Mic*_*ole 5 kubernetes google-kubernetes-engine
我使用KOPS和nginx-ingress在AWS上部署了Kubernetes.
为了评估多个云(并削减成本),我想部署在GKE上.一切都有效,除了Ingress's.(那是AWS上最难的部分).
下面是我在GKE上使用的Ingress.它在仪表板中生成两个Ingress,每个Ingress都有一个IP地址.
如果我将DNS指向这些地址,则拒绝连接.我用ping检查DNS结果.
所有HTTPS都无法连接"无法建立SSL连接.",除了"502 Bad Gateway"按钮
HTTP无法连接502,除了admin,即503.
在Google Cloud Platform信息中心中,我看到了两个负载均衡器."all"指向我的SSL证书."按钮"没有使用HTTPS,但这是另一个问题.
显然我错过了一些东西.我错过了什么?
我正在使用kubectl v1.4.6和GKE上的任何版本昨天都会安装.
```
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# this is for nginx ingress controler on AWS
# kubernetes.io/ingress.class: "nginx"
name: all-ingress
spec:
tls:
- hosts:
- admin-stage.example.com
- dashboard-stage.example.com
- expert-stage.example.com
- signal-stage.example.com
- stage.example.com
secretName: tls-secret
rules:
- host: admin-stage.example.com
http:
paths:
- backend:
serviceName: admin-service
servicePort: http-port
path: /
- host: dashboard-stage.example.com
http:
paths:
- backend:
serviceName: dashboard-service
servicePort: http-port
path: /
- host: expert-stage.example.com
http:
paths:
- backend:
serviceName: expert-service
servicePort: http-port
path: /
- host: signal-stage.example.com
http:
paths:
- backend:
serviceName: signal-service
servicePort: http-port
path: /
- host: stage.example.com
http:
paths:
- backend:
serviceName: www-service
servicePort: http-port
path: /
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# this is for nginx ingress controler on AWS
# kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
name: button-ingress
spec:
tls:
- hosts:
- button-stage.example.com
secretName: tls-secret
rules:
- host: button-stage.example.com
http:
paths:
- backend:
serviceName: button-service
servicePort: http-port
path: /
```
Prashanth的评论很有帮助,最后,Kubernetes中的本地云Ingress(AWS / GCE)不够完善,不足以对我有用。没有什么比抽象的东西更复杂,功能更差的抽象了。
我最终从以下答案中使用了nginx-ingress:AWS上的Kubernetes 1.4 SSL终止
在生成的Ingress上,您可以指向DNS(而不是服务上的“外部端点”)。祝好运!
| 归档时间: |
|
| 查看次数: |
1702 次 |
| 最近记录: |