[英]How do I enable grpc on port 443 in nginx without breaking http on port 80 in kubernetes?
我在 Kubernetes 1.19 上使用 Nginx(同时尝试 docker 桌面和 GKE)并试图公开 gRPC 服务。 我已经使用以下命令安装了 Nginx 并确认我可以在端口 80 上公开 REST 服务,并在端口 443 上通过正确配置公开 gRPC 服务。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
但是,在创建 gRPC 入口后,我无法再在端口 80 上访问标准 REST 服务。我遇到了 502,因为 nginx 试图将此 HTTP/1 流量推送到我的 gRPC 服务。 如果我做kubectl get ingress ,我可以看到入口在端口 80 和 443 上可用,而我只想要 443。这是入口(抱歉所有注释 - 尝试一下)。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: tfserving-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
如何使用不会将 http 流量重定向到我的 gRPC 服务的 TLS 为该域创建入口?
您可以尝试在同一主机上添加 multipke 入口,一个带有 tls,另一个没有 tls。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: gRPC-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: rest-http-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: http-rest-service
servicePort: 8080
如何使用 nginx 入口在端口 80(即没有 TLS)上启用 http2/grpc?
[英]How to enable http2/grpc on port 80 (i.e. without TLS) with nginx ingress?
我如何配置入口和Nginx入口控制器以使用相同的主机和路径将HTTP流量发送到端口80并将https流量发送到443端口
[英]How can i configure ingress and nginx ingress controller to send http traffic to port 80 and https traffic to 443 port, with the same host and path
如何在端口80/443的公共节点IP上公开kubernetes nginx-ingress服务?
[英]How to expose kubernetes nginx-ingress service on public node IP at port 80 / 443?
在端口8000和443上将nginx配置为反向代理,以便在8000上运行的webapp。如何禁用与端口8000的连接?
[英]Configured nginx as reverse proxy on ports 80 and 443 for webapp running on 8000. How do I disable connections to port 8000?
如何在端口443和80的Docker群中创建Nginx服务
[英]How to create an nginx service in a docker swarm at port 443 and 80
是否可以在没有 ssl 的情况下在 NGINX 端口 443 上运行 HTTP/2?
[英]Is it possible to run HTTP/2 on NGINX port 443 without ssl?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.