将SSL证书添加到入口控制器与将其添加到入口资源
入口控制器部署.yml将SSL证书添加到入口控制器与将其添加到入口资源,ssl,kubernetes,kubernetes-ingress,nginx-ingress,Ssl,Kubernetes,Kubernetes Ingress,Nginx Ingress,入口控制器部署.yml spec: containers: - args: - /nginx-ingress-controller - --default-backend-service=stratus/nginx-ingress-default-backend - --election-id=ingress-controller-leader - --ingress-class=nginx -
spec:
containers:
- args:
- /nginx-ingress-controller
- --default-backend-service=stratus/nginx-ingress-default-backend
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=ingress-controller-leader-nginx
- --enable-ssl-passthrough
入口资源.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: 'REPOSITORY_NAME'
namespace: service
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- "xyz-development.com"
- secretName: ingress-secret-tls
rules:
- host: "xyz-development.com"
http:
paths:
- path: /service/
backend:
serviceName: 'REPOSITORY_NAME'
servicePort: 8080
该秘密包括一份签名证书,CN为xyz-development.com
端点:xyz-development.com/service/swagger-ui.html
如果我尝试使用上述配置访问端点,则会出现“您的连接不是私有的”错误
但是如果我将ingress controller deployment.yml修改为
spec:
containers:
- args:
- /nginx-ingress-controller
- --default-backend-service=stratus/nginx-ingress-default-backend
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=stratus/ingress-controller-leader-nginx
- --enable-ssl-passthrough
- --default-ssl-certificate=service/ingress-secret-tls
然后,该网站是安全的,我的有效证书
您的清单中有一个小的输入错误导致第一个选项失败;它应该而不是
.spec.tls
条目数组中的新元素:
- secretName: ingress-secret-tls # wrong
secretName: ingress-secret-tls # correct
它是自签名证书吗?你的CA是什么?@KoopaKiller是我们集中团队的CA。好的,那么nginx容器有CA密钥来验证证书?