Kubernetes HTTPS Google 容器引擎中的入口

Question

I want to expose a HTTP service running in Google Container Engine over HTTPS only load balancer.我想公开在 Google Container Engine 中运行的 HTTP 服务，而不是仅通过 HTTPS的负载均衡器。

How to define in ingress object that I want HTTPS only load balancer instead of default HTTP?如何在入口 object 中定义我想要HTTPS仅负载均衡器而不是默认的 HTTP？

Or is there a way to permanently drop HTTP protocol from created load balancer?或者有没有办法从创建的负载均衡器中永久删除HTTP协议？ When I add HTTPS protocol and then drop HTTP protocol, HTTP is recreated after few minutes by the platform.当我添加HTTPS协议然后删除HTTP协议时，平台会在几分钟后重新创建HTTP 。

Ingress:入口：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myapp-ingress
spec:
  backend:
    serviceName: myapp-service
    servicePort: 8080

Answer 1

In order to have HTTPs service exposed only, you can block traffic on port 80 as mentioned on this link : 为了仅暴露HTTPs服务，您可以阻止端口80上的流量，如此链接中所述：

You can block traffic on :80 through an annotation. 您可以通过注释来阻止流量：80。 You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg: 如果所有客户端都只是通过https命中负载均衡器并且您不想浪费额外的GCE转发规则，则可能需要执行此操作，例如：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test
  annotations:
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
  # This assumes tls-secret exists.
  # To generate it run the make in this directory.
  - secretName: tls-secret
  backend:
    serviceName: echoheaders-https
    servicePort: 80

Answer 2

You could also use FrontendConfig您也可以使用FrontendConfig

HTTP to HTTPS redirects are configured using the redirectToHttps field in a FrontendConfig custom resource. HTTP 到 HTTPS 重定向是使用 FrontendConfig 自定义资源中的 redirectToHttps 字段配置的。 Redirects are enabled for the entire Ingress resource so all services referenced by the Ingress will have HTTPS redirects enabled.为整个 Ingress 资源启用重定向，因此 Ingress 引用的所有服务都将启用 HTTPS 重定向。

The following FrontendConfig manifest enables HTTP to HTTPS redirects.以下 FrontendConfig 清单启用 HTTP 到 HTTPS 重定向。 Set the spec.redirectToHttps.enabled field to true to enable HTTPS redirects.将 spec.redirectToHttps.enabled 字段设置为 true 以启用 HTTPS 重定向。 The spec.responseCodeName field is optional. spec.responseCodeName 字段是可选的。 If it's omitted a 301 Moved Permanently redirect is used.如果省略，则使用 301 Moved Permanently 重定向。

For example例如

apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
  name: your-frontend-config-name
spec:
  redirectToHttps:
    enabled: true
    responseCodeName: MOVED_PERMANENTLY_DEFAULT

MOVED_PERMANENTLY_DEFAULT is on of the available RESPONSE_CODE field value, to return a 301 redirect response code (default if responseCodeName is unspecified). MOVED_PERMANENTLY_DEFAULT位于可用的RESPONSE_CODE字段值中，以返回301重定向响应代码（如果未指定responseCodeName ，则为默认值）。

You can find more options here: HTTP to HTTPS redirects您可以在此处找到更多选项： HTTP 到 HTTPS 重定向

Then you have to link your FrontendConfig to the Ingress , like this:然后您必须将您的FrontendConfig链接到Ingress ，如下所示：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: your-ingress-name
  annotations:
    networking.gke.io/v1beta1.FrontendConfig: your-frontend-config-name
spec:
  tls:
    ...

Kubernetes HTTPS Google 容器引擎中的入口

问题描述

2 个解决方案

解决方案1
3 已采纳 2016-11-30 20:09:51

解决方案2
0 2022-09-08 06:18:15

Kubernetes HTTPS Google 容器引擎中的入口

问题描述

2 个解决方案

解决方案1 3 已采纳 2016-11-30 20:09:51

解决方案2 0 2022-09-08 06:18:15

解决方案1
3 已采纳 2016-11-30 20:09:51

解决方案2
0 2022-09-08 06:18:15