如何在kubernetes应用程序上获取ssl? [英] How to get ssl on a kubernetes application?
本文介绍了如何在kubernetes应用程序上获取ssl?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在kubernetes上部署了一个简单的流星应用程序,
我已将服务器暴露给外部IP地址。
因此可以从群集中访问
现在我将它暴露给互联网并保护它(使用https协议),
i无法弄清楚...
任何人都可以给出简单的指示部分?
I have a simple meteor app deployed on kubernetes,
I had expose the server to an external IP address.
so it is accessible from within the cluster
Now i am up to exposing it to the internet and securing it (using https protocol),
i cant figure it out...
Can anyone give simple instructions for this section?
推荐答案
在我看来 kube-lego 是GKE的最佳解决方案。了解原因:
In my opinion kube-lego is the best solution for GKE. See why:
- 使用让我们加密作为CA
- 全自动注册和续订
- 单个ConfigMap对象中的最小配置
- 适用于 nginx-ingress-controller (参见示例)
- 使用 GKE的HTTP负载均衡器(参见示例)
- 完全支持多个域,包括在一个IP上虚拟托管多个https站点(使用nginx -ingress-controller的SNI支持)
- Uses Let's Encrypt as a CA
- Fully automated enrollment and renewals
- Minimal configuration in a single ConfigMap object
- Works with nginx-ingress-controller (see example)
- Works with GKE's HTTP Load Balancer (see example)
- Multiple domains fully supported, including virtual hosting multiple https sites on one IP (with nginx-ingress-controller's SNI support)
示例配置(就是这样!):
Example configuration (that's it!):
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-lego
namespace: kube-lego
data:
lego.email: "your@email"
lego.url: "https://acme-v01.api.letsencrypt.org/directory"
示例Ingress(您可以创建更多这些):
Example Ingress (you can create more of these):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: site1
annotations:
# remove next line if not using nginx-ingress-controller
kubernetes.io/ingress.class: "nginx"
# next line enable kube-lego for this Ingress
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- site1.com
- www.site1.com
- site2.com
- www.site2.com
secretName: site12-tls
rules:
...
这篇关于如何在kubernetes应用程序上获取ssl?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文