我正在尝试为我的 kubernetes-pod 设置 tls/https。我配置了入口规则,并且有一个负载均衡器服务。我从我的提供商处获得了证书。不确定,这有多重要:它是通配符证书:*.my-domain.org
(注意:my-domain.org 是替代品;))
浏览器返回“ERR_SSL_PROTOCOL_ERROR”。
顺便说一下:http 运行成功。
我的详细步骤:
我有一个证书和一个密钥,我将其添加为秘密:
kubectl create secret tls tls-secret -n default --cert=ssl_certificate.cer --key=private_key.key
这是我的入口规则的设置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: default
spec:
tls:
- hosts:
- my-domain.org
secretName: tls-secret
rules:
- host: my-domain.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
这是我的服务:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: my-pod
ports:
- protocol: TCP
targetPort: 3000
port: 80
name: http
- protocol: TCP
targetPort: 3000
port: 443
name: https
type: LoadBalancer
最后我的 pod 通过以下部署创建:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: my-pod
minReadySeconds: 5
template:
metadata:
labels:
app: my-pod
spec:
containers:
- name: my-container
image: registry.../nextapp:latest
imagePullPolicy: Always
stdin: true
tty: true
ports:
- containerPort: 3000
name: http
imagePullSecrets:
- name: registry-credentials
restartPolicy: Always
嗯,根据我的经验,我想到了两件事