堆栈内存溢出
  简体   繁体   English

如何在AWS和SSL终止中设置kubernetes NGINX ingress

[英]How to set up kubernetes NGINX ingress in AWS and SSL termination

 原文  2017-06-07 19:33:32       amazon-web-services/ ssl/ nginx/ kubernetes/ elastic-load-balancer

问题描述

I set up a kubernetes cluster in AWS using KOPS; 我使用KOPS在AWS中建立了一个kubernetes集群; now I want to set up an NGINX ingress controller and terminate TLS with AWS managed certificate. 现在我想建立一个NGINX入口控制器并使用AWS托管证书终止TLS。 The topology in my understanding is AWS ELB is facing the internet and terminates TLS, forwards unencrypted to ingress service which then does dispatches. 我理解的拓扑结构是AWS ELB面向互联网并终止TLS,将未加密的转发转发到入口服务,然后进行调度。

I've deployed ingress controller from https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx 我从https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx部署了入口控制器

Except I used annotations as described on top of https://github.com/kubernetes/ingress/issues/71 to add the certificate. 除了我使用https://github.com/kubernetes/ingress/issues/71之上描述的注释添加证书。

I add the route to Route53 and open my browser to https address and get a 400 response from NGINX with message "The plain HTTP request was sent to HTTPS port" 我将路由添加到Route53并打开我的浏览器到https地址并从NGINX获得400响应,并显示消息“普通HTTP请求已发送到HTTPS端口”

What am I doing wrong? 我究竟做错了什么?

This is my ingress resource: 这是我的入口资源: 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: dispatcher
  namespace: test
spec:
  rules:
  - host: REDACTED
    http:
      paths:
      - backend:
          serviceName: REDACTED
          servicePort: 80
        path: /api/v0

2 个解决方案

解决方案1
 2 已采纳  2017-06-08 18:30:02

我设法在很大程度上使用入口来完成这项工作: https//github.com/kubernetes/kops/tree/master/addons/ingress-nginx除了入口服务我添加了service.beta.kubernetes.io/aws-load-balancer-ssl-cert注释指向我的证书ARN并将两个端口的targetPort设置为80

解决方案2
 1  2017-06-07 21:13:13

https://github.com/kubernetes/ingress/tree/master/controllers/nginx#https https://github.com/kubernetes/ingress/tree/master/controllers/nginx#https

TL;DR TL; DR

1) create a secret with your ssl public/private in your namespace 1)在命名空间中使用ssl public / private创建一个秘密

2) add the tls block to your ingress (referencing the secret) 2)将tls块添加到您的入口(引用秘密)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有NGINX入口控制器和SSL终止的AWS上的Kubernetes - Kubernetes on AWS with NGINX ingress controller and SSL termination AWS上的Kubernetes 1.4 SSL终止 - Kubernetes 1.4 SSL Termination on AWS HTTP 错误 408 - 设置 kubernetes 以及 AWS ELB 和 NGINX 入口后 - HTTP ERROR 408 - After setting up kubernetes , along with AWS ELB and NGINX Ingress 如何为AWS创建Kubernetes Ingress - How to create Kubernetes Ingress for AWS 如何将 AWS ELB 上的 SSL 终止到 Flask 应用程序? - How to SSL termination on AWS ELB to Flask App? 如何在 AWS API Gateway 上完成 SSL 终止? - How is SSL termination done at the AWS API Gateway? Kubernetes SSL 重定向入口 - Kubernetes SSL Redirect Ingress Kubernetes nginx HTTPS 在 AWS 中的基于入口路径的路由 - Kubernetes nginx ingress path-based routing of HTTPS in AWS AWS中的Kubernetes入口 - Kubernetes ingress in AWS 在AWS Ubuntu实例上的Nginx上设置SSL - Setting up SSL on Nginx on AWS Ubuntu instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM