我在牧场主中定义了外部服务和允许我使用以下工具访问我的服务的入口规则:http://test.mycluster.ml
我要进行哪些更改才能使https://test.mycluster.ml做相同的事情?
现在我有这个:
apiVersion: v1
kind: Service
metadata:
name: test
namespace: default
spec:
externalName: main.mycluster.ml
ports:
- port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: ExternalName
以及类似这样的入口规则:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/upstream-vhost: main.mycluster.ml
name: test
namespace: default
spec:
rules:
- host: test.mycluster.ml
http:
paths:
- backend:
serviceName: test
servicePort: 80
如何做?
我曾尝试将服务更改为端口443和目标80,将入口更改为443,但未成功
apiVersion: v1
kind: Service
metadata:
name: test
namespace: default
spec:
externalName: main.mycluster.ml
ports:
- port: 443
protocol: TCP
targetPort: 80
sessionAffinity: None
type: ExternalName
以及类似这样的入口规则:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/upstream-vhost: main.mycluster.ml
name: test
namespace: default
spec:
rules:
- host: test.mycluster.ml
http:
paths:
- backend:
serviceName: test
servicePort: 443
目前,您的入口服务器在端口80上收到未加密的请求,并将其转发到服务的端口80。
因此,如果您想切换到加密的443 TCP端口(又名https):
test.mycluster.ml
设置证书test.mycluster.ml
设置证书您不能简单地通过将端口从80更改为443来转换您的入口。
首先,您必须安装NGINX Ingress控制器,然后使用Let's Encrypt证书和cert-manager配置TLS。您可以查看有关如何实施此解决方案的更详细步骤的这些文档:
Secure Kubernetes Services with Ingress, TLS and Let's Encrypt
Deploying Nginx Ingress and a Cert-Manager Controller on GKE using Helm 3