[英]How do I enable grpc on port 443 in nginx without breaking http on port 80 in kubernetes?
我在 Kubernetes 1.19 上使用 Nginx(同時嘗試 docker 桌面和 GKE)並試圖公開 gRPC 服務。 我已經使用以下命令安裝了 Nginx 並確認我可以在端口 80 上公開 REST 服務,並在端口 443 上通過正確配置公開 gRPC 服務。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
但是,在創建 gRPC 入口后,我無法再在端口 80 上訪問標准 REST 服務。我遇到了 502,因為 nginx 試圖將此 HTTP/1 流量推送到我的 gRPC 服務。 如果我做kubectl get ingress ,我可以看到入口在端口 80 和 443 上可用,而我只想要 443。這是入口(抱歉所有注釋 - 嘗試一下)。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: tfserving-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
如何使用不會將 http 流量重定向到我的 gRPC 服務的 TLS 為該域創建入口?
您可以嘗試在同一主機上添加 multipke 入口,一個帶有 tls,另一個沒有 tls。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: gRPC-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: rest-http-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: http-rest-service
servicePort: 8080
如何使用 nginx 入口在端口 80(即沒有 TLS)上啟用 http2/grpc?
[英]How to enable http2/grpc on port 80 (i.e. without TLS) with nginx ingress?
我如何配置入口和Nginx入口控制器以使用相同的主機和路徑將HTTP流量發送到端口80並將https流量發送到443端口
[英]How can i configure ingress and nginx ingress controller to send http traffic to port 80 and https traffic to 443 port, with the same host and path
如何在端口80/443的公共節點IP上公開kubernetes nginx-ingress服務?
[英]How to expose kubernetes nginx-ingress service on public node IP at port 80 / 443?
在端口8000和443上將nginx配置為反向代理,以便在8000上運行的webapp。如何禁用與端口8000的連接?
[英]Configured nginx as reverse proxy on ports 80 and 443 for webapp running on 8000. How do I disable connections to port 8000?
如何在端口443和80的Docker群中創建Nginx服務
[英]How to create an nginx service in a docker swarm at port 443 and 80
是否可以在沒有 ssl 的情況下在 NGINX 端口 443 上運行 HTTP/2?
[英]Is it possible to run HTTP/2 on NGINX port 443 without ssl?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.