在 Azure 子域上通过 https 访问 docker 容器 [英] Accessing docker container over https on Azure subdomain
问题描述
作为一项实验,我尝试使用 Azure 容器服务和 Kubernetes 作为协调器在 Azure 上运行 docker 容器.我正在运行官方的 nginx 映像.以下是我正在采取的步骤:
<代码>az group create --name test-group --location westusaz acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys
我使用 Kompose 从 docker compose 文件创建了 Kubernetes 部署和服务文件.
部署文件<代码>apiVersion: 扩展/v1beta1种类:部署元数据:注释:kompose.service.type:负载均衡器创建时间戳:空标签:io.kompose.service:测试名称:测试规格:复制品:1战略: {}模板:元数据:创建时间戳:空标签:io.kompose.service:测试规格:容器:- 图像:nginx:最新名称:测试端口:- 容器端口:80资源: {}重启策略:始终地位: {}
服务文件<代码>api版本:v1种类:服务元数据:注释:kompose.service.type:负载均衡器创建时间戳:空标签:io.kompose.service:测试名称:测试规格:端口:- 名称:80"端口:80目标端口:80选择器:io.kompose.service:测试类型:负载均衡器地位:负载均衡器:{}
然后我就可以开始一切了:
<代码>kubectl create -f test-service.yaml,test-deployment.yaml
一旦暴露了一个 IP,我就会为它分配一个 dns 前缀,这样我就可以像这样访问我正在运行的容器:http://nginx-test.westus.cloudapp.azure.com/.
我的问题是,如何使用 https 访问该服务?在 https://nginx-test.westus.cloudapp.azure.com/
我不认为我应该为 https 配置 nginx,因为证书不是我的.我已尝试更改负载平衡器以将 443 流量发送到端口 80,但收到超时错误.
我尝试在 Kubernetes 服务配置中将端口 443 映射到端口 80.
<代码>端口:- 名称:443"端口:443目标端口:80
但这会导致:
<代码>SSL 对等方不希望收到握手消息.错误代码:SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
如何在
As an experiment I'm trying to run a docker container on Azure using the Azure Container Service and Kubernetes as the orchestrator. I'm running the official nginx image. Here are the steps I am taking:
az group create --name test-group --location westus
az acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys
I created Kubernetes deployment and service files from a docker compose file using Kompose.
deployment file
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: test
spec:
containers:
- image: nginx:latest
name: test
ports:
- containerPort: 80
resources: {}
restartPolicy: Always
status: {}
service file
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
ports:
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: test
type: LoadBalancer
status:
loadBalancer: {}
I can then start everything up:
kubectl create -f test-service.yaml,test-deployment.yaml
Once an IP has been exposed I assign a dns prefix to it so I can access my running container like so: http://nginx-test.westus.cloudapp.azure.com/.
My question is, how can I access the service using https? At https://nginx-test.westus.cloudapp.azure.com/
I don't think I'm supposed to configure nginx for https, since the certificate is not mine. I've tried changing the load balancer to send 443 traffic to port 80, but I receive a timeout error.
I tried mapping port 443 to port 80 in my Kubernetes service config.
ports:
- name: "443"
port: 443
targetPort: 80
But that results in:
SSL peer was not expecting a handshake message it received. Error code: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
How can I view my running container at https://nginx-test.westus.cloudapp.azure.com/?
If I understand it correctly, I think you are looking for Nginx Ingress controller.
If we need TLS termination on Kubernetes, we can use ingress controller, on Azure we can use Nginx Ingress controller.
To archive this, we can follow those steps:
1 Deploy the Nginx Ingress controller
2 Create TLS certificates
3 Deploy test http service
4 configure TLS termination
More information about configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure, please refer to this blog.
root@k8s-master-6F403744-0:~/ingress/examples/deployment/nginx# kubectl get services --namespace kube-system -w
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend 10.0.113.185 <none> 80/TCP 42m
heapster 10.0.4.232 <none> 80/TCP 1h
kube-dns 10.0.0.10 <none> 53/UDP,53/TCP 1h
kubernetes-dashboard 10.0.237.125 <nodes> 80:32229/TCP 1h
nginx-ingress-ssl 10.0.92.57 40.71.37.243 443:30215/TCP 13m
这篇关于在 Azure 子域上通过 https 访问 docker 容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
