Rancher 2.x - HTTP 到 HTTPS 重定向
Rancher 2.x - HTTP to HTTPS redirect
我使用 docs 安装了 Rancher 2.4.4,一切正常。我可以使用我的自定义域 rancher.mydomain.com 使用 https 访问服务器。
我使用 test.mydomain.com 创建了一个入口来访问服务。我正在使用自签名证书来测试 https://test.mydomain.com 访问并且它正在运行。但是我可以使用 http 访问相同的服务。如何进行重定向或避免使用 http 访问我的集群?这是更改了敏感信息的入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
field.cattle.io/creatorId: user-tk7hh
field.cattle.io/ingressState: '{"dW5pbWVk":"p-pfqlz:test","abc":"deployment:test:httpbin","abc==":"deployment:test:httpbin"}'
field.cattle.io/publicEndpoints: '[{"addresses":["1.2.3.4"],"port":443,"protocol":"HTTPS","serviceName":"unimed:ingress-5d3e64b41895cfc7d3d354d63a7d83d0","ingressName":"test:test","hostname":"test.mydomain.com","path":"/status","allNodes":false},{"addresses":["1.2.3.4"],"port":443,"protocol":"HTTPS","serviceName":"test:ingress-9922b5a9032d962093476e63c4335d80","ingressName":"test:test","hostname":"test.mydomain.com","path":"/delay","allNodes":false}]'
creationTimestamp: "2020-06-05T23:28:23Z"
generation: 11
labels:
cattle.io/creator: norman
managedFields:
- apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
manager: traefik
operation: Update
time: "2020-06-05T23:28:23Z"
- apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:field.cattle.io/creatorId: {}
f:field.cattle.io/ingressState: {}
f:field.cattle.io/publicEndpoints: {}
f:labels:
.: {}
f:cattle.io/creator: {}
f:spec:
f:rules: {}
f:tls: {}
manager: Go-http-client
operation: Update
time: "2020-06-08T19:22:11Z"
name: unimed
namespace: unimed
resourceVersion: "998963"
selfLink: /apis/extensions/v1beta1/namespaces/test/ingresses/test
uid: b138da9d-9ca8-4a23-a9b9-3ae1e400177d
spec:
rules:
- host: test.mydomain.com
http:
paths:
- backend:
serviceName: ingress-5d3e64b41895cfc7d3d354d63a7d83d0
servicePort: 80
path: /status
pathType: ImplementationSpecific
- backend:
serviceName: ingress-9922b5a9032d962093476e63c4335d80
servicePort: 80
path: /delay
pathType: ImplementationSpecific
tls:
- hosts:
- test.mydomain.com
secretName: test
status:
loadBalancer:
ingress:
- ip: 1.2.3.4
已解决。 Rancher 2.4.4 使用 Traefik 作为负载均衡器。我们需要放置此注释以进行重定向
traefik.ingress.kubernetes.io/redirect-entry-point: https
可以使用界面在 Ingress 中执行此操作。
我使用 docs 安装了 Rancher 2.4.4,一切正常。我可以使用我的自定义域 rancher.mydomain.com 使用 https 访问服务器。
我使用 test.mydomain.com 创建了一个入口来访问服务。我正在使用自签名证书来测试 https://test.mydomain.com 访问并且它正在运行。但是我可以使用 http 访问相同的服务。如何进行重定向或避免使用 http 访问我的集群?这是更改了敏感信息的入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
field.cattle.io/creatorId: user-tk7hh
field.cattle.io/ingressState: '{"dW5pbWVk":"p-pfqlz:test","abc":"deployment:test:httpbin","abc==":"deployment:test:httpbin"}'
field.cattle.io/publicEndpoints: '[{"addresses":["1.2.3.4"],"port":443,"protocol":"HTTPS","serviceName":"unimed:ingress-5d3e64b41895cfc7d3d354d63a7d83d0","ingressName":"test:test","hostname":"test.mydomain.com","path":"/status","allNodes":false},{"addresses":["1.2.3.4"],"port":443,"protocol":"HTTPS","serviceName":"test:ingress-9922b5a9032d962093476e63c4335d80","ingressName":"test:test","hostname":"test.mydomain.com","path":"/delay","allNodes":false}]'
creationTimestamp: "2020-06-05T23:28:23Z"
generation: 11
labels:
cattle.io/creator: norman
managedFields:
- apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
manager: traefik
operation: Update
time: "2020-06-05T23:28:23Z"
- apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:field.cattle.io/creatorId: {}
f:field.cattle.io/ingressState: {}
f:field.cattle.io/publicEndpoints: {}
f:labels:
.: {}
f:cattle.io/creator: {}
f:spec:
f:rules: {}
f:tls: {}
manager: Go-http-client
operation: Update
time: "2020-06-08T19:22:11Z"
name: unimed
namespace: unimed
resourceVersion: "998963"
selfLink: /apis/extensions/v1beta1/namespaces/test/ingresses/test
uid: b138da9d-9ca8-4a23-a9b9-3ae1e400177d
spec:
rules:
- host: test.mydomain.com
http:
paths:
- backend:
serviceName: ingress-5d3e64b41895cfc7d3d354d63a7d83d0
servicePort: 80
path: /status
pathType: ImplementationSpecific
- backend:
serviceName: ingress-9922b5a9032d962093476e63c4335d80
servicePort: 80
path: /delay
pathType: ImplementationSpecific
tls:
- hosts:
- test.mydomain.com
secretName: test
status:
loadBalancer:
ingress:
- ip: 1.2.3.4
已解决。 Rancher 2.4.4 使用 Traefik 作为负载均衡器。我们需要放置此注释以进行重定向
traefik.ingress.kubernetes.io/redirect-entry-point: https
可以使用界面在 Ingress 中执行此操作。