![](/img/trans.png)
[英]Kubernetes HTTP to HTTPS Redirect on AWS with ELB terminating SSL
[英]Creating a AWS ELB serving http and https with Kubernetes
我正在尝试通过类型为LoadBalancer的kubernetes服务创建一个AWS ELB,我无法弄清楚实现我需要的结果所需的注释组合。
这是我能得到的最接近的: 部署下面的yaml时生成的AWS ELB
使用此服务定义:
kind: Service
apiVersion: v1
metadata:
name: my_app
namespace: my_namespace
labels:
dns: route53
annotations:
domainName: my_app.my.domain.com
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:iam::accountId:server-certificate/CertificateName"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
spec:
type: LoadBalancer
selector:
app: my_app
version: my_version
ports:
- protocol: TCP
port: 80
targetPort: non_secure_port_name
name: http
- protocol: TCP
port: 443
targetPort: secure_port_name
name: https
问题是我需要https端口的实例协议也是https, 就像这样
通过手动编辑ELB,一切都像魅力一样,但我希望能够通过我的Kubernetes服务的.yaml配置在第二张图片中实现配置,因此我的服务无需手动调整即可按预期工作部署。
可能吗? 我错过了什么注释或特定配置?
以下是使用AWS证书终止ELB的TLS的咒语
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:foo
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
labels:
k8s-addon: ingress-nginx.addons.k8s.io
name: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: http
selector:
app: ingress-nginx
type: LoadBalancer
如果要强制使用SSL,可以使用ingress.kubernetes.io/ssl-redirect
注释在入口资源定义中执行ingress.kubernetes.io/ssl-redirect
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.