<ruby id="bdb3f"></ruby>

    <p id="bdb3f"><cite id="bdb3f"></cite></p>

      <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
        <p id="bdb3f"><cite id="bdb3f"></cite></p>

          <pre id="bdb3f"></pre>
          <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

          <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
          <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

          <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                <ruby id="bdb3f"></ruby>

                合規國際互聯網加速 OSASE為企業客戶提供高速穩定SD-WAN國際加速解決方案。 廣告
                [TOC] 互聯網越來越嚴格,很多網站都配置了https的協議了。這里聊一下ingress的tls安全路由,分為以下兩種方式: - 配置安全的路由服務 - 配置HTTPS雙向認證 ## 配置安全的路由服務 1. 生成一個證書文件tls.crt和一個私鑰文件tls.key ```shell $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.ecloud.com" ``` 2. 創建密鑰 ```shell $ kubectl create secret tls app-v1-tls --key tls.key --cert tls.crt ``` 3. 創建一個安全的Nginx Ingress服務 ```shell $ cat <<EOF | kubectl create -f - apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: app-v1-tls spec: ingressClassName: nginx tls: - hosts: - foo.ecloud.com secretName: app-v1-tls rules: - host: foo.ecloud.com http: paths: - path: / backend: serviceName: app-v1 servicePort: 80 EOF ``` 4. 查看ingress服務 ```shell $ kubectl describe ingress app-v1-tls Name: app-v1-tls Namespace: default Address: 192.168.31.103,192.168.31.79 Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>) TLS: app-v1-tls terminates foo.ecloud.com Rules: Host Path Backends ---- ---- -------- foo.ecloud.com / app-v1:80 (20.0.122.173:80,20.0.32.173:80,20.0.58.236:80) Annotations: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 66s (x2 over 85s) nginx-ingress-controller Scheduled for sync Normal Sync 66s (x2 over 85s) nginx-ingress-controller Scheduled for sync ``` 5. 驗證 ```shell $ curl -Lk -H "Host: foo.ecloud.com" 192.168.31.79 <b>version: v1</b>, <br>IP: 20.0.58.236 , <br>hostname: app-v1-68db595855-bv958 $ curl -k -H "Host: foo.ecloud.com" https://192.168.31.79 <b>version: v1</b>, <br>IP: 20.0.122.173 , <br>hostname: app-v1-68db595855-xkc9j ``` > 訪問 ingress-nginx-controller 的IP地址的 `80` 端口,會自動調轉到 `443` 端口 > -H 是設置該IP的域名是 `foo.ecloud.com` > -L 是自動調轉,-k 跳過證書認證 ## 配置HTTPS雙向認證 > ingress-nginx 默認使用 `TLSv1.2 TLSv1.3` 版本。參考文章 https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#ssl-protocols
                  <ruby id="bdb3f"></ruby>

                  <p id="bdb3f"><cite id="bdb3f"></cite></p>

                    <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
                      <p id="bdb3f"><cite id="bdb3f"></cite></p>

                        <pre id="bdb3f"></pre>
                        <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

                        <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
                        <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

                        <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                              <ruby id="bdb3f"></ruby>

                              哎呀哎呀视频在线观看