在GKE上通过"https"在自定义端口上公开服务 [英] Expose service on custom port via `https` on GKE
问题描述
我是Kubernetes的新手(具体来说是GKE),这是我的第三周,所以请耐心等待.
I am new to Kubernetes (GKE to be specific), this is my third week, so bare with me.
我受命像这样通过https
公开statefulset
:
I've been tasked to expose a statefulset
via https
like this:
- https://example.com/whateva -> service:8080 (+Google Cloud CDN)
- https://example.com:5001 -> service:9095
我已经尝试了一个星期.在印象中,这一要求是很直接的吗?谁能指出我正确的方向?
I have been trying for a week now. It was under the impression that this requirement was pretty straight forward? Can anyone point me in the right direction?
问题:
- 我想使用Google云中的
managedcertificate
但似乎不可能吗? -
ingress
的哪些实现能够在提供可理解的文档的同时实现这一目标?
- I would like to use the
managedcertificate
from the google cloud but it seems that's not possible? - Which
ingress
implementation is capable of achieving this while providing understandable documentation?
推荐答案
ingress
创建一个L7/HTTP/HTTPS负载均衡器,该负载均衡器只能在TCP端口443上转发HTTPS.唯一可以转发端口5001的负载均衡器是网络TCP/UDP类型.网络负载平衡器不会终止ssl/tls,因此不能使用managedcertificate
. tls连接将传递到群集中的Pod,必须在其中提供证书和密钥才能处理tls连接.
The ingress
creates an L7/HTTP/HTTPS load balancer which can only forward HTTPS on tcp port 443. The only load balancer that will forward port 5001 is the Network TCP/UDP type. The network load balancers will not terminate ssl/tls so a managedcertificate
can not be used. The tls connection is passed through to pods in your cluster where the certificate and key must be present to handle the tls connections.
这篇关于在GKE上通过"https"在自定义端口上公开服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!