我正在寻找在AKS上使用应用网关作为入口控制器应用不同证书的任何工作示例。我有一个带有证书的密钥库,该证书在ApGw/Ingress中作为sitecomcert导入,这里是Ingress清单:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: site-agic-ig
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: sitecomcert
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/request-timeout: "180"
appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
spec:
rules:
- host: "site.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: site-svc
port:
number: 80
这里一切都很完美。现在,我在site2.com.的密钥库中有第二个证书,并且该证书已经在Ap-Gw中导入为site2comcert,并且我有一个容器,该容器应该为来自site2.com的指向Ap-Gw公共IP的请求提供服务。所以我要添加
- host: "site2.com" <--- How can I attach **site2comcert** cert?
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: site2-svc
port:
number: 80
但通过此设置,我在浏览器中收到"不受信任的连接"警告,因为使用了sitecomcert。如何配置ApGw/Ingress以允许对上面指定的site2.com主机使用site2comcert?
您可以有多个入口资源定义(为简洁起见,省略(:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: site-agic-ig
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: sitecomcert
spec:
rules:
- host: "site.com"
和
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: site-agic-ig-site2
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: site2comcert
spec:
rules:
- host: "site2.com"