Kubernetes服务-带有HTTPS的负载均衡器 [英] Kubernetes service - Loadbalancer with HTTPS

问题描述

我正在使用带有服务的kubernetes作为ClusterIP，并将入口置于服务的前面，以将其公开给Kubernetes集群之外.

I am using kubernetes with service as ClusterIP and placing ingress in front of the service to expose this to outside the Kubernetes cluster.

使用https运行入口并使其成为https，我创建了秘密并在入口中使用了该秘密.

Running ingress with https and to make it https, I created the secret and using the same in ingress.

kubectl创建秘密tls测试秘密--key密钥--cert证书

kubectl create secret tls test-secret --key key --cert cert

在我们的kubernetes集群中使用netscalar，因此，我能够将X-Forward-For，会话亲和力，负载均衡算法与入口一起使用.

Using netscalar in our kubernetes cluster and hence, I am able to use X-Forward-For, Session affinity, Load balancing algoritms along with ingress.

现在，尝试将服务类型设置为LoadBalancer，这样我就不必进入了.我知道，服务类型的loadbalancer提供了L4-loadbalancer，因此在load balancer中将没有会话亲和性功能.既然，对一些服务没关系，我正在尝试使用它.

Now, trying to make the service type as LoadBalancer so that I dont have to have ingress. I know, service type loadbalancer provides L4-loadbalancer and hence there wont be session affinity feature in the load balancer. Since, it is ok for few services, I am trying to use this.

试图使服务成为HTTPS，我遇到了

Trying to make the service HTTPS and I came across,

https://kubernetes. io/docs/concepts/services-networking/connect-applications-service/#securing-the-service

在这里，我们创建tls secret并使用部署部分而不是服务部分中的引用.不知道它是如何工作的.此外，当我在 https://servicename.namespace.svc.XXXXX.com 时，浏览器收到证书错误.

Here, we create tls secret and using the reference in the deployment section and not in the service section. Not sure how it works. Also, When i use https://servicename.namespace.svc.XXXXX.com in the browser getting the cert error.

我的应用程序以https身份运行，并且需要属性文件(例如，

My application is running as https and it needs keystore and truststore in a property file like,

ssl.trustore = PATH_TO_THE_FILE ssl.keystore = PATH_TO_THE_FILE

ssl.trustore=PATH_TO_THE_FILE ssl.keystore=PATH_TO_THE_FILE

我很困惑，如何使服务类型为loadbalancer https?

I am confused, How can i make the service type loadbalancer https?

推荐答案

您回答了自己，但您没有意识到.

You answered yourself, but you didn't realize it.

正如您所说的，LoadBalancer类型服务创建一个L4负载平衡器. L4负载平衡器了解源IP:端口和目标IP:端口，但是他们不了解应用程序层上的任何内容.

As you well said, LoadBalancer type service creates a L4 load balancer. L4 load balancers are aware about source IP:port and destination IP:port, but they are not aware about anything on the application layer.

HTTP/HTTPS负载平衡器位于L7上，因此它们可以识别应用程序.

HTTP/HTTPS load balancers are on L7, therefor they are application aware.

因此，基本上，您无法从Loadbalancer类型的服务中获得HTTPS负载均衡器.您希望它是一个入口.

So, basically you can't get a HTTPS load balancer from a Loadbalancer type service. You want it to be an ingress.

这篇关于Kubernetes服务-带有HTTPS的负载均衡器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！