堆栈内存溢出
  简体   繁体   English

具有NGINX入口控制器和SSL终止的AWS上的Kubernetes

[英]Kubernetes on AWS with NGINX ingress controller and SSL termination

 原文  2017-10-17 16:08:08       amazon-web-services/ nginx/ kubernetes/ devops

问题描述

Having issues configuring SSL termination in my Kubernetes cluster. 在我的Kubernetes群集中配置SSL终止时遇到问题。 Attempting to figure out best place for this to happen. 试图找出最好的地方来实现这一目标。

I have been able to get it working following the instructions listed here and then updating the ingress controller service to include the SSL certificate details using service.beta.kubernetes.io/aws-load-balancer-ssl-cert annotation: 我已经能够按照此处列出的说明进行操作,然后使用service.beta.kubernetes.io/aws-load-balancer-ssl-cert批注更新入口控制器服务以包括SSL证书详细信息: 

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:...
spec:
  type: LoadBalancer
  selector:
    app: ingress-nginx
  ports:
  - name: https
    port: 443
    targetPort: 80

I then have ingress rules and services setup similar to: 然后,我将获得类似于以下内容的入口规则和服务设置: 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app1
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: app1.foo.bar
    http:
      paths:
      - backend:
          serviceName: app1
          servicePort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: app1
spec:
  type: LoadBalancer
  ports:
  - name: http
    port: 80
    targetPort: 80
  selector:
    app: app1

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: app1
spec:
  template:
    metadata:
      labels:
        app: app1
    spec:
      containers:
      - image: nginx
        name: nginx
        ports:
        - containerPort: 80

When going to app1.foo.bar I can see that: 转到app1.foo.bar我可以看到:

  • http requests are redirected to https http请求被重定向到https
  • the SSL certificate is correctly applied SSL证书已正确应用

Originally I was trying to apply the certificate to my individual app services. 最初,我试图将证书应用于我的个人应用程序服务。 I could see the certificate being applied to the ELB in AWS but wasn't being passed through. 我可以看到证书已应用于AWS中的ELB,但没有通过。 So my question is: 所以我的问题是:

Is this the correct configuration or is there a better solution? 这是正确的配置还是有更好的解决方案?

Thank you :) 谢谢 :)

1 个解决方案

解决方案1
 -1  2017-10-18 13:38:30

I would suggest terminating SSL on the Nginx Ingress Controller exposed with ELB, and use kube-lego for automated SSL certificate management. 我建议终止在ELB公开的Nginx Ingress Controller上终止SSL,并使用kube-lego进行自动SSL证书管理。

https://github.com/kubernetes/ingress-nginx & https://github.com/jetstack/kube-lego https://github.com/kubernetes/ingress-nginxhttps://github.com/jetstack/kube-lego

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在AWS和SSL终止中设置kubernetes NGINX ingress - How to set up kubernetes NGINX ingress in AWS and SSL termination AWS上的Kubernetes 1.4 SSL终止 - Kubernetes 1.4 SSL Termination on AWS Ingress资源与Kubernetes上的NGINX入口控制器 - Ingress resource vs NGINX ingress controller on Kubernetes 在AWS上部署NGINX入口控制器 - Deploying an NGINX Ingress Controller on AWS kubernetes没有为ingress-nginx控制器创建ELB - kubernetes not creating the ELB for ingress-nginx controller 无法访问在 AWS 上运行的 Kubernetes 集群上通过 nginx 入口控制器公开的 Spring Boot 微服务 - Unable to access Spring Boot microservice exposed via nginx ingress controller on Kubernetes cluster running on AWS 用于Kubernetes(AWS EKS)的Traefik入口控制器 - Traefik Ingress Controller for Kubernetes (AWS EKS) Kubernetes SSL 重定向入口 - Kubernetes SSL Redirect Ingress Kubernetes nginx HTTPS 在 AWS 中的基于入口路径的路由 - Kubernetes nginx ingress path-based routing of HTTPS in AWS 无法在 Terraform 中创建 AWS ALB kubernetes 入口 controller - Can't create AWS ALB kubernetes ingress controller in Terraform
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM