更新时间:2024-12-04 GMT+08:00

Nginx Ingress对接HTTPS协议的后端服务

Ingress可以代理不同协议的后端服务,在默认情况下Ingress的后端代理通道是HTTP协议的,若需要建立HTTPS协议的通道,可在annotation字段中加入如下配置:

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

Ingress配置示例如下:

1.23及以上版本集群
apiVersion: networking.k8s.io/v1
kind: Ingress 
metadata: 
  name: ingress-test
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls: 
    - secretName: ingress-test-secret  #替换为您的TLS密钥证书
  rules:
    - host: ''
      http:
        paths:
          - path: '/'
            backend:
              service:
                name: <your_service_name>  #替换为您的目标服务名称
                port:
                  number: <your_service_port>  #替换为您的目标服务端口
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
            pathType: ImplementationSpecific
  ingressClassName: nginx
1.21及以下版本集群
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-test
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls: 
    - secretName: ingress-test-secret  #替换为您的TLS密钥证书
  rules:
    - host: ''
      http:
        paths:
          - path: '/'
            backend:
              serviceName: <your_service_name>  #替换为您的目标服务名称
              servicePort: <your_service_port>  #替换为您的目标服务端口