如何配置入口以使用https将流量定向到https后端 [英] how to configure ingress to direct traffic to an https backend using https
问题描述
我有一个使用https的后端. 我想根据URL/路径将后端的负载分开.
I have a backend using https. I want to separate load on that back-end based on URL/path.
我决定使用Ingress来执行基于url/path的逻辑,以将流量移至不同的后端(相同的后端,只是复制到不同的NodePorts)
I decided to use ingress to do this url/path based logic in order to move traffic to different back-ends ( same back-ends , just duplicated to different NodePorts )
我的问题是我如何配置入口以接收https请求并将这些https请求转发到https后端?
my question is how I can configure the ingress to receive https requests and to forward those https requests to the https back-end?
谢谢
我添加了yaml文件:
edit: I added the yaml file:
spec:
rules:
- http:
paths:
- backend:
serviceName: service
servicePort: 9443
path: /carbon
- backend:
serviceName: service2
servicePort: 9443
path: /oauth
由于某种原因,我无法将规则形式的http更改为https
for some reason I can;t change the rule form http to https
推荐答案
If you want to use load balancing mechanisms in k8s you should use services instead and start multiple instances behind that service that way k8s will do the load balancing. If you want to use different versions of your backend (e.g. prod and test) your way of separating them is fine
如果仅通过https可以访问您的服务,则需要在入口Yaml中添加以下注释:(
if your service is only reachable via https you need to add the following annotation to your ingress yaml: (documentation)
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
要确保自身的安全进入,请查看以下内容: https://kubernetes .io/docs/concepts/services-networking/ingress/#tls
To secure ingress itself take a look at this: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
But if you want that the backend services decrypt the TLS communication use the following annotation instead: (documentation)
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
如果您想通过TLS到达后端,则Ingress YAML应该如下所示:
The Ingress YAML should look like this if you want to reach the backend via TLS:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-name
namespace: namespace-name
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- http:
paths:
- backend:
serviceName: service
servicePort: 9443
path: /carbon
- backend:
serviceName: service2
servicePort: 9443
path: /oauth
如果您想在入口控制器中通过具有TLS解密功能的TLS通过TLS到达后端,则Ingress YAML应该如下所示:
The Ingress YAML should look like this if you want to reach the backend via TLS with TLS decryption in the ingress controller:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-name
namespace: namespace-name
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
tls:
- hosts:
- app.myorg.com
secretName: tls-secret
rules:
- http:
paths:
- backend:
serviceName: service
servicePort: 9443
path: /carbon
- backend:
serviceName: service2
servicePort: 9443
path: /oauth
请务必注意,tls-secret是SecretConfig的名称,其中已为主机(app.myorg.com)颁发了有效的证书
It's important to note that tls-secret is the name of a SecretConfig with a valid Certificate issued for the host (app.myorg.com)
如果您想通过TLS并在后端进行TLS解密的TLS到达后端,则Ingress YAML应该看起来像这样:
The Ingress YAML should look like this if you want to reach the backend via TLS with TLS decryption in the backend:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-name
namespace: namespace-name
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- http:
paths:
- backend:
serviceName: service
servicePort: 9443
path: /carbon
- backend:
serviceName: service2
servicePort: 9443
path: /oauth
我从来没有亲自测试过最新版本,所以我不知道这是否真的有效,但是我强烈建议您阅读
I never tested the last version myself so i don't know if that actually works but I'd strongly advise reading this passage for that variant.
这篇关于如何配置入口以使用https将流量定向到https后端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
