AWS上的Kubernetes 1.4 SSL终止 [英] Kubernetes 1.4 SSL Termination on AWS

问题描述

我有6个HTTP微服务.目前，它们以疯狂的bash/自定义部署工具设置(dokku，mup)运行.

我对它们进行了docker化，并转移到AWS上的kubernetes(使用kop进行设置).最后一步是转换我的nginx配置.

我想要

1. 所有6个均具有SSL终止(不在docker映像中)
2. 4需要web套接字和客户端IP会话关联性(Meteor，Socket.io)
3. 5个需要http-> https转发
4. 1在http和https上提供相同的内容

我做了1. SSL终止，使用AWS特定注释将服务类型设置为LoadBalancer和 .这样就创建了AWS负载均衡器，但这似乎是其他要求的死胡同.

我查看了Ingress，但看不到如何在AWS上进行操作.这个 Ingress Controller 可以在AWS上工作吗?

每个吊舱中都需要Nginx控制器吗? 这看起来很有趣，但是我不确定它是最近/相关的.

我不确定该从哪个方向开始.什么会起作用?

迈克

解决方案

您应该可以使用 SSL终止

Websocket支持

http-> https

按照上面的链接中所述关闭http-> https重定向

自述文件将引导您逐步进行设置，并且有很多示例.

完成这项工作所需的基本要素是:

• 将响应的默认后端没有匹配的Ingress规则时使用404
• nginx入口控制器监视您的入口规则，并在更改时重写/重新加载nginx.conf.
• 一个或多个入口规则描述如何将流量路由到您的服务.

最终结果是，您将拥有一个与您的nginx入口控制器服务相对应的ELB，而后者又负责根据指定的入口规则路由到您的各个服务.

I have 6 HTTP micro-services. Currently they run in a crazy bash/custom deploy tools setup (dokku, mup).

I dockerized them and moved to kubernetes on AWS (setup with kop). The last piece is converting my nginx config.

I'd like

1. All 6 to have SSL termination (not in the docker image)
2. 4 need websockets and client IP session affinity (Meteor, Socket.io)
3. 5 need http->https forwarding
4. 1 serves the same content on http and https

I did 1. SSL termination setting the service type to LoadBalancer and using AWS specific annotations. This created AWS load balancers, but this seems like a dead end for the other requirements.

I looked at Ingress, but don't see how to do it on AWS. Will this Ingress Controller work on AWS?

Do I need an nginx controller in each pod? This looked interesting, but I'm not sure how recent/relevant it is.

I'm not sure what direction to start in. What will work?

Mike

解决方案

You should be able to use the nginx ingress controller to accomplish this.

1. SSL termination
2. Websocket support
3. http->https
4. Turn off the http->https redirect, as described in the link above

The README walks you through how to set it up, and there are plenty of examples.

The basic pieces you need to make this work are:

• A default backend that will respond with 404 when there is no matching Ingress rule
• The nginx ingress controller which will monitor your ingress rules and rewrite/reload nginx.conf whenever they change.
• One or more ingress rules that describe how traffic should be routed to your services.

The end result is that you will have a single ELB that corresponds to your nginx ingress controller service, which in turn is responsible for routing to your individual services according to the ingress rules specified.

这篇关于AWS上的Kubernetes 1.4 SSL终止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！