问题描述
背景:
我对Google的Cloud平台还很陌生,所以我想确保自己没有遗漏任何明显的东西.
I'm pretty new to the Google's Cloud platform so I want to make sure that I'm not is missing anything obvious.
我们正在尝试GKE和Kubernetes,我们希望通过https公开一些服务.我已经阅读了 http负载平衡的文档,该文档似乎建议您应该维护自己的执行SSL终端和负载平衡的Nginx实例.对我来说,这看起来很复杂(我曾经使用过AWS及其负载均衡器(ELB),该负载均衡器已经支持SSL终止了一段时间.)
We're experimenting with GKE and Kubernetes and we'd like to expose some services over https. I've read the documentation for http(s) load-balancing which seem to suggest that you should maintain your own nginx instance that does SSL terminal and load balancing. To me this looks quite complex (I'm used to working on AWS and its load-balancer (ELB) which has supported SSL termination for ages).
问题:
- 如果您需要的所有 all 是GKE中的SSL终止,那么创建和维护nginx实例是否可行?
- 如果是,这是怎么做的?这文档似乎并没有真正传达出这种热情.
- Is creating and maintaining an nginx instance the way to go if all you need is SSL termination in GKE?
- If so, how is this done? Thedocumentationdoesn't really seem to convey this afaict.
推荐答案
Tl; Dr:观看此空间以获取Kubernetes 1.2
Tl;Dr: Watch this space for Kubernetes 1.2
到目前为止,Kubernetes仅支持L4负载平衡.这意味着GCE/GKE负载平衡器打开了tcp连接,仅将流量发送到您的后端,该后端负责终止ssl.从Kubernetes 1.1开始,Kubernetes具有入口"资源,但当前处于Beta版本,仅支持HTTP.在1.2中它将支持不同的SSL模式.
Till now Kubernetes has only supported L4 loadbalancing. This means the GCE/GKE loadbalancer opens up a tcp connection and just sends traffic to your backend, which is responsible for terminating ssl. As of Kubernetes 1.1, Kubernetes has an "Ingress" resource, but it's currently in Beta and only supports HTTP. It will support different SSL modes in 1.2.
那么,如何使用普通的Kubernetes服务终止SSL?
https://github.com/kubernetes/kubernetes /blob/release-1.0/examples/https-nginx/README.md
So, how to terminate SSL with a normal Kubernetes service?
https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/README.md
如何为此服务创建负载均衡器?
L4:将NodePort更改为LoadBalancer( https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/nginx-app.yaml#L8 )
L7:部署服务负载平衡器( https://github.com/kubernetes/contrib/tree/master/service-loadbalancer#https )
How to create a loadbalancer for this Service?
L4: Change NodePort to LoadBalancer (https://github.com/kubernetes/kubernetes/blob/release-1.0/examples/https-nginx/nginx-app.yaml#L8)
L7: Deploy a Service loadbalancer (https://github.com/kubernetes/contrib/tree/master/service-loadbalancer#https)
如何通过Kubernetes创建GCE HTTP负载均衡器? https://github.com/kubernetes /kubernetes/blob/master/docs/user-guide/ingress.md#simple-fanout
How to create a GCE HTTP loadbalancer through Kubernetes?https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/ingress.md#simple-fanout
那么如何通过Kubernetes创建GCE HTTPS负载均衡器呢?
在1.2版本中,目前该过程是手动的.如果您不确定确切的手动步骤,请回复此内容,然后我将进行澄清(不确定是否应在此处列出所有步骤,并进一步使您感到困惑).
So how to create a GCE HTTPS loadbalancer through Kubernetes?
Coming in 1.2, currently the process is manual. If you're not clear on the exact manual steps reply to this and I will clarify (not sure if I should list all of them here and confuse you even more).
这篇关于Google容器引擎中的Kubernetes负载平衡器SSL终止吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!