如何使用 Google 计算云在 kubernetes_ingress_v1 中自动从 http 重定向到 https?
[英]How to redirect from http to https automatically in kubernetes_ingress_v1 with Google compute cloud?
问题描述
I am using terraform to deploy a kube cluster to Google Kubernetes Engine.
我正在使用 terraform 将 kube 集群部署到 Google Kubernetes 引擎。
Here is my ingress config - both http and https are working but I want http to auto redirect to https这是我的入口配置 - http 和 https 都在工作,但我希望 http 自动重定向到 Z5E0656C5005D804
resource "kubernetes_ingress_v1" "ingress" {
wait_for_load_balancer = true
metadata {
name = "ingress"
}
spec {
default_backend {
service {
name = kubernetes_service.frontend_service.metadata[0].name
port {
number = 80
}
}
}
rule {
http {
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api/*"
}
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api"
}
}
}
tls {
secret_name = "tls-secret"
}
}
depends_on = [kubernetes_secret_v1.tls-secret, kubernetes_service.frontend_service, kubernetes_service.api_service]
}
How can I configure the ingress to auto redirect from http to https?如何将入口配置为从 http 自动重定向到 https?
2 个解决方案
解决方案1
0 2022-08-19 10:15:47
One of the ways to have the HTTP->HTTPS redirection is to use nginx-ingress.进行 HTTP->HTTPS 重定向的方法之一是使用 nginx-ingress。 You can deploy it with official documentation .您可以使用官方文档进行部署。
This Ingress controller will create a service of type LoadBalancer which will be the entry point for your traffic.这个 Ingress controller 将创建一个 LoadBalancer 类型的服务,它将成为您的流量的入口点。 Ingress objects will respond on LoadBalancer IP. Ingress 对象将响应 LoadBalancer IP。 You can download the manifest from the installation part and modify it to support the static IP you have requested in GCP.您可以从安装部分下载清单并对其进行修改以支持您在 GCP 中请求的 static IP。
You will need to provide your own certificates or use tools like cert-manager to have HTTPS traffic as the annotation: networking.gke.io/managed-certificates will not work with nginx-ingress.您需要提供自己的证书或使用cert-manager等工具将 HTTPS 流量作为注释: networking.gke.io/managed-certificates不适with nginx-ingress.
Use this YAML definition and without any other annotations I was always redirected to the HTTPS:使用这个 YAML 定义并且没有任何其他注释我总是被重定向到 HTTPS:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: "nginx" # IMPORTANT
spec:
tls: # HTTPS PART
- secretName: ssl-certificate # SELF PROVIDED CERT NAME
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: hello-port
Refer to the stackpost for more information and there is also a Feature Request for it here有关更多信息,请参阅stackpost ,这里还有一个功能请求
解决方案2
0 2022-08-20 15:26:16
The following worked for me - I got my hints from https://github.com/hashicorp/terraform-provider-kubernetes/issues/1326#issuecomment-910374103以下对我有用 - 我从https://github.com/hashicorp/terraform-provider-kubernetes/issues/1326#issuecomment-910374103得到了我的提示
resource "kubernetes_manifest" "app-frontend-config" {
manifest = {
apiVersion = "networking.gke.io/v1beta1"
kind = "FrontendConfig"
metadata = {
name = "ingress-fc"
}
spec = {
redirectToHttps = {
enabled = true
}
}
}
}
resource "kubernetes_ingress_v1" "ingress" {
wait_for_load_balancer = true
metadata {
name = "ingress"
annotations = {
"networking.gke.io/v1beta1.FrontendConfig" = kubernetes_manifest.app-frontend-config.object.metadata.name
}
}
spec {
default_backend {
service {
name = kubernetes_service.frontend_service.metadata[0].name
port {
number = 80
}
}
}
rule {
http {
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api/*"
}
path {
backend {
service {
name = kubernetes_service.api_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api"
}
}
}
tls {
secret_name = "tls-secret"
}
}
depends_on = [kubernetes_secret_v1.tls-secret, kubernetes_service.frontend_service, kubernetes_service.api_service]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.