我的環境需要服務http和https都支持訪問,根據騰訊雲的官方文檔添加注解后無效:
https://cloud.tencent.com/document/product/457/45693
注解示例:
kind: Ingress metadata: annotations: kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.rule-mix: "true" name: sample-ingress namespace: default spec: rules: - host: www.tencent.com http: paths: - backend: serviceName: sample-service servicePort: 80 path: / tls: - secretName: tencent-com-cert
配置后經過測試無效,還是http自動跳轉到https,通過查看nginx-ingress官方注解,需要添加 ssl-redirect: "false" in the NGINX ConfigMap. (全局生效)或者添加ingress注解:nginx.ingress.kubernetes.io/ssl-redirect: "false"
設置后仍然無效,還是繼續跳轉https,通過查看返回碼發現,我這邊通過http訪問的適合,重定向碼為307,官方注解說的是308,可能是這個原因,於是重寫 http-redirect-code
編輯configmap,添加如下參數:
再次測試,終於正常了
總結:騰訊的tke集群的ingress如果要實現http和https混合使用,需要配置以下三個地方:
1.根據官方文檔配置如下注解:
kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]' kubernetes.io/ingress.rule-mix: "true"
2.configmap或者目標ingress關閉ssl_redirect
3.如果還是不行,需要修改configmap的http-redirect-code