Kubernetes |公开HTTPS服务

时间:2019-12-14 18:57:18

标签: ssl tomcat kubernetes https

我是Kubernetes平台的新手,试图启用HTTPS安全连接到Kubernetes平台中部署的tomcat Web应用程序。我对manifest.yml与部署,服务和入口控制器有关感到困惑。 

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-webapp
spec:
  selector:
    matchLabels:
      app: tomcat-webapp
  replicas: 1
  template:
    metadata:
      labels:
        app: tomcat-webapp
    spec:
      containers:
        - name: tomcat-webapp
          image: registry.central/*****
          imagePullPolicy: Always
          securityContext:
            runAsUser: 13113
            runAsGroup: 602
          ports:
            - containerPort: 8080
          env:
            - name: JAVA_OPTS
              value: "-Xms128M -Xmx256M -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=256m"
            - name: CATALINA_OPTS
              value: "-Djavax.net.ssl.trustStore=/opt/apache-tomcat-8.5.32/webapps/ROOT/tomcat.jks -Djavax.net.ssl.trustStorePassword=****"
---
apiVersion: v1
kind: Service
metadata:
  name: tomcat-webapp
  labels:
    app: tomcat-webapp
spec:
  ports:
    - port: 80
      targetPort: 8080
      #nodePort: 30010
      protocol: TCP
      name: http
  selector:
    app: tomcat-webapp
---
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat-webapp
spec:
  rules:
    - host: "tomcat-webapp.apps.net"
      http:
        paths:
          - path: /
            backend:
              serviceName: tomcat-webapp
              servicePort: 80
  tls:
    - hosts:
        # dont forget to update this url too
        - "tomcat-webapp.apps.net"

所以我还必须在部署(在端口:-containerPort:8080下)服务中指定端口8443(Https端口)(例如端口:-端口:80 targetPort:8080协议:TCP名称:http)和入口(在下面) backend:serviceName:tomcat-webapp servicePort:80)吗?

1 个答案:

答案 0 :(得分:0)

保持简单:

apiVersion: v1
kind: Service
metadata:
  name: tomcat-webapp
  labels:
    app: tomcat-webapp
spec:
  ports:
    - port: 8080
  selector:
    app: tomcat-webapp
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat-webapp
spec:
  rules:
    - host: "tomcat-webapp.apps.net"
      http:
        paths:
          - path: /
            backend:
              serviceName: tomcat-webapp
              servicePort: 8080
  tls:
    - hosts:
        - "tomcat-webapp.apps.net"`

据我从您的Deployment配置了解,您的Java应用程序在端口8080上运行,并期望https流量。这不适用于上述Ingress配置-您的Java应用程序应在端口8080上侦听并期望http流量。

如果您确实希望Java应用程序侦听HTTPS,则可以通过以下方式配置Ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat-webapp
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
... # the rest is the same
相关问题
最新问题