stackoom
  简体   繁体   中英

External https on azure kubernetes managed service

 原文  2018-08-12 07:02:08       azure/ kubernetes

Question

I've managed to deploy a .netcore api to azure kubernetes managed service (ACS) and it's working as expected. The image is hosted in an azure container registry.

I'm now trying to get the service to be accessible via https. I'd like a very simple setup.

  • firstly, do I have to create an openssl cert or register with letencrypt? I'd ideally like to avoid having to manage ssl certs separately, but from documentation, it's not clear if this is required.

  • secondly, I've got a manifest file below. I can still access port 80 using this manifest. However, i am not able to access port 443. I don't see any errors, so it's not clear what the problem is. Any ideas?

thanks 

 apiVersion: apps/v1beta1 kind: Deployment metadata: name: someappservice-deployment annotations: service.beta.kubernetes.io/openstack-internal-load-balancer: "false" loadbalancer.openstack.org/floating-network-id: "9be23551-38e2-4d27-b5ea-ea2ea1321bd6" spec: replicas: 3 template: metadata: labels: app: someappservices spec: containers: - name: someappservices image: myimage.azurecr.io/someappservices ports: - containerPort: 80 - containerPort: 443 --- kind: Service apiVersion: v1 metadata: name: external-http-someappservice spec: selector: app: someappservices type: LoadBalancer ports: - name: http port: 80 protocol: TCP targetPort: 80 - name: https port: 443 protocol: TCP targetPort: 443

2 answers

solution1
 1 ACCPTED  2018-08-12 17:49:58

From what I understand, you will need something like an NGINX ingress controller to handle the SSL termination and will also need to manage certificates. Kubernetes cert-manager is a nice package that can help with the certs.

Here is a write up on how to do both in an AKS cluster:

Deploy an HTTPS enabled ingress controller on AKS

solution2
 0  2018-08-13 05:56:09

If I do not misunderstand that you want to access your service via https with simple steps. Yes, If you don't have particularly strict security requirements such as SSL certs, you can just expose the ports to load balancer and access your service from the Internet, it's simple to configure.

The yaml file you posted looks all right. You can check from the Kubernetes dashboard and Azure portal, and the screenshot like this:

在此处输入图片说明 在此处输入图片说明

You also can check with the command kubectl get svc and the screenshot will like this: 在此处输入图片说明

But if you have particularly strict security requirements, you need nginx ingress controller like the answer in this case . Actually, the https is a network security protocol, you need to configure nginx ingress controller indeed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Kubernetes - Internal LoadBalancer with Https Service? Azure kubernetes service loadbalancer external IP not accessible Security model of Azure Kubernetes Service ( AKS ) Managed Clusters Where managed cluster ends and our responsibilities begins in Azure Kubernetes service? Whitelisting Azure Kubernetes external IP in azure App Service Azure kubernetes - multiple managed identity? My external IP on Azure Kubernetes Service doesn't work Kubernetes: external service is not available from all minions on Azure cloud How to access Azure Key Vault (AKV) from Azure Kubernetes Service (AKS) using Managed Identities HTTPS with Azure Container Services and Kubernetes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM