[英]Kubernetes on AWS with NGINX ingress controller and SSL termination
Having issues configuring SSL termination in my Kubernetes cluster. 在我的Kubernetes群集中配置SSL终止时遇到问题。 Attempting to figure out best place for this to happen. 试图找出最好的地方来实现这一目标。
I have been able to get it working following the instructions listed here and then updating the ingress controller service to include the SSL certificate details using service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation: 我已经能够按照此处列出的说明进行操作,然后使用service.beta.kubernetes.io/aws-load-balancer-ssl-cert批注更新入口控制器服务以包括SSL证书详细信息:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:...
spec:
type: LoadBalancer
selector:
app: ingress-nginx
ports:
- name: https
port: 443
targetPort: 80
I then have ingress rules and services setup similar to: 然后,我将获得类似于以下内容的入口规则和服务设置:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app1
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: app1.foo.bar
http:
paths:
- backend:
serviceName: app1
servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
name: app1
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
selector:
app: app1
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: app1
spec:
template:
metadata:
labels:
app: app1
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
When going to app1.foo.bar
I can see that: 转到app1.foo.bar
我可以看到:
Originally I was trying to apply the certificate to my individual app services. 最初,我试图将证书应用于我的个人应用程序服务。 I could see the certificate being applied to the ELB in AWS but wasn't being passed through. 我可以看到证书已应用于AWS中的ELB,但没有通过。 So my question is: 所以我的问题是:
Is this the correct configuration or is there a better solution? 这是正确的配置还是有更好的解决方案?
Thank you :) 谢谢 :)
I would suggest terminating SSL on the Nginx Ingress Controller exposed with ELB, and use kube-lego for automated SSL certificate management. 我建议终止在ELB公开的Nginx Ingress Controller上终止SSL,并使用kube-lego进行自动SSL证书管理。
https://github.com/kubernetes/ingress-nginx & https://github.com/jetstack/kube-lego https://github.com/kubernetes/ingress-nginx和https://github.com/jetstack/kube-lego
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.