在GKE上通过"https"在自定义端口上公开服务 [英] Expose service on custom port via `https` on GKE

问题描述

我是Kubernetes的新手(具体来说是GKE)，这是我的第三周，所以请耐心等待.

I am new to Kubernetes (GKE to be specific), this is my third week, so bare with me.

我受命像这样通过https公开statefulset:

I've been tasked to expose a statefulset via https like this:

- https://example.com/whateva -> service:8080 (+Google Cloud CDN)
- https://example.com:5001    -> service:9095

我已经尝试了一个星期.在印象中，这一要求是很直接的吗?谁能指出我正确的方向?

I have been trying for a week now. It was under the impression that this requirement was pretty straight forward? Can anyone point me in the right direction?

问题:

• 我想使用Google云中的managedcertificate 但似乎不可能吗?
• ingress的哪些实现能够在提供可理解的文档的同时实现这一目标?

• I would like to use the managedcertificate from the google cloud but it seems that's not possible?
• Which ingress implementation is capable of achieving this while providing understandable documentation?

推荐答案

ingress创建一个L7/HTTP/HTTPS负载均衡器，该负载均衡器只能在TCP端口443上转发HTTPS.唯一可以转发端口5001的负载均衡器是网络TCP/UDP类型.网络负载平衡器不会终止ssl/tls，因此不能使用managedcertificate. tls连接将传递到群集中的Pod，必须在其中提供证书和密钥才能处理tls连接.

The ingress creates an L7/HTTP/HTTPS load balancer which can only forward HTTPS on tcp port 443. The only load balancer that will forward port 5001 is the Network TCP/UDP type. The network load balancers will not terminate ssl/tls so a managedcertificate can not be used. The tls connection is passed through to pods in your cluster where the certificate and key must be present to handle the tls connections.

这篇关于在GKE上通过"https"在自定义端口上公开服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！