在 Azure 子域上通过 https 访问 docker 容器 [英] Accessing docker container over https on Azure subdomain
问题描述
作为一项实验,我尝试使用 Azure 容器服务和 Kubernetes 作为协调器在 Azure 上运行 docker 容器.我正在运行官方的 nginx 映像.以下是我正在采取的步骤:
<代码>az group create --name test-group --location westusaz acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys
我使用 Kompose 从 docker compose 文件创建了 Kubernetes 部署和服务文件.
部署文件<代码>apiVersion: 扩展/v1beta1种类:部署元数据:注释:kompose.service.type:负载均衡器创建时间戳:空标签:io.kompose.service:测试名称:测试规格:复制品:1战略: {}模板:元数据:创建时间戳:空标签:io.kompose.service:测试规格:容器:- 图像:nginx:最新名称:测试端口:- 容器端口:80资源: {}重启策略:始终地位: {}
服务文件<代码>api版本:v1种类:服务元数据:注释:kompose.service.type:负载均衡器创建时间戳:空标签:io.kompose.service:测试名称:测试规格:端口:- 名称:80"端口:80目标端口:80选择器:io.kompose.service:测试类型:负载均衡器地位:负载均衡器:{}
然后我就可以开始一切了:
<代码>kubectl create -f test-service.yaml,test-deployment.yaml
一旦暴露了一个 IP,我就会为它分配一个 dns 前缀,这样我就可以像这样访问我正在运行的容器:http://nginx-test.westus.cloudapp.azure.com/.
我的问题是,如何使用 https 访问该服务?在 https://nginx-test.westus.cloudapp.azure.com/
我不认为我应该为 https 配置 nginx,因为证书不是我的.我已尝试更改负载平衡器以将 443 流量发送到端口 80,但收到超时错误.
我尝试在 Kubernetes 服务配置中将端口 443 映射到端口 80.
<代码>端口:- 名称:443"端口:443目标端口:80
但这会导致:
<代码>SSL 对等方不希望收到握手消息.错误代码:SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
如何在
As an experiment I'm trying to run a docker container on Azure using the Azure Container Service and Kubernetes as the orchestrator. I'm running the official nginx image. Here are the steps I am taking:
az group create --name test-group --location westus
az acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys
I created Kubernetes deployment and service files from a docker compose file using Kompose.
deployment file
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: test
spec:
containers:
- image: nginx:latest
name: test
ports:
- containerPort: 80
resources: {}
restartPolicy: Always
status: {}
service file
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
ports:
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: test
type: LoadBalancer
status:
loadBalancer: {}
I can then start everything up:
kubectl create -f test-service.yaml,test-deployment.yaml
Once an IP has been exposed I assign a dns prefix to it so I can access my running container like so: http://nginx-test.westus.cloudapp.azure.com/.
My question is, how can I access the service using https? At https://nginx-test.westus.cloudapp.azure.com/
I don't think I'm supposed to configure nginx for https, since the certificate is not mine. I've tried changing the load balancer to send 443 traffic to port 80, but I receive a timeout error.
I tried mapping port 443 to port 80 in my Kubernetes service config.
ports:
- name: "443"
port: 443
targetPort: 80
But that results in:
SSL peer was not expecting a handshake message it received. Error code: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
How can I view my running container at https://nginx-test.westus.cloudapp.azure.com/?
If I understand it correctly, I think you are looking for Nginx Ingress controller
.
If we need TLS termination on Kubernetes, we can use ingress controller, on Azure we can use Nginx Ingress controller
.
To archive this, we can follow those steps:
1 Deploy the Nginx Ingress controller
2 Create TLS certificates
3 Deploy test http service
4 configure TLS termination
More information about configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure, please refer to this blog.
root@k8s-master-6F403744-0:~/ingress/examples/deployment/nginx# kubectl get services --namespace kube-system -w
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend 10.0.113.185 <none> 80/TCP 42m
heapster 10.0.4.232 <none> 80/TCP 1h
kube-dns 10.0.0.10 <none> 53/UDP,53/TCP 1h
kubernetes-dashboard 10.0.237.125 <nodes> 80:32229/TCP 1h
nginx-ingress-ssl 10.0.92.57 40.71.37.243 443:30215/TCP 13m
这篇关于在 Azure 子域上通过 https 访问 docker 容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!