[英]How to enable http2/grpc on port 80 (i.e. without TLS) with nginx ingress?
[英]How do I enable grpc on port 443 in nginx without breaking http on port 80 in kubernetes?
我在 Kubernetes 1.19 上使用 Nginx(同時嘗試 docker 桌面和 GKE)並試圖公開 gRPC 服務。 我已經使用以下命令安裝了 Nginx 並確認我可以在端口 80 上公開 REST 服務,並在端口 443 上通過正確配置公開 gRPC 服務。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
但是,在創建 gRPC 入口后,我無法再在端口 80 上訪問標准 REST 服務。我遇到了 502,因為 nginx 試圖將此 HTTP/1 流量推送到我的 gRPC 服務。 如果我做kubectl get ingress
,我可以看到入口在端口 80 和 443 上可用,而我只想要 443。這是入口(抱歉所有注釋 - 嘗試一下)。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: tfserving-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
如何使用不會將 http 流量重定向到我的 gRPC 服務的 TLS 為該域創建入口?
您可以嘗試在同一主機上添加 multipke 入口,一個帶有 tls,另一個沒有 tls。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "false"
nginx.ingress.kubernetes.io/auth-tls-secret: default/localhost
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: tfserving-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: gRPC-service
servicePort: 8500
tls:
- secretName: localhost
hosts:
- localhost
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
allowed-values: CN=client
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: 64ms
name: rest-http-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: http-rest-service
servicePort: 8080
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.