Kubernetes/网关/Istio/Istio重定向HTTP为HTTPS.md

本文作者：丁辉

Istio重定向HTTP为HTTPS

部署基础服务

1. 部署 Nginx 资源

   kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment.yaml
   kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment-svc.yaml
   

2. 查看部署情况

   kubectl get deploy,svc
   

配置 Istio 对外访问

1. 部署 Nginx Gateway 资源

   cat <<EOF | kubectl apply -f -
   apiVersion: networking.istio.io/v1
   kind: Gateway
   metadata:
     name: nginx-gateway
     namespace: default
   spec:
     selector:
       istio: ingressgateway
     servers:
     - port:
         number: 443
         name: https
         protocol: HTTPS
       hosts:
       - example.com # 替换为你的域名
       tls:
         mode: SIMPLE
         credentialName: example-tls # 替换为你的证书,这个 secret 必须在 istio-system 命名空间
     - port:
         number: 80
         name: http
         protocol: HTTP
       hosts:
       - example.com # 替换为你的域名
   EOF
   

2. 部署 Nginx VirtualService 资源

     http:
     - name: http-redirect
       match:
       - port: 80
       redirect:
         port: 443
         scheme: https
     - name: https-route
       match:
       - port: 443
       route:
       - destination:
           host: nginx-service.default.svc.cluster.local  # 完整的服务 FQDN
           port:
             number: 80
   
   cat <<EOF | kubectl apply -f -
   apiVersion: networking.istio.io/v1
   kind: VirtualService
   metadata:
     name: nginx-virtualservice
     namespace: default
   spec:
     hosts:
     - example.com # 替换为你的域名
     gateways:
     - nginx-gateway
     http:
     - name: https-route
       match:
         - uri:
             prefix: /
           port: 443
       route:
       - destination:
           host: nginx-service.default.svc.cluster.local
           port:
             number: 80
     - name: http-redirect
       match:
       - port: 80
       redirect:
         port: 443
         scheme: https
   EOF
   

3. 访问 HTTP 实现自动跳转到 HTTPS