如何在 GKE 上为 Kubernetes Ingress 强制使用 SSL [英] How to force SSL for Kubernetes Ingress on GKE

问题描述

有没有办法强制对入口负载平衡器上的传入连接进行 SSL 升级?或者，如果这是不可能的，我可以禁用端口 :80 吗?我还没有找到一个很好的文档页面来概述 YAML 文件中的此类选项.非常感谢提前！

Is there a way to force an SSL upgrade for incoming connections on the ingress load-balancer? Or if that is not possible with, can I disable port :80? I haven't found a good documentation pages that outlines such an option in the YAML file. Thanks a lot in advance!

推荐答案

https://github.com/kubernetes/ingress-gce#frontend-https

您可以通过注释 kubernetes.io/ingress.allow-http: "false" 阻止 HTTP 或通过指定自定义后端将 HTTP 重定向到 HTTPS.不幸的是，GCE 还没有直接在 L7 层为您处理重定向或重写.(参见 https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https)

You can block HTTP through the annotation kubernetes.io/ingress.allow-http: "false" or redirect HTTP to HTTPS by specifying a custom backend. Unfortunately GCE doesn't handle redirection or rewriting at the L7 layer directly for you, yet. (see https://github.com/kubernetes/ingress-gce#ingress-cannot-redirect-http-to-https)

更新:GCP 现在处理负载平衡器的重定向规则，包括 HTTP 到 HTTPS.似乎还没有通过 Kubernetes YAML 创建这些的方法.

Update: GCP now handles redirection rules for load balancers, including HTTP to HTTPS. There doesn't appear to be a method to create these through Kubernetes YAML yet.

这篇关于如何在 GKE 上为 Kubernetes Ingress 强制使用 SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！