我怎样才能使用大使特使进入TLS? [英] How can I use Ambassador Emissary -ingress for TLS?
本文介绍了我怎样才能使用大使特使进入TLS?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个非常简短的问题。为了澄清一些事情,我必须与您分享我的邮递员结果。
我用2篇文章成功做到了这一点:
https://www.getambassador.io/docs/emissary/pre-release/topics/install/
https://www.getambassador.io/docs/emissary/pre-release/howtos/tls-termination/
我正在尝试为我的大使界面添加TLS。一切看起来都很好。请查看下面
但当我通过HTTPS发送请求时(查看上面的邮递员) 它向我返回错误:错误:客户端网络套接字在建立安全TLS连接之前断开。
我的部署.yaml将有助于解决我的问题:
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: echo-server
template:
metadata:
labels:
app: echo-server
spec:
containers:
- name: echo-server
image: jmalloc/echo-server
ports:
- name: http-port
containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: echo-service
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8443
selector:
app: echo-server
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorMapping
metadata:
name: echo-backend
namespace: default
spec:
hostname: "*"
prefix: /echo/
service: echo-service
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorListener
metadata:
name: emissary-ingress-listener-8080
namespace: emissary
spec:
port: 8080
protocol: HTTPPROXY
securityModel: XFP
hostBinding:
namespace:
from: ALL
---
apiVersion: x.getambassador.io/v3alpha1
kind: AmbassadorHost
metadata:
name: wildcard-host
spec:
hostname: "*"
acmeProvider:
authority: none
tlsSecret:
name: tls-cert
selector:
matchLabels:
hostname: wildcard-host
also I am using curl to be sure
```C
curl -Lk https://143.198.247.222/echo/
{
"server": "trim-kumquat-fccjxh8x",
"quote": "Abstraction is ever present.",
"time": "2019-07-24T16:36:56.7983516Z"
}
推荐答案
使者和边缘堆栈实际上以相同的方式处理TLS-鉴于curl起作用,我倾向于认为您在这里看到的是您在按照说明获取自签名TLS证书,而Postman只是对证书的要求比curl更严格。
如果从curl中删除-k,我预计它也会失败。同样,如果您从浏览器执行HTTPS,则大多数浏览器都会非常挑剔适当的证书。因此,我建议您从获得一个经过正确签名的证书开始(可能来自于We‘s Encrypt?),并尝试这样做。
这篇关于我怎样才能使用大使特使进入TLS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
