在我的本地群集中尝试将入口http请求重定向到https。以下规则http - > https重定向正在工作,但没有替换https端口号。
入口服务端口(80:30912,443:30004)
kg svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx NodePort 10.110.221.155 <none> 80:30912/TCP,443:30004/TCP 7d
入口规则。
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/ssl-redirect: "true"
name: httpbin-web-server
namespace: default
spec:
tls:
- hosts:
- httpbin.sfgroups.com
secretName: tls-secret
rules:
- host: httpbin.sfgroups.com
http:
paths:
- path: "/"
backend:
serviceName: httpbin
servicePort: 8000
重定向输出:
curl --resolve httpbin.sfgroups.com:30912:192.168.16.211 http://httpbin.sfgroups.com:30912/ -o /dev/null -v -L
* Added httpbin.sfgroups.com:30912:192.168.16.211 to DNS cache
* About to connect() to httpbin.sfgroups.com port 30912 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: httpbin.sfgroups.com:30912
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Server: nginx/1.13.7
< Date: Sat, 06 Jan 2018 09:59:02 GMT
< Content-Type: text/html
< Content-Length: 187
< Connection: keep-alive
< Location: https://httpbin.sfgroups.com:30912/
< Strict-Transport-Security: max-age=15724800; includeSubDomains;
正如您所见https://httpbin.sfgroups.com:30912/未将端口30912替换为30004。
我该如何做到这一点?
Thnaks SR
修改。
我也在configmap中添加了这个,但仍有同样的问题。
kg configmap -n ingress-nginx nginx-configuration -o yaml
apiVersion: v1
data:
use-port-in-redirects: "true"
kind: ConfigMap
答案 0 :(得分:0)
这是Ingress本身的问题。您使用的是哪种版本的入口? 您可以尝试下面的入口图像。
quay.io/aledbf/nginx-ingress-controller:0.89
您可以通过inress service yml中的以下规范将入口限制为仅https端口。
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
type: NodePort
ports:
- name: https
port: 443
nodePort: 30082
targetPort: 443
selector:
k8s-app: nginx-ingress-lb
答案 1 :(得分:0)
您有机会看到https://github.com/kubernetes/ingress-nginx/issues/1743。
似乎是相同的用例,社区的解决方案是在配置configmap中指定use-port-in-redirects。