堆栈内存溢出
  简体   繁体   English

NGINX入口控制器:我可以终止TLS并传递非HTTP流量吗?

[英]NGINX Ingress Controller: Can I terminate TLS and pass non-http traffic?

 原文  2018-08-15 01:04:39       kubernetes/ load-balancing/ kubernetes-ingress/ nginx-ingress

问题描述

I'm attempting to deploy a DNP3 server (an industrial protocol) within Kubernetes. 我正在尝试在Kubernetes中部署DNP3服务器(工业协议)。 DNP3 uses TCP communications but is a stateful protocol. DNP3使用TCP通信,但它是有状态协议。 I'm currently working on deploying the ingress controller configuration. 我目前正在部署入口控制器配置。

I realize that ingress controllers are intended for http/https traffic, but I'd like to use them if possible and take advantage of some of the inherent features (eg mutual TLS, whitelisting, etc.). 我意识到入口控制器旨在用于http / https流量,但我想在可能的情况下使用它们,并利用某些固有功能(例如,相互TLS,白名单等)。 Does the NGINX ingress controller require that incoming traffic be formatted as http traffic (eg having a header, etc.)? NGINX入口控制器是否要求将传入流量格式化为http流量(例如,具有标头等)? If it receives random TCP (non-http) traffic can it simply pass the traffic along to backend service? 如果它接收到随机的TCP(非HTTP)流量,是否可以简单地将流量传递给后端服务?

The annotations I'm trying to work with include: 我尝试使用的注释包括: 

ingress.kubernetes.io/auth-tls-secret: default/client-secret
ingress.kubernetes.io/auth-tls-verify-depth: "3"
kubernetes.io/ingress.class: nginx-private
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.org/lb-method: ip_hash

A few notes: 一些注意事项:

  • I realize that the auth-tls-pass-certificate annotation would add a header. 我意识到auth-tls-pass-certificate批注将添加标头。 My hope is that I can read the cert information from the header and then strip the header/other https data from the message. 我希望我可以从标头中读取证书信息,然后从消息中剥离标头/其他https数据。
  • I'm hoping ot use the ip_hash lb-method in order to allow for the application to be stateful (a client with a consistent IP address is always routed to the same backend server). 我希望使用ip_hash lb-method来使应用程序具有状态(始终将IP地址一致的客户端路由到同一后端服务器)。

1 个解决方案

解决方案1
 0 已采纳  2018-08-16 15:09:31

Unfortunately, based on the information I've found, there is no good way to provide Ingress for TCP services, and there seem to be no plans to add that in the nearest feature. 不幸的是,根据我发现的信息,没有为TCP服务提供Ingress的好方法,而且似乎也没有计划在最接近的功能中添加Ingress。 Actually, this is still an open issue on GitHub. 实际上,这在GitHub上仍然是一个未解决的问题

There have been some approaches to map TCP or UDP traffic to a Kubernetes service using ConfigMaps described in this StackOverflow question. 有一些方法可以使用此StackOverflow 问题中描述的ConfigMap将TCP或UDP流量映射到Kubernetes服务

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubernetes L7入口能否用于非HTTP端口流量? - Can Kubernetes L7 ingress be used for non-HTTP port traffic? 我如何配置入口和Nginx入口控制器以使用相同的主机和路径将HTTP流量发送到端口80并将https流量发送到443端口 - How can i configure ingress and nginx ingress controller to send http traffic to port 80 and https traffic to 443 port, with the same host and path 我可以使用ingress-nginx来简化路由流量吗? - can i use ingress-nginx to simple route traffic? Linkerd 流量拆分与 Nginx 入口 Controller - Linkerd traffic split with Nginx Ingress Controller nginx 入口控制器 tls 终止直通 - nginx ingress controller tls termination passthrough 如何将 HTTP 重定向到 HTTPS 与 Nginx 入口 Z9BBF373797BF7CF7BA62C80023 由 AWS Manager 证书管理,AWS NELB23 证书? - How to redirect HTTP to HTTPS with Nginx Ingress Controller, AWS NLB and TLS certificate managed by AWS Certificate Manager? 如何在 nginx 入口 controller 中配置与 nginx 中相同的行为? - How can I config the same behavior in nginx ingress controller as in nginx? 如何使用 nginx 入口在端口 80(即没有 TLS)上启用 http2/grpc? - How to enable http2/grpc on port 80 (i.e. without TLS) with nginx ingress? 如何在 Kube.netes 中公开非 HTTP、TCP 服务? - How do I expose non-HTTP, TCP services in Kubernetes? 如何在 kubernetes 中创建多个 nginx 入口控制器 - How can i create mutiple nginx ingress controller in kubernetes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM