问题
I open Visual Studio 2019 and create a new project (Container application for kubernetes). I tick enable https support and then when I start debugging in Visual Studio; I can browse to the https address.
I then try to go one step further. I have Kubernetes enabled in Docker Desktop on my development PC and follow these instructions (after opening all the .yaml files and changing all references of https to http and all references of port 80 to port 443):
1) cd C:\mvcsecure
2) docker build -t mvcsecure:stable -f c:\mvcsecure\mvcsecure\Dockerfile .
3) cd c:\mvcsecure\mvcsecure\charts
4) helm install mvcsecure ./mvcsecure/
5) kubectl expose deployment mvcsecure --type=NodePort --name=mvcsecure-service
6) kubectl get service
mvcsecure-service NodePort 10.96.128.133 <none> 443:31577/TCP 6s
7) I then try to browse to: https://localhost:31577 and it says:
Cannot securely connect to this page
Notice there is no option to trust a certificate or anything.
What changes must I make to the default Helm charts created by Visual Studio to get https working on my basic service? I cannot find any documentation or examples online. It would be great to see an example of a https service (mvc or api) deployed to Kubernetes using Helm. I could post the .yaml file code if needed,, however there is a lot of it.
I am wanting to use kubernetes cluster root certificate as described here: How to access a kubernetes service through https?
I have checked that all TLS and SSL options are ticked in Internet Options.
回答1:
In case when Your application accepts HTTP traffic and You want to make is secure (HTTPS); I suggest to try TLS termination with kubernetes ingress.
Kubernetes documentation has great explanation how to configure TLS termination. With ingress object You can make Your HTTP service be accessible via HTTPS from outside of the cluster.
This means that connections made to service will be made in HTTPS and get decrypted to HTTP once internally in Your cluster before reaching the service.
Hope it helps.
来源:https://stackoverflow.com/questions/61914106/how-can-i-create-a-helm-https-service