腾讯云TKE ingress http和https混合使用

Posted slim_liu

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了腾讯云TKE ingress http和https混合使用相关的知识,希望对你有一定的参考价值。

我的环境需要服务http和https都支持访问,根据腾讯云的官方文档添加注解后无效:

https://cloud.tencent.com/document/product/457/45693

注解示例:

kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.http-rules: \'[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]\'
    kubernetes.io/ingress.https-rules: \'[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]\'
    kubernetes.io/ingress.rule-mix: "true"
  name: sample-ingress
  namespace: default
spec:
  rules:
  - host: www.tencent.com
    http:
      paths:
      - backend:
          serviceName: sample-service
          servicePort: 80
        path: /
  tls:
  - secretName: tencent-com-cert

配置后经过测试无效,还是http自动跳转到https,通过查看nginx-ingress官方注解,需要添加 ssl-redirect: "false" in the NGINX ConfigMap. (全局生效)或者添加ingress注解:nginx.ingress.kubernetes.io/ssl-redirect: "false"

设置后仍然无效,还是继续跳转https,通过查看返回码发现,我这边通过http访问的适合,重定向码为307,官方注解说的是308,可能是这个原因,于是重写 http-redirect-code

编辑configmap,添加如下参数:

 

再次测试,终于正常了

 

 总结:腾讯的tke集群的ingress如果要实现http和https混合使用,需要配置以下三个地方:
1.根据官方文档配置如下注解:

    kubernetes.io/ingress.http-rules: \'[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]\'
    kubernetes.io/ingress.https-rules: \'[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]\'
    kubernetes.io/ingress.rule-mix: "true"

2.configmap或者目标ingress关闭ssl_redirect

3.如果还是不行,需要修改configmap的http-redirect-code

 

以上是关于腾讯云TKE ingress http和https混合使用的主要内容,如果未能解决你的问题,请参考以下文章

腾讯云容器服务 TKE 推出新一代零损耗容器网络

避坑指南!如何在TKE上安装KubeSphere?

避坑指南!如何在TKE上安装KubeSphere?

腾讯云tke容器服务调整kubelet工作目录

K8s 终将废弃 docker,TKE 早已支持 containerd

腾讯云开发工程师TCA题库(题目含详细解析)