91 lines
1.8 KiB
Markdown
91 lines
1.8 KiB
Markdown
> 本文作者:丁辉
|
|
>
|
|
|
|
# Ingress代理外部服务Teleport
|
|
|
|
## 准备
|
|
|
|
修改 Teleport 服务为 HTTP 协议
|
|
|
|
```yaml
|
|
proxy_service:
|
|
enabled: "yes"
|
|
web_listen_addr: 0.0.0.0:9443
|
|
public_addr: teleport.example.com:443 # 对外访问地址
|
|
# 删除如下内容
|
|
# https_keypairs:
|
|
# - key_file:
|
|
# cert_file:
|
|
# https_keypairs_reload_interval: 0s
|
|
# acme: {}
|
|
```
|
|
|
|
## 开启对外访问
|
|
|
|
1. Endpoints 对接外部 Teleport
|
|
|
|
```yaml
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: v1
|
|
kind: Endpoints
|
|
metadata:
|
|
name: teleport-proxy
|
|
namespace: teleport
|
|
subsets:
|
|
- addresses:
|
|
- ip: 127.0.0.1 # 修改为 Teleport 服务器访问地址
|
|
ports:
|
|
- port: 9443
|
|
protocol: TCP
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: teleport-proxy
|
|
namespace: teleport
|
|
spec:
|
|
ports:
|
|
- port: 9443
|
|
targetPort: 9443
|
|
type: ClusterIP
|
|
EOF
|
|
```
|
|
|
|
2. 配置对外 Ingress
|
|
|
|
```yaml
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: teleport
|
|
namespace: teleport
|
|
annotations:
|
|
# 不限制文件上传大小
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
# 告诉Ingress后端是HTTP
|
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
labels:
|
|
app: teleport
|
|
spec:
|
|
rules:
|
|
- host: teleport.example.com
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: teleport-proxy
|
|
port:
|
|
number: 9443
|
|
path: /
|
|
tls:
|
|
- hosts:
|
|
- teleport.example.com
|
|
secretName: teleport-tls
|
|
EOF
|
|
```
|
|
|
|
3. 访问即可
|
|
|