[英]NGINX Ingress Controller: Can I terminate TLS and pass non-http traffic?
I'm attempting to deploy a DNP3 server (an industrial protocol) within Kubernetes. 我正在尝试在Kubernetes中部署DNP3服务器(工业协议)。 DNP3 uses TCP communications but is a stateful protocol.
DNP3使用TCP通信,但它是有状态协议。 I'm currently working on deploying the ingress controller configuration.
我目前正在部署入口控制器配置。
I realize that ingress controllers are intended for http/https traffic, but I'd like to use them if possible and take advantage of some of the inherent features (eg mutual TLS, whitelisting, etc.). 我意识到入口控制器旨在用于http / https流量,但我想在可能的情况下使用它们,并利用某些固有功能(例如,相互TLS,白名单等)。 Does the NGINX ingress controller require that incoming traffic be formatted as http traffic (eg having a header, etc.)?
NGINX入口控制器是否要求将传入流量格式化为http流量(例如,具有标头等)? If it receives random TCP (non-http) traffic can it simply pass the traffic along to backend service?
如果它接收到随机的TCP(非HTTP)流量,是否可以简单地将流量传递给后端服务?
The annotations I'm trying to work with include: 我尝试使用的注释包括:
ingress.kubernetes.io/auth-tls-secret: default/client-secret
ingress.kubernetes.io/auth-tls-verify-depth: "3"
kubernetes.io/ingress.class: nginx-private
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.org/lb-method: ip_hash
A few notes: 一些注意事项:
Unfortunately, based on the information I've found, there is no good way to provide Ingress for TCP services, and there seem to be no plans to add that in the nearest feature. 不幸的是,根据我发现的信息,没有为TCP服务提供Ingress的好方法,而且似乎也没有计划在最接近的功能中添加Ingress。 Actually, this is still an open issue on GitHub.
实际上,这在GitHub上仍然是一个未解决的问题 。
There have been some approaches to map TCP or UDP traffic to a Kubernetes service using ConfigMaps described in this StackOverflow question. 有一些方法可以使用此StackOverflow 问题中描述的ConfigMap将TCP或UDP流量映射到Kubernetes服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.