在Nginx Ingress中使用自签名证书 [英] Using self-signed certificates in nginx Ingress
问题描述
我正在将服务迁移到minikube上的kubernetes集群中,这些服务需要加载时具有自签名证书,通过NodePort访问该服务的工作原理非常完美,并且需要浏览器中的证书(如下图所示),但是可以通过入口进行访问主机(该域在/etc/hosts中本地修改)为我提供了Acme的Kubernetes入口控制器伪证书,并跳过了我的自签名证书,没有任何消息.
I'm migrating services into a kubernetes cluster on minikube, these services require a self-signed certificate on load, accessing the service via NodePort works perfectly and demands the certificate in the browser (picture below), but accessing via the ingress host (the domain is modified locally in /etc/hosts) provides me with a Kubernetes Ingress Controller Fake Certificate by Acme and skips my self-signed cert without any message.
应该在应用内部而不是在Ingress中对SSL进行解密,并且tls-acme:"false"应被解密.标记不起作用,仍然会给我伪造的证书
The SSLs should be decrypted inside the app and not in the Ingress, and the tls-acme: "false" flag does not work and still gives me the fake cert
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# decryption of tls occurs in the backend service
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/tls-acme: "false"
spec:
rules:
- host: admin.domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: admin-service
port:
number: 443
在登录时应在加载前显示以下内容:
when signing in it should show the following before loading:
minikube版本:v1.15.1
minikube version: v1.15.1
kubectl版本:1.19
kubectl version: 1.19
使用ingress-nginx 3.18.0
using ingress-nginx 3.18.0
推荐答案
The problem turned out to be a bug on Minikube, and also having to enable ssl passthrough in the nginx controller (in addition to the annotation) with the flag --enable-ssl-passthrough=true
.
I was doing all my cluster testing on a Minikube cluster version v1.15.1 with kubernetes v1.19.4 where ssl passthrough failed, and after following the guidance in the ingress-nginx GitHub issue, I discovered that the issue didn't replicate in kind, so I tried deploying my app on a new AWS cluster (k8 version 1.18) and everything worked great.
这篇关于在Nginx Ingress中使用自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!