMkZ4NjdsTElRZVQzL0N4Wms2WlJYMmcwbnMvUVo0Vm0xbHpJVlV2NmMKMDF4a2tiNWl6bHJQdHQrek1sTktLRHRpWExhcjF1Sm1LUzkvTFFJREFRQUJBb0lCQVFDK0RYd0dHamxGckhsYQp3OVFBU25DTlErMWhGV1NVQUdLSS8wd1hlTEloNGg5ZG45QURHd21ZeHRIa0VzWXNYVHdHVW5LTVVCM1I3QlRLCjl4aWs2RFBKM3JtSXJGQ0ZtcGF2WGFWQXoyVDlmSENDTWlwOEZvSVc3SGoyRk5MN2kva1NuNWRBNHJzVDNYb3cKZWMzQkJDbU9JUmFVbVExUUQrNmwrc0tIZzJUc3lJSDYxS1JlaUhaMzJGT3VkWEdJTG5NN3hsdXdScE1CZkM2agpia205eGdMWEQ4bDh6RllZQTQvNGtmNFJtQmJySHB0c0t0QUYyekZxTjNLMnZhenJ6eEpXTGlkRnFFTVluODJyCkZUaTFGZW9QWURlS0haNkdlL2crdDAyemhCQm1aTUdCb2poKzFYeU4xK1NaM1RzaGFCRS9EN1pwdDFt TmI3ZmkKZVJEL2Mxa0pBb0dCQU9YV05DV0pLR2ZLRHlGWEU2TVdPTmg1MXZybzA5VUI0WFpLZ0I4Zk9mMVVqRUc0Sk42Ygp4enhOZ1JoMXBib3dqY0JaWEdVZGRYMENMRCtFY0NIZ0JvZm5FTjM1TUJGaEpkQWVmQXd3VUN0aW9zYjdxMzFmClhMWllDZEloUlNFSHJTSDVQUmgwaE1aZXpVMmdlTllobmlvVnVVWDE1SHNaUUhvNmtWWkNVeGJuQW9HQkFOOEYKeGtjYUlFalJRNkMvTnpHL0NPb3hpNk5pckVOL0t3WSt0QU5KZ09vYU9TV0YyY0NhYXhMR1pZNE5ZajJaR2NXMgpwcVh1aWlCTXFmYW9VeG1LdU0rS2xCdWdibjd6OEEzWWxzK1MrRkQxQjNIdlRkVmVGL3R6Z1ptczdiREdEU0x1ClI4U01uUVNNKytOSkhtenEzZk1QcEh6dmRTZCtLRzdKNjB5NWhEckxBb0dCQU43K240V3p0L0pMaDdhUFo4d2EKS1hsUGJaZndBbWR1OWJQeHdMRnhlTEFrTWhrcGN3eFJGRk9iMXg5R05rK2FBRTZaNVIxdUlhbnlTOEFzM1NiZwoxelZRcVhyVTVTQlhvM3B6dVdPU0ZKYWprcytCS3ZmdmFHSzZ0SHllTHhaRy9tSXlFbWNCMWprcGpnUTlLRUNLClNZMEhtc1VZT0dCL05hSGg1VlZOOEpRTkFvR0FNWnNHTkRCeWQ5L2I2L2c4SFp1Qkx4NGdFaEpUZ0p2YmhRTVQKWlJ2SFNjclZaU3cxZCtxZzRFY3l0WHJ5bkFMZXdhUlR3dHFnN0hoQTRiVWs3cXgxV094WTd5QXJFNS9NaURmaApxMy9rTFpXaXQwdmtBdzV2eFNVMjhXaU9ZZUJiY2FhUVhmNXN1bU5sYjNPSENmRGZ0ejJHZDZlSFptWmdOZXhCCm93b3NpQ3NDZ1lFQWtrVS96RUVwb3hzNW5ye DN2bWh3bTJKMjJXOVJDOFpRUFFja2l5eE8rc1NwbzN4aHVIVDIKak9abHF2U3JSdzdVeFFGc1pzdjhZSnhGaU9aVXZFamJXOU5hZWdDckYyYmt1T2FPdzRZWk1RTG5TM0p0VjkyVAozME41c0xwNFFZakhLUDcvRDRGb3pQaUJpR0ZMMGkzL3dOalZSdnRNNUdFYXJhanIzeUpIZTBFPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== kind: Secret metadata: creationTimestamp: "2021-08-25T03:46:44Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:cert: {} f:key: {} f:type: {} manager: ___Test_Client_in_base_infra_adapter_gateway_apisix.exe operation: Update time: "2021-08-25T03:46:44Z" name: grpc namespace: lgy resourceVersion: "4785075" selfLink: /api/v1/namespaces/lgy/secrets/grpc uid: f545174f-a1f9-465a-88e6-e33a1c0c2614 type: Opaque ```` apisix配置 ```` data: config.yaml: |- # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # apisix: node_listen: 9080 # APISIX listening port enable_heartbeat: true enable_admin: true enable_admin_cors: true enable_debug: false enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true. enable_ipv6: true config_center: etcd # etcd: use etcd to store the config value # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml` #proxy_protocol: # Proxy Protocol configuration # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin. # This port can only receive http request with proxy protocol, but node_listen & port_admin # can only receive http request. If you enable proxy protocol, you must use this port to # receive http request with proxy protocol # listen_https_port: 9182 # The port with proxy protocol for https # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server proxy_cache: # Proxy Caching configuration cache_ttl: 10s # The default caching time if the upstream does not specify the cache time zones: # The parameters of a cache - name: disk_cache_one # The name of the cache, administrator can be specify # which cache to use by name in the admin api memory_size: 50m # The size of shared memory, it's used to store the cache index disk_size: 1G # The size of disk, it's used to store the cache data disk_path: "/tmp/disk_cache_one" # The path to store the cache data cache_levels: "1:2" # The hierarchy levels of a cache # - name: disk_cache_two # memory_size: 50m # disk_size: 1G # disk_path: "/tmp/disk_cache_two" # cache_levels: "1:2" allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 127.0.0.1/24 - 0.0.0.0/0 # - "::/64" port_admin: 9180 # Default token when use API to call for Admin API. # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. # Disabling this configuration item means that the Admin API does not # require any authentication. admin_key: # admin: can everything for configuration data - name: "admin" key: edd1c9f034335f136f87ad84b625c8f1 role: admin # viewer: only can view configuration data - name: "viewer" key: 4054f7cf07e344346cd3f287985e76a2 role: viewer router: http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree) # radixtree_host_uri: match route by host + uri(base on radixtree) ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree) # dns_resolver: # # - 127.0.0.1 # # - 172.20.0.10 # # - 114.114.114.114 # # - 223.5.5.5 # # - 1.1.1.1 # # - 8.8.8.8 # dns_resolver_valid: 30 resolver_timeout: 5 ssl: enable: true enable_http2: true listen_port: 9443 ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" nginx_config: # config for render the template to genarate nginx.conf error_log: "/dev/stderr" error_log_level: "warn" # warn,error worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections event: worker_connections: 10620 http: access_log: "/dev/stdout" keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed underscores_in_headers: "on" # default enables the use of underscores in client request header fields real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from - 127.0.0.1 - 'unix:' #lua_shared_dicts: # add custom shared cache to nginx.conf # ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size` etcd: host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - "http://apisix-etcd.lgy.svc.cluster.local:2379"; prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds plugins: # plugin list - api-breaker - authz-keycloak - basic-auth - batch-requests - consumer-restriction - cors - echo - fault-injection - grpc-transcode - hmac-auth - http-logger - ip-restriction - jwt-auth - kafka-logger - key-auth - limit-conn - limit-count - limit-req - node-status - openid-connect - prometheus - proxy-cache - proxy-mirror - proxy-rewrite - redirect - referer-restriction - request-id - request-validation - response-rewrite - serverless-post-function - serverless-pre-function - sls-logger - syslog - tcp-logger - udp-logger - uri-blocker - wolf-rbac - zipkin - traffic-split stream_plugins: - mqtt-proxy kind: ConfigMap ```` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
