我目前正在尝试按照ssl-termination方法创建入口,这允许我通过http和https连接到服务。 我设法为http创建了一个工作入口,部分用于https,但不是两者都在一起..
继承我的配置
Ingress Controller:部署&服务
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
replicas: 1
revisionHistoryLimit: 3
template:
metadata:
labels:
k8s-app: nginx-ingress-lb
spec:
containers:
- args:
- /nginx-ingress-controller
- "--default-backend-service=$(POD_NAMESPACE)/default-http-backend"
env:
<!-- default-config ommitted -->
image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0-beta.17"
imagePullPolicy: Always
livenessProbe:
<!-- omitted -->
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
volumeMounts:
- mountPath: /etc/nginx-ssl/tls
name: tls-vol
terminationGracePeriodSeconds: 60
volumes:
- name: tls-vol
secret:
secretName: tls-test-project-secret
---
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: http
nodePort: 31115
- name: https
port: 443
targetPort: https
nodePort: 31116
selector:
k8s-app: nginx-ingress-lb
入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/secure-backends: "false"
# modified this to false for http & https-scenario
ingress.kubernetes.io/ssl-redirect: "true"
# modified this to false for http & https-scenario
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/add-base-url: "true"
spec:
tls:
- hosts:
- author.k8s-test
secretName: tls-test-project-secret
rules:
- host: author.k8s-test
http:
paths:
- path: /
backend:
serviceName: cms-author
servicePort: 8080
后端 - 服务
apiVersion: v1
kind: Service
metadata:
name: cms-author
spec:
selector:
run: cms-author
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
后端部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: cms-author
spec:
selector:
matchLabels:
run: cms-author
replicas: 1
template:
metadata:
labels:
run: cms-author
spec:
containers:
- name: cms-author
image: <someDockerRegistryUrl>/magnolia:kube-dev
imagePullPolicy: Always
ports:
- containerPort: 8080
我有几个问题,在接下来的https场景时,我可以通过入口https nodePort到达应用程序,但无法登录,因为后续请求通过http而不是https进行..如果我在网址之前手动设置https在浏览器中,它再次工作,任何进一步的请求都通过https。但我不知道为什么:(
最终设置(支持http和https)完全不起作用,好像我尝试通过Ingress的http-nodePort访问应用程序,它总是重定向到ssl,但在这种情况下,我配置为ssl-redirect到是假的,但仍然没有用。
答案 0 :(得分:1)
通过设置helm参数controller.service.targetPorts.https
和controller.service.nodePorts.https
,从官方kubernetes图表仓库https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress部署nginx入口控制器。设置完成后,将通过helm配置相应的NodePort
(443
)。
Helm使用https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress/templates中的YAML文件。
与nginx入口控制器一起,您也需要入口资源。有关示例,请参阅https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example。