仪表板的入口配置 [英] ingress configuration for dashboard
问题描述
我从 github 做了nginx入口控制器教程.和 暴露的kubernetes仪表板
I did nginx ingress controller tutorial from github and exposed kubernetes dashboard
kubernetes-dashboard NodePort 10.233.53.77 <none> 443:31925/TCP 20d
创建的入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
nginx.org/ssl-backends: "kubernetes-dashboard"
kubernetes.io/ingress.allow-http: "false"
name: dashboard-ingress
namespace: kube-system
spec:
tls:
- hosts:
- serverdnsname
secretName: kubernetes-dashboard-certs
rules:
- host: serverdnsname
http:
paths:
- path: /dashboard
backend:
serviceName: kubernetes-dashboard
servicePort: 443
ingress-nginx ingress-nginx NodePort 10.233.21.200 <none> 80:30827/TCP,443:32536/TCP 5h
https://serverdnsname:32536/dashboard 但是仪表板抛出错误
https://serverdnsname:32536/dashboard but dashboard throws error
2018/01/18 14:42:51 http: TLS handshake error from ipWhichEndsWith.77:52686: tls: first record does not look like a TLS handshake
和入口控制器日志
2018/01/18 14:42:51 [error] 864#864: *37 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 10.233.82.1, server: serverdnsname, request: "GET /dashboard HTTP/2.0", upstream: "http://ipWhichEndsWith.249:8443/dashboard", host: "serverdnsname:32536"
10.233.82.1 - [10.233.82.1] - - [18/Jan/2018:14:42:51 +0000] "GET /dashboard HTTP/2.0" 009 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 OPR/49.0.2725.64" 25 0.001 [kube-system-kubernetes-dashboard-443] ipWhichEndsWith.249:8443 7 0.001 200
在我看来,这与Nginx重定向到上游有关:" http://ipWhichEndsWith.249:8443/dashboard ". 尝试将控制器映像版本更新为0.9.0-beta.19-没有帮助
On my mind it is related with nginx redirection to upstream: "http://ipWhichEndsWith.249:8443/dashboard" . tried to update controller image version to 0.9.0-beta.19 - didnt help
谢谢您的帮助.
推荐答案
看起来nginx正在使用http
作为协议,将https请求代理到HTTPS端点ipWhichEndsWith.249:8443
.
As you pointed out, looks like nginx is proxying your https request to ipWhichEndsWith.249:8443
, which is an HTTPS endpoint, using http
as protocol.
您应在PodSpec中添加以下注释:
You should add the following annotation to your PodSpec:
最新
添加了此注释以替换从0.18.0开始不推荐使用的注释
This annotation was added to replace the deprecated annotation since 0.18.0
#2871 添加对AJP协议的支持
#2871 Add support for AJP protocol
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
已弃用
此注释在0.18.0中已弃用,并在发布以下版本后将其删除 0.20.0
This annotation was deprecated in 0.18.0 and removed after the release of 0.20.0
#3203 删除已弃用的注释grpc-backend和secure-backend
#3203 Remove annotations grpc-backend and secure-backend already deprecated
nginx.ingress.kubernetes.io/secure-backends: "true"
这应该使nginx使用https将您的请求转发到Pod.
This should make nginx forward your request to the pods with https.
来源:文档: https://kubernetes .github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#backend-protocol
这篇关于仪表板的入口配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!