Google 容器引擎中的 Kubernetes HTTPS 入口
Kubernetes HTTPS Ingress in Google Container Engine
我想在 Google 容器引擎中通过 仅 HTTPS 负载平衡器公开 HTTP 服务 运行。
如何在我想要的入口对象中定义 HTTPS 只有负载均衡器而不是默认的 HTTP?
或者有没有办法从创建的负载均衡器中永久删除 HTTP 协议?当我添加 HTTPS 协议然后删除 HTTP 协议时,平台会在几分钟后重新创建 HTTP。
入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
spec:
backend:
serviceName: myapp-service
servicePort: 8080
为了仅公开 HTTPs 服务,您可以按照此 link 中所述阻止端口 80 上的流量:
You can block traffic on :80 through an annotation. You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
# This assumes tls-secret exists.
# To generate it run the make in this directory.
- secretName: tls-secret
backend:
serviceName: echoheaders-https
servicePort: 80
我想在 Google 容器引擎中通过 仅 HTTPS 负载平衡器公开 HTTP 服务 运行。
如何在我想要的入口对象中定义 HTTPS 只有负载均衡器而不是默认的 HTTP?
或者有没有办法从创建的负载均衡器中永久删除 HTTP 协议?当我添加 HTTPS 协议然后删除 HTTP 协议时,平台会在几分钟后重新创建 HTTP。
入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
spec:
backend:
serviceName: myapp-service
servicePort: 8080
为了仅公开 HTTPs 服务,您可以按照此 link 中所述阻止端口 80 上的流量:
You can block traffic on :80 through an annotation. You might want to do this if all your clients are only going to hit the loadbalancer through https and you don't want to waste the extra GCE forwarding rule, eg:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
annotations:
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
# This assumes tls-secret exists.
# To generate it run the make in this directory.
- secretName: tls-secret
backend:
serviceName: echoheaders-https
servicePort: 80