Google Container Engine中的Kubernetes HTTPS Ingress [英] Kubernetes HTTPS Ingress in Google Container Engine
问题描述
我想通过 HTTPS 负载平衡器公开在Google Container Engine中运行的HTTP服务。 如何在入口对象中定义我想要 HTTPS
只有负载均衡器而不是默认的HTTP?
或者是否有永久性删除 HTTP
来自创建的负载均衡器的协议?当我添加 HTTPS
协议,然后删除 HTTP
协议时, HTTP
Ingress:
apiVersion:extensions / v1beta1
类型:Ingress
元数据:
名称:myapp-ingress
规格:
后端:
服务名称:myapp-service
servicePort:8080
服务仅公开,您可以按照此链接:
您可以通过注释阻止:80上的流量。如果您的所有客户端只通过https访问负载均衡器,而您不想浪费额外的GCE转发规则,则可能需要这样做,例如: b
apiVersion:extensions / v1beta1
类型:Ingress
元数据:
名称:test
注释:
kubernetes.io/ingress.allow-http:false
spec:
tls:
#这个假设tls-secret存在。
#要生成它,请在此目录中运行make。
- secretName:tls-secret
backend:
serviceName:echoheaders-https
servicePort:80
I want to expose a HTTP service running in Google Container Engine over HTTPS only load balancer.
How to define in ingress object that I want
HTTPS
only load balancer instead of default HTTP?Or is there a way to permanently drop
HTTP
protocol from created load balancer? When I addHTTPS
protocol and then dropHTTP
protocol,HTTP
is recreated after few minutes by the platform.Ingress:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: myapp-ingress spec: backend: serviceName: myapp-service servicePort: 8080
解决方案In order to have HTTPs service exposed only, you can block traffic on port 80 as mentioned on this link:
You can block traffic on :80 through an annotation. You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test annotations: kubernetes.io/ingress.allow-http: "false" spec: tls: # This assumes tls-secret exists. # To generate it run the make in this directory. - secretName: tls-secret backend: serviceName: echoheaders-https servicePort: 80
这篇关于Google Container Engine中的Kubernetes HTTPS Ingress的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!