如何在GKE上为Kubernetes入口强制使用SSL [英] How to force SSL for Kubernetes Ingress on GKE

问题描述

是否有一种方法可以强制对入口负载均衡器上的传入连接进行SSL升级?或者，如果无法实现，我可以禁用端口:80吗?我没有在YAML文件中找到概述此类选择的良好文档页面.提前非常感谢！

Is there a way to force an SSL upgrade for incoming connections on the ingress load-balancer? Or if that is not possible with, can I disable port :80? I haven't found a good documentation pages that outlines such an option in the YAML file. Thanks a lot in advance!

推荐答案

https://github.com/kubernetes/ingress-gce#frontend-https

您可以通过注释kubernetes.io/ingress.allow-http: "false"阻止HTTP，也可以通过指定自定义后端将HTTP重定向到HTTPS.不幸的是，GCE尚未直接为您处理L7层上的重定向或重写. (请参见 https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https )

You can block HTTP through the annotation kubernetes.io/ingress.allow-http: "false" or redirect HTTP to HTTPS by specifying a custom backend. Unfortunately GCE doesn't handle redirection or rewriting at the L7 layer directly for you, yet. (see https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https)

更新: GCP现在可以处理负载平衡器的重定向规则，包括HTTP到HTTPS .似乎还没有一种方法可以通过Kubernetes YAML创建它们.

Update: GCP now handles redirection rules for load balancers, including HTTP to HTTPS. There doesn't appear to be a method to create these through Kubernetes YAML yet.

这篇关于如何在GKE上为Kubernetes入口强制使用SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！