如何在GKE上为Kubernetes入口强制使用SSL [英] How to force SSL for Kubernetes Ingress on GKE
问题描述
是否有一种方法可以强制对入口负载均衡器上的传入连接进行SSL升级?或者,如果无法实现,我可以禁用端口:80吗?我没有在YAML文件中找到概述此类选择的良好文档页面.提前非常感谢!
Is there a way to force an SSL upgrade for incoming connections on the ingress load-balancer? Or if that is not possible with, can I disable port :80? I haven't found a good documentation pages that outlines such an option in the YAML file. Thanks a lot in advance!
推荐答案
https://github.com/kubernetes/ingress-gce#frontend-https
您可以通过注释kubernetes.io/ingress.allow-http: "false"
阻止HTTP,也可以通过指定自定义后端将HTTP重定向到HTTPS.不幸的是,GCE尚未直接为您处理L7层上的重定向或重写. (请参见 https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https )
You can block HTTP through the annotation kubernetes.io/ingress.allow-http: "false"
or redirect HTTP to HTTPS by specifying a custom backend. Unfortunately GCE doesn't handle redirection or rewriting at the L7 layer directly for you, yet. (see https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https)
更新: GCP现在可以处理负载平衡器的重定向规则,包括HTTP到HTTPS .似乎还没有一种方法可以通过Kubernetes YAML创建它们.
Update: GCP now handles redirection rules for load balancers, including HTTP to HTTPS. There doesn't appear to be a method to create these through Kubernetes YAML yet.
这篇关于如何在GKE上为Kubernetes入口强制使用SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!