ope*_*per 6 amazon-web-services kubernetes kubernetes-ingress
我正在尝试将所有HTTP流量路由到HTTPS. 我有一个 ALB 入口资源,并遵循此处的指南https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/#how-it-works 但它不起作用。当我尝试访问http://www.myhost.in 时,它停留在 http 但不重定向到https
下面是我的入口资源文件
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-learning-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: eks-learning-ingress
spec:
rules:
- host: www.myhost.in
http:
paths:
- path: /*
backend:
serviceName: eks-learning-service
servicePort: 80
在这方面的任何帮助都会非常好,谢谢。
小智 24
AWS ALB Ingress 控制器现在添加了新注释,可以轻松将 HTTP 请求重定向到 HTTPS。可用于apiVersion: networking.k8s.io/v1
这个名为 as 的新注释在ALB Controller v2.4ssl-redirect中可用
所以你的问题可以通过以下两个注释来解决。
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
无需提及任何入口规则。
完整的例子-
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp
namespace: myapp
labels:
name: myapp
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: my-alb-group #Use this to share ALB among multiple ingresses. #CostEffective
alb.ingress.kubernetes.io/load-balancer-name: my-alb # give ALB a meaningfull name otherwise a random name is assigned by AWS.
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-west-1:XXXX:certificate/YYYY" # Get it by $ aws acm list-certificates
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
spec:
ingressClassName: alb
rules:
- host: app.example.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: 80
sur*_*ren 13
如果其他人正在使用较新的 API 版本设置集群;apiVersion: networking.k8s.io/v1,如果语法不同,则采用以下方法:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
注意: path不得包含通配符,因为您使用的通配符pathType: Prefix将无法配置 ALB。
对于任何在这篇文章上绊倒的人。我错过了将它添加为我的 http 路径。请记住,这需要是第一个指定的路径。
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
一旦我添加了这个重定向就开始工作了。
所以有问题的最终配置应该是这样的:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-learning-ingress
namespace: production
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn878ef678df
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
labels:
app: eks-learning-ingress
spec:
rules:
- host: www.myhost.in
http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: eks-learning-service
servicePort: 80
| 归档时间: |
|
| 查看次数: |
3719 次 |
| 最近记录: |