![](/img/trans.png)
[英]How to enable http2/grpc on port 80 (i.e. without TLS) with nginx ingress?
[英]How do I enable grpc on port 443 in nginx without breaking http on port 80 in kubernetes?
我在 Kubernetes 1.19 上使用 Nginx(同时尝试 docker 桌面和 GKE)并试图公开 gRPC 服务。 我已经使用以下命令安装了 Nginx 并确认我可以在端口 80 上公开 REST 服务,并在端口 443 上通过正确配置公开 gRPC 服务。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
但是,在创建 gRPC 入口后,我无法再在端口 80 上访问标准 REST 服务。我遇到了 502,因为 nginx 试图将此 HTTP/1 流量推送到我的 gRPC 服务。 如果我做kubectl get ingress
,我可以看到入口在端口 80 和 443 上可用,而我只想要 443。这是入口(抱歉所有注释 - 尝试一下)。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: tfserving-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
如何使用不会将 http 流量重定向到我的 gRPC 服务的 TLS 为该域创建入口?
您可以尝试在同一主机上添加 multipke 入口,一个带有 tls,另一个没有 tls。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: gRPC-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: rest-http-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: http-rest-service
servicePort: 8080
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.