nginx 入口控制器 tls 终止直通
[英]nginx ingress controller tls termination passthrough
问题描述
Just deployed my docker image to Azure AKS and created nginx ingress controller.
刚刚将我的 docker 映像部署到 Azure AKS 并创建了 nginx 入口控制器。 My image has the SSL certificate and handles SSL itself.我的图像具有 SSL 证书并自行处理 SSL。 So, I need a passthrough route to my container.所以,我需要一个到我的容器的直通路由。
When I navigate to https://just-poc.live famous nginx 502 gateway displays as below;当我导航到https://just-poc.live著名的 nginx 502 网关时显示如下;
Apparently, nginx couldn't find a route to send https traffic.显然,nginx 找不到发送 https 流量的路由。
What should I do to make nginx controller to route the traffic to my socket-poc deployment?我应该怎么做才能让 nginx 控制器将流量路由到我的socket-poc部署?
nginx ingress controller nginx 入口控制器
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: socket-poc
port:
number: 8081
deployment.yaml部署.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: socket-poc
spec:
replicas: 1
selector:
matchLabels:
app: socket-poc
template:
metadata:
labels:
app: socket-poc
spec:
containers:
- name: socket-poc
image: myownacrrepo.azurecr.io/socket:8081
env:
- name: TOOLBAR_COLOR
value: "green"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 300m
memory: 512Mi
ports:
- containerPort: 8081
---
apiVersion: v1
kind: Service
metadata:
name: socket-poc
spec:
type: ClusterIP
ports:
- port: 8081
selector:
app: socket-poc
kubectl get services displays below; kubectl get services显示如下;
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
aks-helloworld-one ClusterIP 10.0.34.79 <none> 80/TCP 57m
nginx-ingress-ingress-nginx-controller LoadBalancer 10.0.74.62 20.93.213.132 80:31262/TCP,443:30706/TCP 35m
nginx-ingress-ingress-nginx-controller-admission ClusterIP 10.0.177.29 <none> 443/TCP 35m
socket-poc ClusterIP 10.0.64.248 <none> 8081/TCP 69m
kubectl describe ingress hello-world-ingress displays like this; kubectl describe ingress hello-world-ingress像这样kubectl describe ingress hello-world-ingress显示;
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name: hello-world-ingress
Namespace: ingress-basic
Address: 20.93.213.132
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/(.*) socket-poc:8081 (10.244.1.18:8081)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/ssl-passthrough: true
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 19m (x4 over 35m) nginx-ingress-controller Scheduled for sync
Normal Sync 19m (x4 over 35m) nginx-ingress-controller Scheduled for sync
1 个解决方案
解决方案1
1 2021-07-21 05:05:20
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" annotaion was missing. nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"缺少nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"注释。 502 error is gone! 502错误消失了!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.