Google Container Engine 中的 Kubernetes HTTPS Ingress [英] Kubernetes HTTPS Ingress in Google Container Engine

问题描述

我想通过仅 HTTPS 负载平衡器公开在 Google Container Engine 中运行的 HTTP 服务.

I want to expose a HTTP service running in Google Container Engine over HTTPS only load balancer.

如何在入口对象中定义我只想要 HTTPS 负载均衡器而不是默认 HTTP?

How to define in ingress object that I want HTTPS only load balancer instead of default HTTP?

或者有没有办法从创建的负载均衡器中永久删除 HTTP 协议?当我添加 HTTPS 协议然后删除 HTTP 协议时，HTTP 会在几分钟后被平台重新创建.

Or is there a way to permanently drop HTTP protocol from created load balancer? When I add HTTPS protocol and then drop HTTP protocol, HTTP is recreated after few minutes by the platform.

入口:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
spec:
  backend:
    serviceName: myapp-service
    servicePort: 8080

推荐答案

为了仅公开 HTTPS 服务，您可以阻止端口 80 上的流量，如本链接:

In order to have HTTPs service exposed only, you can block traffic on port 80 as mentioned on this link:

您可以通过注释阻止 :80 上的流量.如果您的所有客户端仅通过 https 访问负载均衡器并且您不想浪费额外的 GCE 转发规则，您可能想要这样做，例如:

You can block traffic on :80 through an annotation. You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test
  annotations:
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
  # This assumes tls-secret exists.
  # To generate it run the make in this directory.
  - secretName: tls-secret
  backend:
    serviceName: echoheaders-https
    servicePort: 80

这篇关于Google Container Engine 中的 Kubernetes HTTPS Ingress的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！