问题
I am new to Kubernetes (GKE to be specific), this is my third week, so bare with me.
I've been tasked to expose a statefulset via https like this:
- https://example.com/whateva -> service:8080 (+Google Cloud CDN)
- https://example.com:5001 -> service:9095
I have been trying for a week now. It was under the impression that this requirement was pretty straight forward? Can anyone point me in the right direction?
Questions:
- I would like to use the
managedcertificatefrom the google cloud but it seems that's not possible? - Which
ingressimplementation is capable of achieving this while providing understandable documentation?
回答1:
The ingress creates an L7/HTTP/HTTPS load balancer which can only forward HTTPS on tcp port 443. The only load balancer that will forward port 5001 is the Network TCP/UDP type. The network load balancers will not terminate ssl/tls so a managedcertificate can not be used. The tls connection is passed through to pods in your cluster where the certificate and key must be present to handle the tls connections.
来源:https://stackoverflow.com/questions/65809893/expose-service-on-custom-port-via-https-on-gke