AK具有AGIC和应用程序网关
我有一个启用附加AGIC的AKS群集(将在不久的将来尝试将其转换为基于头盔的Agic)。目前,我在此群集上有一个应用程序,将入口设置为应用程序网关。目前,这在港口80上完美工作。
如果我想启用SSL,我是否只需要在App Gateway上添加证书,然后在此类部署中引用该证书? (例如,取自 https://thewindowsupdate.com/2021/10/19/what-does-it-it-mean-for-the--the--papplication-gateway-gateway-gateway-gateway-gateway-gateway-controller-controller-troller-agic-to-to-magic-magic-magic-mume -Full-Allower/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: aspnetapp
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: <name of your certificated added to Application Gateway>
appgw.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: aspnetapp
servicePort: 80
尽管将服务端口设置为上面的80,但App GW会自动应用于80或443吗? 自动加密
- ?
- 会
哪些方面
I have an AKS cluster with the add-on AGIC enabled (will try and convert it into Helm based AGIC in the near future). At the moment I have an application on this cluster with the Ingress set to the Application Gateway. This works perfectly on port 80 at the moment.
If I want to enable SSL, do I just need to add the certificate at the App Gateway and then reference that in deployment as such? (example taken from https://thewindowsupdate.com/2021/10/19/what-does-it-mean-for-the-application-gateway-ingress-controller-agic-to-assume-full-ownership/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: aspnetapp
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/appgw-ssl-certificate: <name of your certificated added to Application Gateway>
appgw.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: aspnetapp
servicePort: 80
Although the service port is set to 80 above, will the App GW apply TLS automatically? Should the service port above be 80 or 443? Or does it not matter since the SSL Redirect is set? Also what aspects does this encrypt automatically?
- External -> App GW ?
- App GW -> Ingress ?
Also, do I need another certificate for the external side of App GW as well? Or do I need just the one cert?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
AGIC will create:
appgw.ingress.kubernetes.io/appgw-ssl-certificate默认情况下,AGIC将进行TLS终止,因此App Gateway和AKS群集之间的流量将使用HTTP(不是HTTPS)协议。配置的端口将是服务的
targetPort中配置的端口。另一方面,您应该以前看过此警告:
您应该更新agic以使用最新版本并将您的清单更改为使用
networking.k8s.io/v1intress:AGIC will create:
appgw.ingress.kubernetes.io/appgw-ssl-certificateBy default AGIC will do TLS termination so the traffic between app gateway and the aks cluster will be using HTTP (not HTTPS) protocol. The port configured will be the port configured in the
targetPortof your service.On another note, you should have seen this warning before:
You should update AGIC to use latest version and change your manifest to use
networking.k8s.io/v1Ingress: