[英]k8s nginx ingress TLS rules: cert vs. paths
I am struggling to get my nginx ingress (on AWS EKS) working with path rules and TLS.我正在努力让我的 nginx 入口(在 AWS EKS 上)使用路径规则和 TLS。
The ingress is from here入口来自这里
A snippet from the Ingress looks like: Ingress 的片段如下所示:
spec:
tls:
- hosts:
- example.com
secretName: ingress-tls
rules:
- host: example.com
- http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 443
This ingress creates the AWS network load balancer, with a URL like https://xyz.elb.us-west-1.amazonaws.com/
此入口创建 AWS 网络负载均衡器,其 URL 像
https://xyz.elb.us-west-1.amazonaws.com/
I am updating the ingress-tls
secret with a certificate using cert-manager
.我正在使用
cert-manager
使用证书更新ingress-tls
机密。
When I access the ingress using the NLB URL https://xyz.elb.us-west-1.amazonaws.com/api
, I get当我使用 NLB URL
https://xyz.elb.us-west-1.amazonaws.com/api
访问入口时,我得到
api-service
as expected)api-service
) When I access the ingress using the correct domain eg https://example.com/api
which is what I want to do, I get:当我使用正确的域访问入口时,例如
https://example.com/api
这是我想要做的,我得到:
404
, it doesn't respect my path rules, and goes to upstream-default-backend
instead. 404
,它不尊重我的路径规则,而是转到upstream-default-backend
。example.com
that cert-manager
configured. cert-manager
配置的example.com
。 I tried removing the host: example.com
from the rules:
, which gives me:我尝试从
rules:
中删除host: example.com
这给了我:
example.com
, I guess since the host
is missing from the rules, though not sure of the exact reason.example.com
,我猜是因为规则中缺少host
,但不确定确切原因。 Can someone please help me get有人可以帮我得到吗
I'm at a loss here.我在这里不知所措。
After staring at this for several more hours, and digging through the nasty chunk of lua that is the nginx.conf
for this, I found it, Maybe someday someone will have this problem.在盯着这个看几个小时后,挖掘了 ZE434023CF89D7DFB21F63D64F0F9D74Z.conf 的
nginx.conf
的讨厌块,我找到了它,也许有一天有人会遇到这个问题。 and might find this useful.并且可能会发现这很有用。
The problem was:问题是:
rules:
- host: example.com
- http:
This is defining (I think) a host
with no forwarding rules, then then some http
forwarding rules without a host.这是定义(我认为)没有转发规则的
host
,然后是一些没有主机的http
转发规则。 What I had intended was obviously that the forwarding rules would be for the host.我的意图显然是转发规则是针对主机的。
And that would be:那将是:
rules:
- host: example.com
http:
I have to say that I'm now even less of a fan of YAML than I was previously, if that's even possible.我不得不说,如果可能的话,我现在比以前更不喜欢 YAML。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.