在Azure子域上通过https访问docker容器 [英] Accessing docker container over https on Azure subdomain
问题描述
作为一项实验,我尝试使用Azure容器服务和Kubernetes作为协调器在Azure上运行docker容器。我正在运行官方的nginx图像。以下是我要采取的步骤:
az group create --name test-group --location westus
az acs create --orchestrator-type = kubernetes --resource-group = test-group --name = k8s-cluster --generate-ssh-keys
我使用Kompose从docker compose文件创建了Kubernetes部署和服务文件。
部署文件
apiVersion:extensions / v1beta1
kind:部署
元数据:
annotations:
kompose.service.type:LoadBalancer
creationTimestamp:null
标签:
io.kompose.service:test
name:test
spec:
replicas:1
策略:{}
模板:
元数据:
creationTimestamp:null
标签:
io.kompose.service:test
spec:
containers:
- 图片:nginx:最新
名称:test
ports:
- containerPort:80
资源:{}
restartPolicy:总是
状态:{}
服务文件
apiVersion:v1
kind:服务
元数据:
注释:
kompose.service.type:LoadBalancer
creationTimestamp:null
标签:
io.kompose.service:test
name:test
spec:
ports:
- name: 80
端口:80
targetPort:80
选择器:
io.kompose.service:test
类型:LoadBalancer
状态:
loadBalancer:{}
然后我可以开始一切:
kubectl create -f test-service.yaml,test-deployment.yaml
一旦暴露了IP,我就为它分配了一个dns前缀,这样我就可以像这样访问我正在运行的容器: http ://nginx-test.westus.cloudapp.azure.com/ 。
我的问题是,如何使用https访问服务?在http s ://nginx-test.westus.cloudapp.azure.com/
我不认为我我应该为https配置nginx,因为证书不是我的。我已经尝试更改负载均衡器以将443流量发送到端口80,但是我收到超时错误。
我尝试将端口443映射到我的Kubernetes服务中的端口80配置。
端口:
- 名称:443
端口:443
targetPort:80
但结果是:
SSL peer不希望收到握手消息。错误代码:SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
如何在
As an experiment I'm trying to run a docker container on Azure using the Azure Container Service and Kubernetes as the orchestrator. I'm running the official nginx image. Here are the steps I am taking:
az group create --name test-group --location westus
az acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys
I created Kubernetes deployment and service files from a docker compose file using Kompose.
deployment file
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: test
spec:
containers:
- image: nginx:latest
name: test
ports:
- containerPort: 80
resources: {}
restartPolicy: Always
status: {}
service file
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
ports:
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: test
type: LoadBalancer
status:
loadBalancer: {}
I can then start everything up:
kubectl create -f test-service.yaml,test-deployment.yaml
Once an IP has been exposed I assign a dns prefix to it so I can access my running container like so: http://nginx-test.westus.cloudapp.azure.com/.
My question is, how can I access the service using https? At https://nginx-test.westus.cloudapp.azure.com/
I don't think I'm supposed to configure nginx for https, since the certificate is not mine. I've tried changing the load balancer to send 443 traffic to port 80, but I receive a timeout error.
I tried mapping port 443 to port 80 in my Kubernetes service config.
ports:
- name: "443"
port: 443
targetPort: 80
But that results in:
SSL peer was not expecting a handshake message it received. Error code: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
How can I view my running container at https://nginx-test.westus.cloudapp.azure.com/?
If I understand it correctly, I think you are looking for Nginx Ingress controller
.
If we need TLS termination on Kubernetes, we can use ingress controller, on Azure we can use Nginx Ingress controller
.
To archive this, we can follow those steps:
1 Deploy the Nginx Ingress controller
2 Create TLS certificates
3 Deploy test http service
4 configure TLS termination
More information about configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure, please refer to this blog.
root@k8s-master-6F403744-0:~/ingress/examples/deployment/nginx# kubectl get services --namespace kube-system -w
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend 10.0.113.185 <none> 80/TCP 42m
heapster 10.0.4.232 <none> 80/TCP 1h
kube-dns 10.0.0.10 <none> 53/UDP,53/TCP 1h
kubernetes-dashboard 10.0.237.125 <nodes> 80:32229/TCP 1h
nginx-ingress-ssl 10.0.92.57 40.71.37.243 443:30215/TCP 13m
这篇关于在Azure子域上通过https访问docker容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!