腾讯云TKE ingress http和https混合使用

我的环境需要服务http和https都支持访问,根据腾讯云的官方文档添加注解后无效:

https://cloud.tencent.com/document/product/457/45693

注解示例:

kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]'
    kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]'
    kubernetes.io/ingress.rule-mix: "true"
  name: sample-ingress
  namespace: default
spec:
  rules:
  - host: www.tencent.com
    http:
      paths:
      - backend:
          serviceName: sample-service
          servicePort: 80
        path: /
  tls:
  - secretName: tencent-com-cert

配置后经过测试无效,还是http自动跳转到https,通过查看nginx-ingress官方注解,需要添加 ssl-redirect: "false" in the NGINX ConfigMap. (全局生效)或者添加ingress注解:nginx.ingress.kubernetes.io/ssl-redirect: "false"

设置后仍然无效,还是继续跳转https,通过查看返回码发现,我这边通过http访问的适合,重定向码为307,官方注解说的是308,可能是这个原因,于是重写 http-redirect-code

编辑configmap,添加如下参数:

腾讯云TKE ingress http和https混合使用

 

再次测试,终于正常了

 

 总结:腾讯的tke集群的ingress如果要实现http和https混合使用,需要配置以下三个地方:
1.根据官方文档配置如下注解:

    kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]'
    kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]'
    kubernetes.io/ingress.rule-mix: "true"

2.configmap或者目标ingress关闭ssl_redirect

3.如果还是不行,需要修改configmap的http-redirect-code

 

上一篇:Unit11 虚拟机管理


下一篇:【OpenPCDet代码阅读日记】【test.py】