我的环境需要服务http和https都支持访问,根据腾讯云的官方文档添加注解后无效:
https://cloud.tencent.com/document/product/457/45693
注解示例:
kind: Ingress metadata: annotations: kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.rule-mix: "true" name: sample-ingress namespace: default spec: rules: - host: www.tencent.com http: paths: - backend: serviceName: sample-service servicePort: 80 path: / tls: - secretName: tencent-com-cert
配置后经过测试无效,还是http自动跳转到https,通过查看nginx-ingress官方注解,需要添加 ssl-redirect: "false"
in the NGINX ConfigMap. (全局生效)或者添加ingress注解:nginx.ingress.kubernetes.io/ssl-redirect: "false"
设置后仍然无效,还是继续跳转https,通过查看返回码发现,我这边通过http访问的适合,重定向码为307,官方注解说的是308,可能是这个原因,于是重写 http-redirect-code
编辑configmap,添加如下参数:
再次测试,终于正常了
总结:腾讯的tke集群的ingress如果要实现http和https混合使用,需要配置以下三个地方:
1.根据官方文档配置如下注解:
kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.rule-mix: "true"
2.configmap或者目标ingress关闭ssl_redirect
3.如果还是不行,需要修改configmap的http-redirect-code