堆栈内存溢出
  简体   繁体   English

如何使用https在AWS中设置外部kubernetes服务

[英]How to setup an external kubernetes service in AWS using https

 原文  2015-09-29 06:23:57       amazon-web-services/ kubernetes

问题描述

I would like to setup a public kubernetes service in AWS that listens on https. 我想在AWS中设置一个监听https的公共kubernetes服务。

I know that kubernetes services currently only support TCP and UDP, but is there a way to make this work with the current version of kubernetes and AWS ELBs? 我知道kubernetes服务目前仅支持TCP和UDP,但是有没有办法使它与当前版本的kubernetes和AWS ELB一起使用?

I found this. 我找到了这个。 http://blog.kubernetes.io/2015/07/strong-simple-ssl-for-kubernetes.html http://blog.kubernetes.io/2015/07/strong-simple-ssl-for-kubernetes.html

Is that the best way at the moment? 这是目前最好的方法吗?

3 个解决方案

解决方案1
 1  2015-10-15 22:05:17

Https usually runs over TCP, so you can simply run your service with Type=Nodeport/LoadBalancer and manage the certs in the service. Https通常在TCP上运行,因此您可以简单地使用Type = Nodeport / LoadBalancer运行服务并管理服务中的证书。 This example might help [1], nginx is listening on :443 through a NodePort for ingress traffic. 此示例可能有帮助[1],nginx正在通过NodePort在:443上侦听入口流量。 See [2] for a better explanation of the example. 有关示例的详细说明,请参见[2]。

[1] https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/nginx-app.yaml#L8 [1] https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/nginx-app.yaml#L8

[2] http://kubernetes.io/v1.0/docs/user-guide/connecting-applications.html [2] http://kubernetes.io/v1.0/docs/user-guide/connecting-applications.html

解决方案2
 1  2016-11-22 21:06:54

Since 1.3, you can use annotations along with a type=LoadBalancer service: 从1.3开始,您可以将注释与type = LoadBalancer服务一起使用:

https://github.com/kubernetes/kubernetes/issues/24978 https://github.com/kubernetes/kubernetes/issues/24978 

service.beta.kubernetes.io/aws-load-balancer-ssl-cert=arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
service.beta.kubernetes.io/aws-load-balancer-ssl-ports=* (or e.g. https)

The first annotation is the only one you need if all you want is to support HTTPS, on any number of ports. 如果要在任意数量的端口上支持HTTPS,则第一个注释是唯一需要的注释。 If you also want to support HTTP on one or more additional ports, you need to use the second annotation to specify explicitly which ports will use encryption (the others will use plain HTTP). 如果您还想在一个或多个其他端口上支持HTTP,则需要使用第二个注释来明确指定哪些端口将使用加密(其他端口将使用纯HTTP)。

解决方案3
 0 已采纳  2015-10-16 04:43:34

In my case I setup an elb in aws and setup the ssl cert on that, choosing https and http for the connection types in the elb and that worked great. 在我的情况下,我在aws中设置了一个elb并在其上设置了ssl证书,在elb中选择https和http作为连接类型,效果很好。 I setup the elb wroth kubectl expose. 我设置了elb wroth kubectl暴露。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在AWS中设置kubernetes的loaderbalancer服务 - how to setup loaderbalancer service of kubernetes in AWS 用于HTTP到HTTPS Flask的Kubernetes SSL AWS ELB设置配置映射 - Kubernetes SSL AWS ELB setup config map for HTTP to HTTPS Flask 如何在 Amazon AWS 上使用 NodePort 部署 Kubernetes 服务? - How to deploy a Kubernetes service using NodePort on Amazon AWS? 如何使用 Kops 在 AWS 中公开部署在 kube.netes 上的 GRPCS 服务 - How to expose GRPCS service deployed on kubernetes in AWS using Kops 如何在AWS上设置Kubernetes Master HA - How to setup Kubernetes Master HA on AWS 如何在Kubernetes服务清单中将HTTP重定向到https - How to redirect http to https in Kubernetes service manifest 在AWS中为Kubernetes设置绒布 - Setup Flannel for kubernetes in AWS 使用Amazon AWS和tomcat设置Web服务 - Setup web service using Amazon AWS and tomcat 如何使用 `service.spec.externalIPs` 而不是 `--type=LoadBalancer` 在 AWS 上公开 Kubernetes 服务? - How to expose a Kubernetes service on AWS using `service.spec.externalIPs` and not `--type=LoadBalancer`? 在AWS上使用HTTPS将Kubernetes部署向世界公开的方式是什么? - What's the way to expose a Kubernetes deployment to the world using HTTPS on AWS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM