Google Container Engine 中的 Kubernetes HTTPS Ingress [英] Kubernetes HTTPS Ingress in Google Container Engine
问题描述
我想通过仅 HTTPS 负载平衡器公开在 Google Container Engine 中运行的 HTTP 服务.
I want to expose a HTTP service running in Google Container Engine over HTTPS only load balancer.
如何在入口对象中定义我只想要 HTTPS
负载均衡器而不是默认 HTTP?
How to define in ingress object that I want HTTPS
only load balancer instead of default HTTP?
或者有没有办法从创建的负载均衡器中永久删除 HTTP
协议?当我添加 HTTPS
协议然后删除 HTTP
协议时,HTTP
会在几分钟后被平台重新创建.
Or is there a way to permanently drop HTTP
protocol from created load balancer? When I add HTTPS
protocol and then drop HTTP
protocol, HTTP
is recreated after few minutes by the platform.
入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
spec:
backend:
serviceName: myapp-service
servicePort: 8080
推荐答案
为了仅公开 HTTPS 服务,您可以阻止端口 80 上的流量,如本链接:
In order to have HTTPs service exposed only, you can block traffic on port 80 as mentioned on this link:
您可以通过注释阻止 :80 上的流量.如果您的所有客户端仅通过 https 访问负载均衡器并且您不想浪费额外的 GCE 转发规则,您可能想要这样做,例如:
You can block traffic on :80 through an annotation. You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
# This assumes tls-secret exists.
# To generate it run the make in this directory.
- secretName: tls-secret
backend:
serviceName: echoheaders-https
servicePort: 80
这篇关于Google Container Engine 中的 Kubernetes HTTPS Ingress的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!