[英]Kubernetes HTTPS Ingress in Google Container Engine
I want to expose a HTTP service running in Google Container Engine over HTTPS only load balancer.我想公开在 Google Container Engine 中运行的 HTTP 服务,而不是仅通过 HTTPS的负载均衡器。
How to define in ingress object that I want HTTPS
only load balancer instead of default HTTP?如何在入口 object 中定义我想要HTTPS
仅负载均衡器而不是默认的 HTTP?
Or is there a way to permanently drop HTTP
protocol from created load balancer?或者有没有办法从创建的负载均衡器中永久删除HTTP
协议? When I add HTTPS
protocol and then drop HTTP
protocol, HTTP
is recreated after few minutes by the platform.当我添加HTTPS
协议然后删除HTTP
协议时,平台会在几分钟后重新创建HTTP
。
Ingress:入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
spec:
backend:
serviceName: myapp-service
servicePort: 8080
In order to have HTTPs service exposed only, you can block traffic on port 80 as mentioned on this link : 为了仅暴露HTTPs服务,您可以阻止端口80上的流量,如此链接中所述 :
You can block traffic on :80 through an annotation. 您可以通过注释来阻止流量:80。 You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg: 如果所有客户端都只是通过https命中负载均衡器并且您不想浪费额外的GCE转发规则,则可能需要执行此操作,例如:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
# This assumes tls-secret exists.
# To generate it run the make in this directory.
- secretName: tls-secret
backend:
serviceName: echoheaders-https
servicePort: 80
You could also use FrontendConfig
您也可以使用FrontendConfig
HTTP to HTTPS redirects are configured using the redirectToHttps field in a FrontendConfig custom resource. HTTP 到 HTTPS 重定向是使用 FrontendConfig 自定义资源中的 redirectToHttps 字段配置的。 Redirects are enabled for the entire Ingress resource so all services referenced by the Ingress will have HTTPS redirects enabled.为整个 Ingress 资源启用重定向,因此 Ingress 引用的所有服务都将启用 HTTPS 重定向。
The following FrontendConfig manifest enables HTTP to HTTPS redirects.以下 FrontendConfig 清单启用 HTTP 到 HTTPS 重定向。 Set the spec.redirectToHttps.enabled field to true to enable HTTPS redirects.将 spec.redirectToHttps.enabled 字段设置为 true 以启用 HTTPS 重定向。 The spec.responseCodeName field is optional. spec.responseCodeName 字段是可选的。 If it's omitted a 301 Moved Permanently redirect is used.如果省略,则使用 301 Moved Permanently 重定向。
For example例如
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: your-frontend-config-name
spec:
redirectToHttps:
enabled: true
responseCodeName: MOVED_PERMANENTLY_DEFAULT
MOVED_PERMANENTLY_DEFAULT
is on of the available RESPONSE_CODE
field value, to return a 301
redirect response code (default if responseCodeName
is unspecified). MOVED_PERMANENTLY_DEFAULT
位于可用的RESPONSE_CODE
字段值中,以返回301
重定向响应代码(如果未指定responseCodeName
,则为默认值)。
You can find more options here: HTTP to HTTPS redirects您可以在此处找到更多选项: HTTP 到 HTTPS 重定向
Then you have to link your FrontendConfig
to the Ingress
, like this:然后您必须将您的FrontendConfig
链接到Ingress
,如下所示:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: your-ingress-name
annotations:
networking.gke.io/v1beta1.FrontendConfig: your-frontend-config-name
spec:
tls:
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.