Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
将SSL证书添加到入口控制器与将其添加到入口资源_Ssl_Kubernetes_Kubernetes Ingress_Nginx Ingress - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • 将SSL证书添加到入口控制器与将其添加到入口资源

将SSL证书添加到入口控制器与将其添加到入口资源

ssl kubernetes

将SSL证书添加到入口控制器与将其添加到入口资源,ssl,kubernetes,kubernetes-ingress,nginx-ingress,Ssl,Kubernetes,Kubernetes Ingress,Nginx Ingress,入口控制器部署.yml spec: containers: - args: - /nginx-ingress-controller - --default-backend-service=stratus/nginx-ingress-default-backend - --election-id=ingress-controller-leader - --ingress-class=nginx -

入口控制器部署.yml

    spec:
  containers:
    - args:
        - /nginx-ingress-controller
        - --default-backend-service=stratus/nginx-ingress-default-backend
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx
        - --configmap=ingress-controller-leader-nginx
        - --enable-ssl-passthrough
入口资源.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: 'REPOSITORY_NAME'
  namespace: service
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  tls:
    - hosts:
        - "xyz-development.com"
    - secretName: ingress-secret-tls
  rules:
    - host: "xyz-development.com" 
      http:
        paths:
        - path: /service/
          backend:
            serviceName: 'REPOSITORY_NAME'
            servicePort: 8080
该秘密包括一份签名证书,CN为xyz-development.com

端点:xyz-development.com/service/swagger-ui.html

如果我尝试使用上述配置访问端点,则会出现“您的连接不是私有的”错误

但是如果我将ingress controller deployment.yml修改为

    spec:
  containers:
    - args:
        - /nginx-ingress-controller
        - --default-backend-service=stratus/nginx-ingress-default-backend
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx
        - --configmap=stratus/ingress-controller-leader-nginx
        - --enable-ssl-passthrough
        - --default-ssl-certificate=service/ingress-secret-tls
然后,该网站是安全的,我的有效证书

  • 这是预期的行为吗
  • 即使在控制器中删除了默认ssl证书标志,也不应该使用ingress resource.yml中提到的机密吗
  • 如有其他建议或更好的实践,将不胜感激
    • 您的清单中有一个小的输入错误导致第一个选项失败;它应该而不是
    .spec.tls
    条目数组中的新元素:

    - secretName: ingress-secret-tls # wrong
  secretName: ingress-secret-tls # correct
    它是自签名证书吗?你的CA是什么?@KoopaKiller是我们集中团队的CA。好的,那么nginx容器有CA密钥来验证证书?