小贝子编程

https for eks loadbalancer



我想保护在Kubernetes(EKS(上运行的Web应用程序。我有一个前端服务。前面服务在端口80上运行。我想在端口443上运行此服务。当我kubectl获取全部时。我看到我的负载平衡器在端口443上运行,但我无法在浏览器中打开。

---
apiVersion: v1
kind: Service
metadata:
  name: hello-kubernetes
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:1234567890:certificate/12345c409-ec32-41a8-8542-712345678
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
spec:
  type: LoadBalancer
  ports:
  - port: 443
    targetPort: 80
    protocol: TCP
  selector:
    app: hello-kubernetes
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-kubernetes
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello-kubernetes
  template:
    metadata:
      labels:
        app: hello-kubernetes
    spec:
      containers:
      - name: hello-kubernetes
        image: 123456789.dkr.ecr.us-west-2.amazonaws.com/demoui:demo123
        ports:
        - containerPort: 80
        env:
        - name: MESSAGE
          value: Hello Kubernetes!
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hello-ingress
  annotations:
    kubernetes.io/ingress.class: "alb"
    alb.ingress.kubernetes.io/healthcheck-path: "/"
    alb.ingress.kubernetes.io/success-codes: "200,404"
    alb.ingress.kubernetes.io/scheme: "internet-facing"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80} , {"HTTPS": 443}]'
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: hello-kubernetes
          servicePort: 80

aws alb Ingress控制器旨在在Ingress YAML配置文件中在AWS级别创建应用程序负载平衡器和相关资源。实际上,从入口YAML定义文件中,ALB Ingress控制器对负载平衡器的配置解析,然后将目标组应用于每个kubernetes服务,并使用指定的实例,并且在特定节点上暴露了nodeports。根据官方AWS ALB Ingress Controller Workflow文档,在最高级别的听众在负载平衡器中公开连接端口,并根据定义的路由规则做出决定。

在简短的理论之旅之后,我对您当前的配置有一些担忧:

  1. 首先,我建议检查AWS ABS Ingress Controller
    设置并检查相关日志:

kubectl logs -n kube-system $(kubectl get po -n kube-system | egrep -o "alb-ingress[a-zA-Z0-9-]+")

然后验证是否已在AWS控制台内成功生成负载平衡器。

  1. 检查目标组特定ALB,以确保是否是否K8S实例的健康检查都很好。

  2. 确保,是否安全组为您的实例包含适当的防火墙规则,以便允许Alb上的入站和出站网络流量。

我鼓励您熟悉有关http的专门章节,以在官方AWS ALB Ingress Controller文档中进行HTTPS重定向。

这是我在https上运行的群集。

在我的入口/负载平衡器中:

service.beta.kubernetes.io/aws-load-balancer-ssl-cert: CERT
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    # ports using the ssl certificate
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    # which protocol a Pod speaks

在我的入口控制器中,nginx配置的configmap:

    app.kubernetes.io/force-ssl-redirect: "true"

希望这对您有用。

alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'

https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium