stackoom
  简体   繁体   中英

What is the quickest way to expose a LoadBalancer service over HTTPS?

 原文  2021-11-20 21:43:24       ssl/ kubernetes/ https/ google-kubernetes-engine

Question

I have a simple web server running in a single pod on GKE. I has also exposed it using a load balancer service. What is the easiest way to make this pod accessible over HTTPS?

gcloud container clusters list
NAME              LOCATION       MASTER_VERSION    MASTER_IP     MACHINE_TYPE  NODE_VERSION      NUM_NODES  STATUS
personal.....  us-central1-a  1.19.14-gke.1900  34.69.....  e2-medium     1.19.14-gke.1900  1          RUNNING
kubectl get service
NAME           TYPE           CLUSTER-IP   EXTERNAL-IP      PORT(S)        AGE
kubernetes     ClusterIP      10.....    <none>           443/TCP        437d
my-service     LoadBalancer   10.....    34.71......      80:30066/TCP   12d

kubectl get pods
NAME                           READY   STATUS    RESTARTS   AGE
nodeweb-server-9pmxc       1/1     Running   0          2d15h

EDIT: I also have a domain name registered if it's easier to use that instead of https://34.71....

1 answers

solution1
 0  2021-11-21 02:14:48

First, your cluster should have Config Connector installed and function properly.

Start by delete your existing load balancer service kubectl delete service my-service

Create a static IP.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
  name: <name your IP>
spec:
  location: global

Retrieve the created IP kubectl get computeaddress <the named IP> -o jsonpath='{.spec.address}'

Create an DNS "A" record that map your registered domain with the created IP address. Check with nslookup <your registered domain name> to ensure the correct IP is returned.

Update your load balancer service spec by insert the following line after type: LoadBalancer : loadBalancerIP: "<the created IP address>"

Re-create the service and check kubectl get service my-service has the EXTERNAL-IP set correctly.

Create ManagedCertificate .

apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: <name your cert>
spec:
  domains:
  - <your registered domain name>

Then create the Ingress.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: <name your ingress>
  annotations:
    networking.gke.io/managed-certificates: <the named certificate>
spec:
  rules:
  - host: <your registered domain name>
    http:
      paths:
      - pathType: ImplementationSpecific
        backend:
          service:
            name: my-service
            port:
              number: 80

Check with kubectl describe ingress <named ingress> , see the rules and annotations section.

NOTE: It can take up to 15mins for the load balancer to be fully ready. Test with curl https://<your registered domain name> .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Kubernetes | Expose HTTPS service HTTPS over intranet, what is the correct way of doing it What kind of script/app to build for REST service over HTTPS Selfhosting a WCF service over Https Exposing RESTful WCF service over HTTPS Enabling HTTPS over a WCF Service on IIS Github webhook over https: “Service timeout” WCF Service over HTTPS giving errors Kuberntes SSL for Service of Type LoadBalancer Find out what resources are not going over HTTPS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM