如何通过L7负载均衡器为HTTPS服务?
如何通过L7负载均衡器为HTTPS服务?
提问于 2016-04-20 15:56:44
如何配置(GKE) L7负载均衡器以服务HTTPS?
我已经让HTTP发挥了作用,但是当我按照描述的在指南中配置TLS时,它不会响应HTTPS请求。具体来说,spec.tls部分应该确保负载均衡器使用HTTPS。
入口规格
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: l7-ingress
spec:
tls:
- secretName: web-secret
backend:
serviceName: web
servicePort: 8080Kubernetes下的入口描述
✗ kubectl describe ing
Name: l7-ingress
Namespace: default
Address: 130.211.11.24
Default backend: web:8080 (10.32.2.5:8080)
TLS:
web-secret terminates
Rules:
Host Path Backends
---- ---- --------
Annotations:
target-proxy: k8s-tp-default-l7-ingress
url-map: k8s-um-default-l7-ingress
backends: {"k8s-be-32051":"HEALTHY"}
forwarding-rule: k8s-fw-default-l7-ingress
No events.L7控制器日志
✗ kubectl logs --namespace=kube-system l7-lb-controller-v0.6.0-fbj20 -c l7-lb-controller
I0420 13:46:15.089090 1 main.go:159] Starting GLBC image: glbc:0.6.0
I0420 13:46:16.149998 1 gce.go:245] Using existing Token Source &oauth2.reuseTokenSource{new:google.computeSource{account:""}, mu:sync.Mutex{state:0, sema:0x0}, t:(*oauth2.Token)(nil)}
I0420 13:46:16.150399 1 controller.go:190] Starting loadbalancer controller
I0420 14:37:02.033271 1 event.go:211] Event(api.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"l7-ingress", UID:"585651e5-0705-11e6-88d0-42010af0005e", APIVersion:"extensions", ResourceVersion:"2367", FieldPath:""}): type: 'Normal' reason: 'ADD' default/l7-ingress
I0420 14:37:02.227796 1 instances.go:56] Creating instance group k8s-ig
I0420 14:37:06.166686 1 gce.go:1654] Adding port 32051 to instance group k8s-ig with 0 ports
I0420 14:37:06.834215 1 backends.go:116] Creating backend for instance group k8s-ig port 32051 named port &{port32051 32051 []}
I0420 14:37:07.036501 1 healthchecks.go:49] Creating health check k8s-be-32051
I0420 14:37:16.305240 1 gce.go:1654] Adding port 30007 to instance group k8s-ig with 1 ports
I0420 14:37:16.911701 1 backends.go:116] Creating backend for instance group k8s-ig port 30007 named port &{port30007 30007 []}
I0420 14:37:17.108589 1 healthchecks.go:49] Creating health check k8s-be-30007
I0420 14:37:25.213110 1 loadbalancers.go:128] Creating l7 default-l7-ingress
I0420 14:37:26.038349 1 loadbalancers.go:288] Creating url map k8s-um-default-l7-ingress for backend k8s-be-30007
I0420 14:37:30.305857 1 loadbalancers.go:304] Creating new http proxy for urlmap k8s-um-default-l7-ingress
I0420 14:37:34.643141 1 loadbalancers.go:397] Creating forwarding rule for proxy [k8s-tp-default-l7-ingress] and ip :80-80
I0420 14:37:43.301563 1 controller.go:325] Updating loadbalancer default/l7-ingress with IP 130.211.11.24
I0420 14:37:43.329469 1 event.go:211] Event(api.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"l7-ingress", UID:"585651e5-0705-11e6-88d0-42010af0005e", APIVersion:"extensions", ResourceVersion:"2367", FieldPath:""}): type: 'Normal' reason: 'CREATE' ip: 130.211.11.24回答 2
Stack Overflow用户
回答已采纳
发布于 2016-04-20 17:56:54
由于Kubernetes中可能存在错误,必须首先删除入口,然后重新创建它(而不是像我一样执行kubectl replace ):
kubectl delete -f ingress.yaml
kubectl create -f ingress.yamlStack Overflow用户
发布于 2016-04-20 17:39:48
这应该可以运行http://blog.kubernetes.io/2016/03/Kubernetes-1.2-and-simplifying-advanced-networking-with-Ingress.html,在入口上运行kubectl描述应该显示已经创建了什么,入口控制器上的kubectl日志应该显示它在做什么(控制器在kubectl命名空间中运行)。您需要静态ips的配额,因为当您指定一个秘密时,您将被分配一个配额。
由于有许多不同的故障模式,请回答这个问题,我可以帮助调试。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/36749186
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号