kubernetes - 入口控制器上的重定向过多
问题描述
我正在尝试根据以下内容设置入口控制器:
https
://kubernetes.github.io/ingress-nginx/deploy/#aws
它适用于 ELB,但由于某种原因,如果我在 NLB 中设置以下内容:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
然后我得到一个Too many redirects
错误。
如果我将上述设置为 false,那么我可以分别访问 HTTP 和 HTTPS,但没有重定向。
在 NLB 的服务注释中,我有:
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-1:12345:certificate/xyz
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-FS-1-2-2019-08
...
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
appProtocol: http
- name: https
port: 443
protocol: TCP
targetPort: http
appProtocol: https
对于可以正常工作的ELB,我有:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60'
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-1:12345:certificate/xyz
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-type: elb
...
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: tohttps
appProtocol: http
- name: https
port: 443
protocol: TCP
targetPort: http
appProtocol: https
我尝试了很多组合,但我无法让 NLB 以与 ELB 相同的方式运行。
解决方案
尝试appProtocol: https
在 LB 级别删除和卸载 SSL
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-west-1:12345:certificate/xyz
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-FS-1-2-2019-08
...
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: HTTP
您可以在以下位置检查配置:https ://aws.amazon.com/blogs/opensource/network-load-balancer-nginx-ingress-controller-eks/
此外,从 AWS 控制台 LB 中检查具有80 个和TLS 443个侦听器。
SSL 卸载和终止: https ://aws.amazon.com/premiumsupport/knowledge-center/terminate-https-traffic-eks-acm/
推荐阅读
- django - django 3.1 将原始列别名传递给 QuerySet.order_by() 已弃用
- database - 如何将房间数据库实现到数据类具有自定义承包商和 setter/getter 属性
- java - 如何在Java的循环中连接2个或更多字符串
- ios - StackView 中的 WKWebView 未正确调整大小
- c++ - 计算单独面上的平滑法线
- favicon - favicon 不在手机上显示谷歌搜索结果
- c# - C# If 循环条件问题(这不应该是一个无限循环吗?)
- typescript - 如何在实现接口并匹配条件的数组中查找对象
- python - 如何实现 MinPooling2D 池化层
- javascript - Javascript导出excel填充顶栏