我如何配置入口和Nginx入口控制器以使用相同的主机和路径将HTTP流量发送到端口80并将https流量发送到443端口
[英]How can i configure ingress and nginx ingress controller to send http traffic to port 80 and https traffic to 443 port, with the same host and path
问题描述
I have a service for my app: 
我为我的应用提供服务:
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
io.kompose.service: app
name: app
spec:
type: ClusterIP
ports:
- name: "443"
port: 443
targetPort: 443
- name: "80"
port: 80
targetPort: 80
selector:
io.kompose.service: app
and ingress: 和入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 200m
spec:
rules:
- host: test.app.com
http:
paths:
- backend:
serviceName: app
servicePort: 443
and ingress controller: 和入口控制器:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --enable-ssl-passthrough
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
The problem is that the ingress controller send's both http and https traffic to port 443. i want to configure it to be able to send http traffic to port 80 and https traffic to port 443. how can i do that? 问题是入口控制器将HTTP和HTTPS流量都发送到端口443。我想将其配置为能够将HTTP流量发送到端口80,并将HTTPS流量发送到端口443。我该怎么做? or there is a something i don't understand correctly?. 还是有些我不正确理解的东西?
2 个解决方案
解决方案1
0 2019-08-13 09:23:39
Can you update a question to a bit more precise? 您可以更精确地更新问题吗?
I can deduct in 2 cases. 我可以扣除2种情况。
1) If you want to send the same traffic to port 80 and 443? 1)是否要将相同的流量发送到端口80和443?
2) You want traffic received on port 443 in ingress to send to port 80 to pod. 2)您希望在入口的端口443上收到的流量发送到端口80到Pod。
Still, I will give in short. 不过,我会简而言之。
Case 1 情况1
It is not possible. 这不可能。 you have to opt for istio etc which provide traffic mirroring. 您必须选择提供流量镜像的istio等。
Case 2 情况二
It is valid and used a lot called SSL offloading. 它是有效的,并被称为SSL卸载。 for that, you have to remove below annotation and update ingress to send traffic on port 80 than 443. 为此,您必须删除以下注释并更新入口以在端口80上发送流量,而不是在443上发送流量。
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
解决方案2
0 2019-08-13 10:39:01
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
annotations:
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: my.url.com
http:
paths:
- path: /
backend:
serviceName: servicea
servicePort: 80
- path: /
backend:
serviceName: servicea
servicePort: 443
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.