我正在尝试部署一个Docker容器,该容器公开了一个简单的Docker服务器,它是Google容器引擎(Kubernetes)中httpbin.org服务的克隆 .
这是我正在使用的服务定义:
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 3000
protocol: TCP
name: http
selector:
app: httpbin
入口定义为:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: httpbin-tls
annotations:
kubernetes.io/ingress.global-static-ip-name: "http-bin-static-ip"
spec:
tls:
- secretName: positive-ssl
backend:
serviceName: httpbin
servicePort: 80
在Services / Ingress仪表板中,我可以看到两个IP,一个直接绑定到服务(临时)和绑定到Ingress的静态IP . 直接在端口80上调用它们就像一个魅力 .
完成之后,我为静态IP创建了A记录,并确保GKE仪表板中的Load Balancer正常:
HTTPS endpoints 应该根据我检查的很多教程和手册工作,但事实并非如此!每次调用HTTPS都会被重定向(301)到HTTP端口 .
curl -v的输出:
* Rebuilt URL to: https://httpbin-1.mydomain.com/
* Trying XXX.XX.XX.XX...
* TCP_NODELAY set
* Connected to httpbin-1.mydomain.com (XXX.XX.XX.XX) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate: mydomain.com
* Server certificate: COMODO ECC Domain Validation Secure Server CA 2
* Server certificate: COMODO ECC Certification Authority
> GET / HTTP/1.1
> Host: httpbin-1.mydomain.com
> User-Agent: curl/7.51.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Fri, 03 Mar 2017 18:01:23 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Fri, 03 Mar 2017 19:01:23 GMT
< Location: http://httpbin-1.mydomain.com/
<
* Curl_http_done: called premature == 0
* Connection #0 to host httpbin-1.mydomain.com left intact
我没有创建任何类型的自动重定向,严格遵循官方手册(来自Kubernetes和GKE),但我无法超越这个 . 甚至试图从头开始重新创建整个堆栈,一个新的集群,新的负载 balancer 器,但得到了相同的结果 .
我错过了什么? TKS!
1 回答
AFAIK GLB无法为您正确转发 . 在入口之后,您必须在服务中使用Web服务器来解决该方案 .
您当前的行为似乎是由
annotations: kubernetes.io/ingress.global-static-ip-name: "http-bin-static-ip"从您的入口删除该部分,您应该看到您的https会话在您的入口处被终止 .