为nginx-ingress配置http(s)时遇到问题

时间:2018-02-08 15:57:08

标签: ssl nginx https kubernetes

我目前正在尝试按照ssl-termination方法创建入口,这允许我通过http和https连接到服务。 我设法为http创建了一个工作入口,部分用于https,但不是两者都在一起..

继承我的配置

Ingress Controller:部署&服务

apiVersion: extensions/v1beta1
kind: Deployment
metadata: 
  name: nginx-ingress-controller
spec: 
  replicas: 1
  revisionHistoryLimit: 3
  template: 
  metadata: 
    labels: 
      k8s-app: nginx-ingress-lb
  spec: 
    containers: 
      - args: 
          - /nginx-ingress-controller
          - "--default-backend-service=$(POD_NAMESPACE)/default-http-backend"
        env: 
           <!-- default-config ommitted -->
        image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.17"
        imagePullPolicy: Always
        livenessProbe: 
            <!-- omitted -->
        name: nginx-ingress-controller
        ports: 
          - containerPort: 80
            name: http
            protocol: TCP
          - containerPort: 443
            name: https
            protocol: TCP
        volumeMounts: 
          - mountPath: /etc/nginx-ssl/tls
            name: tls-vol
    terminationGracePeriodSeconds: 60
    volumes: 
      - name: tls-vol
        secret: 
          secretName: tls-test-project-secret
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
spec:
type: NodePort
ports:
- name: http
  port: 80
  targetPort: http
  nodePort: 31115
- name: https
  port: 443
  targetPort: https
  nodePort: 31116
selector:
  k8s-app: nginx-ingress-lb

入口

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/secure-backends: "false"

    # modified this to false for http & https-scenario
    ingress.kubernetes.io/ssl-redirect: "true"

    # modified this to false for http & https-scenario
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/add-base-url: "true"  
spec:
  tls:
   - hosts:
     - author.k8s-test
     secretName: tls-test-project-secret
  rules:
  - host: author.k8s-test
    http:  
      paths:
      - path: / 
        backend:
          serviceName: cms-author
          servicePort: 8080

后端 - 服务

apiVersion: v1
kind: Service
metadata:
  name: cms-author
spec:
  selector:
    run: cms-author
  ports:
  - name: http
    protocol: TCP
    port: 8080
    targetPort: 8080

后端部署:

 apiVersion: apps/v1
 kind: Deployment
 metadata:
    name: cms-author
 spec:
   selector:
     matchLabels:
       run: cms-author
   replicas: 1
   template:
     metadata:
       labels:
         run: cms-author
     spec:       
       containers:
       - name: cms-author
         image: <someDockerRegistryUrl>/magnolia:kube-dev
       imagePullPolicy: Always       
      ports:
       - containerPort: 8080      

我有几个问题,在接下来的https场景时,我可以通过入口https nodePort到达应用程序,但无法登录,因为后续请求通过http而不是https进行..如果我在网址之前手动设置https在浏览器中,它再次工作,任何进一步的请求都通过https。但我不知道为什么:(

最终设置(支持http和https)完全不起作用,好像我尝试通过Ingress的http-nodePort访问应用程序,它总是重定向到ssl,但在这种情况下,我配置为ssl-redirect到是假的,但仍然没有用。

  • 我在github上看过很多帖子,处理过这个问题,但是没有一个帖子适合我
  • 我已将ggin_containers中的nginx-controller映像更改为quay.io,也无法正常工作
  • 我尝过了一些旧版本,也没用。

1 个答案:

答案 0 :(得分:1)

通过设置helm参数controller.service.targetPorts.httpscontroller.service.nodePorts.https,从官方kubernetes图表仓库https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress部署nginx入口控制器。设置完成后,将通过helm配置相应的NodePort443)。

Helm使用https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress/templates中的YAML文件。

与nginx入口控制器一起,您也需要入口资源。有关示例,请参阅https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example