在Azure子域上通过https访问docker容器 [英] Accessing docker container over https on Azure subdomain
问题描述
作为一项实验,我尝试使用Azure容器服务和Kubernetes作为协调器在Azure上运行docker容器。我正在运行官方的nginx图像。以下是我要采取的步骤:
az group create --name test-group --location westus
az acs create --orchestrator-type = kubernetes --resource-group = test-group --name = k8s-cluster --generate-ssh-keys
我使用Kompose从docker compose文件创建了Kubernetes部署和服务文件。
部署文件
apiVersion:extensions / v1beta1
kind:部署
元数据:
annotations:
kompose.service.type:LoadBalancer
creationTimestamp:null
标签:
io.kompose.service:test
name:test
spec:
replicas:1
策略:{}
模板:
元数据:
creationTimestamp:null
标签:
io.kompose.service:test
spec:
containers:
- 图片:nginx:最新
名称:test
ports:
- containerPort:80
资源:{}
restartPolicy:总是
状态:{}
服务文件
apiVersion:v1
kind:服务
元数据:
注释:
kompose.service.type:LoadBalancer
creationTimestamp:null
标签:
io.kompose.service:test
name:test
spec:
ports:
- name: 80
端口:80
targetPort:80
选择器:
io.kompose.service:test
类型:LoadBalancer
状态:
loadBalancer:{}
然后我可以开始一切:
kubectl create -f test-service.yaml,test-deployment.yaml
一旦暴露了IP,我就为它分配了一个dns前缀,这样我就可以像这样访问我正在运行的容器: http ://nginx-test.westus.cloudapp.azure.com/ 。
我的问题是,如何使用https访问服务?在http s ://nginx-test.westus.cloudapp.azure.com/
我不认为我我应该为https配置nginx,因为证书不是我的。我已经尝试更改负载均衡器以将443流量发送到端口80,但是我收到超时错误。
我尝试将端口443映射到我的Kubernetes服务中的端口80配置。
端口:
- 名称:443
端口:443
targetPort:80
但结果是:
SSL peer不希望收到握手消息。错误代码:SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
如何在
As an experiment I'm trying to run a docker container on Azure using the Azure Container Service and Kubernetes as the orchestrator. I'm running the official nginx image. Here are the steps I am taking:
az group create --name test-group --location westus
az acs create --orchestrator-type=kubernetes --resource-group=test-group --name=k8s-cluster --generate-ssh-keys
I created Kubernetes deployment and service files from a docker compose file using Kompose.
deployment file
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: test
spec:
containers:
- image: nginx:latest
name: test
ports:
- containerPort: 80
resources: {}
restartPolicy: Always
status: {}
service file
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.service.type: LoadBalancer
creationTimestamp: null
labels:
io.kompose.service: test
name: test
spec:
ports:
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: test
type: LoadBalancer
status:
loadBalancer: {}
I can then start everything up:
kubectl create -f test-service.yaml,test-deployment.yaml
Once an IP has been exposed I assign a dns prefix to it so I can access my running container like so: http://nginx-test.westus.cloudapp.azure.com/.
My question is, how can I access the service using https? At https://nginx-test.westus.cloudapp.azure.com/
I don't think I'm supposed to configure nginx for https, since the certificate is not mine. I've tried changing the load balancer to send 443 traffic to port 80, but I receive a timeout error.
I tried mapping port 443 to port 80 in my Kubernetes service config.
ports:
- name: "443"
port: 443
targetPort: 80
But that results in:
SSL peer was not expecting a handshake message it received. Error code: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
How can I view my running container at https://nginx-test.westus.cloudapp.azure.com/?
If I understand it correctly, I think you are looking for Nginx Ingress controller.
If we need TLS termination on Kubernetes, we can use ingress controller, on Azure we can use Nginx Ingress controller.
To archive this, we can follow those steps:
1 Deploy the Nginx Ingress controller
2 Create TLS certificates
3 Deploy test http service
4 configure TLS termination
More information about configure Nginx Ingress Controller for TLS termination on Kubernetes on Azure, please refer to this blog.
root@k8s-master-6F403744-0:~/ingress/examples/deployment/nginx# kubectl get services --namespace kube-system -w
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-http-backend 10.0.113.185 <none> 80/TCP 42m
heapster 10.0.4.232 <none> 80/TCP 1h
kube-dns 10.0.0.10 <none> 53/UDP,53/TCP 1h
kubernetes-dashboard 10.0.237.125 <nodes> 80:32229/TCP 1h
nginx-ingress-ssl 10.0.92.57 40.71.37.243 443:30215/TCP 13m
这篇关于在Azure子域上通过https访问docker容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
