[英]AKS with AGIC and Application Gateway
I have an AKS cluster with the add-on AGIC enabled (will try and convert it into Helm based AGIC in the near future).我有一个启用了附加 AGIC 的 AKS 集群(将在不久的将来尝试将其转换为基于 Helm 的 AGIC)。 At the moment I have an application on this cluster with the Ingress set to the Application Gateway.
目前我在这个集群上有一个应用程序,入口设置为应用程序网关。 This works perfectly on port 80 at the moment.
目前,这在端口 80 上完美运行。
If I want to enable SSL, do I just need to add the certificate at the App Gateway and then reference that in deployment as such?如果我想启用 SSL,是否只需要在 App Gateway 中添加证书,然后在部署中引用该证书? (example taken from https://thewindowsupdate.com/2021/10/19/what-does-it-mean-for-the-application-gateway-ingress-controller-agic-to-assume-full-ownership/
(示例取自https://thewindowsupdate.com/2021/10/19/what-does-it-mean-for-the-application-gateway-ingress-controller-agic-to-assume-full-ownership/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: aspnetapp
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: <name of your certificated added to Application Gateway>
appgw.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: aspnetapp
servicePort: 80
Although the service port is set to 80 above, will the App GW apply TLS automatically?上面虽然服务端口设置为80,但是App GW会自动应用TLS吗? Should the service port above be 80 or 443?
上面的服务端口应该是80还是443? Or does it not matter since the SSL Redirect is set?
还是因为设置了 SSL Redirect 没关系? Also what aspects does this encrypt automatically?
还有这会自动加密哪些方面?
Also, do I need another certificate for the external side of App GW as well?另外,App GW 的外部是否也需要另一个证书? Or do I need just the one cert?
还是我只需要一个证书?
AGIC will create: AGIC 将创建:
appgw.ingress.kubernetes.io/appgw-ssl-certificate
appgw.ingress.kubernetes.io/appgw-ssl-certificate
的 SSL 证书进行配置 By default AGIC will do TLS termination so the traffic between app gateway and the aks cluster will be using HTTP (not HTTPS) protocol.默认情况下,AGIC 将执行 TLS 终止,因此应用网关和 aks 集群之间的流量将使用 HTTP(不是 HTTPS)协议。 The port configured will be the port configured in the
targetPort
of your service.配置的端口将是您的服务的
targetPort
中配置的端口。
On another note, you should have seen this warning before:另一方面,您之前应该看到过这个警告:
extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
You should update AGIC to use latest version and change your manifest to use networking.k8s.io/v1
Ingress:您应该更新 AGIC 以使用最新版本并将清单更改为使用
networking.k8s.io/v1
Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: aspnetapp
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "<name of your certificate added to Application Gateway>"
spec:
rules:
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.