Kubernetes ingress-nginx-如果未配置TLS,如何禁用在https上的侦听?
我正在使用kubernetes ingress-nginx ,这是我的Ingress规范. http://example.com 可以正常运行.但是,当我转到 https://example.com 时,它仍然有效,但是指向Fake Ingress Controller的默认后端证书.如何禁用此行为?由于未配置TLS,因此我想完全禁用此特定入口上的https侦听.
I'm using kubernetes ingress-nginx and this is my Ingress spec. http://example.com works fine as expected. But when I go to https://example.com it still works, but pointing to default-backend with Fake Ingress Controller certificate. How can I disable this behaviour? I want to disable listening on https at all on this particular ingress, since there is no TLS configured.
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: http-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: my-deployment
servicePort: 80
我尝试了这个nginx.ingress.kubernetes.io/ssl-redirect: "false"注释.但这没有效果.
I've tried this nginx.ingress.kubernetes.io/ssl-redirect: "false" annotation. However this has no effect.
重定向不涉及您的问题.
Redirection is not involved in your problem.
ingress-controller正在监听80和443端口.当您配置仅具有80端口的入口时,如果到达443端口,则会重定向到默认后端,这是预期的行为.
ingress-controller is listening on both port, 80 and 443. When you configure an ingress with only 80 port, if you reach the 443 port you are redirected to the default backend, which is expected behaviour.
一个解决方案是添加另一个只能在80端口监听的Nginx控制器.然后,您可以使用kubernetes.io/ingress.class: myingress配置入口.
创建新的nginx控制器时,请更改守护程序的命令--ingress-class=myingress.然后,它将仅处理用此类注释的入口.
A solution is to add an other nginx-controller, that will only listen on 80 port. And then you can configure your ingresses with kubernetes.io/ingress.class: myingress.
When creating the new nginx-controller, change the command --ingress-class=myingress of the daemonset. It will then handle only ingress annotated with this class.
如果使用头盔进行部署,只需覆盖controller.ingressClass值.
If you use helm to deploy it, simply override the controller.ingressClass value.