Offends/Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改和新增
All checks were successful
continuous-integration/drone Build is passing
Details

Browse Source
This commit is contained in:
offends
2025-12-23 01:53:01 +08:00
parent 89a07bc062
commit b44594def6
17 changed files with 922 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
网关/Istio/Istio重定向HTTP为HTTPS.md Normal file
View File

@@ -0,0 +1,104 @@
> 本文作者:丁辉
# Istio重定向HTTP为HTTPS
## 部署基础服务
1. 部署 Nginx 资源
```yaml
kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment.yaml
kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment-svc.yaml
```
2. 查看部署情况
```bash
kubectl get deploy,svc
```
## 配置 Istio 对外访问
1. 部署 Nginx Gateway 资源
```yaml
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1
kind: Gateway
metadata:
name: nginx-gateway
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- example.com # 替换为你的域名
tls:
mode: SIMPLE
credentialName: example-tls # 替换为你的证书,这个 secret 必须在 istio-system 命名空间
- port:
number: 80
name: http
protocol: HTTP
hosts:
- example.com # 替换为你的域名
EOF
```
2. 部署 Nginx VirtualService 资源
```yaml
http:
- name: http-redirect
match:
- port: 80
redirect:
port: 443
scheme: https
- name: https-route
match:
- port: 443
route:
- destination:
host: nginx-service.default.svc.cluster.local # 完整的服务 FQDN
port:
number: 80
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
name: nginx-virtualservice
namespace: default
spec:
hosts:
- example.com # 替换为你的域名
gateways:
- nginx-gateway
http:
- name: https-route
match:
- uri:
prefix: /
port: 443
route:
- destination:
host: nginx-service.default.svc.cluster.local
port:
number: 80
- name: http-redirect
match:
- port: 80
redirect:
port: 443
scheme: https
EOF
```
3. 访问 HTTP 实现自动跳转到 HTTPS