问题描述
我有三个装有HTTPS服务器的Pod.我以前是通过NodePort服务来访问它们的.现在,我部署了一个Nginx Ingress,将它们全部集成在一个IP中.我注意到Nginx Ingress无法与Pod中的HTTPS服务器连接,但是如果我将其更改为HTTP,它可以完美连接.
I have three pods with HTTPS servers inside. I used to acces them via NodePort services. Now I deployed a Nginx Ingress to have them all in one IP. I have noticed that the Nginx Ingress can't connect with an HTTPS server in a pod, but it connects perfectly if I change it to HTTP.
如何使Ingress与Pod中的HTTPS服务器连接?
How can I make the Ingress connect with HTTPS servers in pods?
我尝试配置一个tls机密,并将其添加到Ingress:
I have tried to configure a tls secret, and add it to the Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: k8s-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-ssl-secret: cert
spec:
rules:
- http:
paths:
- path: /api-rest
backend:
serviceName: api-rest
servicePort: 8080
- path: /auth
backend:
serviceName: auth-entry
servicePort: 8080
它没有用.我仍然有503服务暂时不可用
It didn't work. I still got an 503 Service Temporarily Unavailable
我已经阅读了有关SSL Passthrough的信息,但我也无法使其正常工作.
I have read about SSL Passthrough but I can't make it work either.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: k8s-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- http:
paths:
- path: /api-rest
backend:
serviceName: api-rest
servicePort: 8080
- path: /auth
backend:
serviceName: auth-entry
servicePort: 8080
还是503.
推荐答案
从文档在这里,您需要添加此批注
From the docs here you need to add this annotation
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
使用后端协议注释可以指示NGINX应如何与后端服务通信.(替换旧版本中的安全后端)有效值:HTTP,HTTPS,GRPC,GRPCS和AJP
Using backend-protocol annotations is possible to indicate how NGINX should communicate with the backend service. (Replaces secure-backends in older versions) Valid Values: HTTP, HTTPS, GRPC, GRPCS and AJP
默认情况下,NGINX使用HTTP
By default NGINX uses HTTP
这篇关于Kubernetes Nginx Ingress可以连接到https吊舱吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!