我希望你能帮助我,我有以下问题与istio我想接收HTTPS请求,但我得到错误"curl:(52)从服务器"空响应,但是HTTP请求工作正常,我附上我的清单。
已经生成了一个证书,并且使用。crt和。key文件创建了一个秘密
我不知道我还需要什么,所以https请求可以工作
Istio版本:1.8.2
Kubectl version client:1.20.2
HTTP响应&HTTPS
CURL -Iv for HTTPS
Gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: eks-gateway
namespace: development
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- mysite.domine.com
tls:
httpsRedirect: false
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- mysite.domine.com
tls:
mode: SIMPLE
credentialName: mysite-secret
VirtualService.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: eks-virtualservice
namespace: development
spec:
hosts:
- mysite.domine.com
gateways:
- eks-gateway
http:
- match:
- uri:
prefix: /WeatherForecast
route:
- destination:
host: eks-service
port:
number: 80
tls:
- match:
- port: 443
sniHosts:
- mysite.domine.com
route:
- destination:
host: eks-service
port:
number: 80
DestinationRule.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: eks-destinationrule
namespace: development
spec:
host: eks-service
trafficPolicy:
loadBalancer:
simple: LEAST_CONN
Service.yaml
apiVersion: v1
kind: Service
metadata:
name: eks-service
namespace: development
labels:
app: eks-app
spec:
type: ClusterIP
ports:
- port: 80
targetPort: container-port
protocol: TCP
name: http-sv
- port: 443
targetPort: container-port
protocol: TCP
name: https-sv
selector:
app: eks-app
Deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
creationTimestamp: "2021-02-12T07:40:55Z"
generation: 1
labels:
app: eks-app
app.kubernetes.io/version: v1
draft: draft-app
spec:
progressDeadlineSeconds: 600
replicas: 4
revisionHistoryLimit: 0
selector:
matchLabels:
app: eks-app
version: v1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
buildID: ""
creationTimestamp: null
labels:
app: eks-app
draft: draft-app
version: v1
spec:
containers:
- image: XXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/DockerRepo:v1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: container-port
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: eks-app
ports:
- containerPort: 80
name: container-port
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readiness
port: container-port
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
status:
availableReplicas: 4
observedGeneration: 1
readyReplicas: 4
replicas: 4
updatedReplicas: 4
我认为这是一个类似于这些问题的问题:网关和虚拟服务的定义不匹配:网关终止TLS,但虚拟服务被定义为接收TLS流量。
尝试删除虚拟服务中的TLS部分。
使用Istio时如何正确使用HTTPS保护应用程序?
Kubernetes Istio暴露不能与Virtualservice和Gateway一起工作
显然istio和weeks之间有问题,所以我决定安装一个控制器使其正常工作。