105 lines
2.2 KiB
Markdown
105 lines
2.2 KiB
Markdown
> 本文作者:丁辉
|
|
|
|
# Istio重定向HTTP为HTTPS
|
|
|
|
## 部署基础服务
|
|
|
|
1. 部署 Nginx 资源
|
|
|
|
```yaml
|
|
kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment.yaml
|
|
kubectl apply -f https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/nginx-deployment-svc.yaml
|
|
```
|
|
|
|
2. 查看部署情况
|
|
|
|
```bash
|
|
kubectl get deploy,svc
|
|
```
|
|
|
|
## 配置 Istio 对外访问
|
|
|
|
1. 部署 Nginx Gateway 资源
|
|
|
|
```yaml
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: networking.istio.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: nginx-gateway
|
|
namespace: default
|
|
spec:
|
|
selector:
|
|
istio: ingressgateway
|
|
servers:
|
|
- port:
|
|
number: 443
|
|
name: https
|
|
protocol: HTTPS
|
|
hosts:
|
|
- example.com # 替换为你的域名
|
|
tls:
|
|
mode: SIMPLE
|
|
credentialName: example-tls # 替换为你的证书,这个 secret 必须在 istio-system 命名空间
|
|
- port:
|
|
number: 80
|
|
name: http
|
|
protocol: HTTP
|
|
hosts:
|
|
- example.com # 替换为你的域名
|
|
EOF
|
|
```
|
|
|
|
2. 部署 Nginx VirtualService 资源
|
|
|
|
```yaml
|
|
http:
|
|
- name: http-redirect
|
|
match:
|
|
- port: 80
|
|
redirect:
|
|
port: 443
|
|
scheme: https
|
|
- name: https-route
|
|
match:
|
|
- port: 443
|
|
route:
|
|
- destination:
|
|
host: nginx-service.default.svc.cluster.local # 完整的服务 FQDN
|
|
port:
|
|
number: 80
|
|
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: networking.istio.io/v1
|
|
kind: VirtualService
|
|
metadata:
|
|
name: nginx-virtualservice
|
|
namespace: default
|
|
spec:
|
|
hosts:
|
|
- example.com # 替换为你的域名
|
|
gateways:
|
|
- nginx-gateway
|
|
http:
|
|
- name: https-route
|
|
match:
|
|
- uri:
|
|
prefix: /
|
|
port: 443
|
|
route:
|
|
- destination:
|
|
host: nginx-service.default.svc.cluster.local
|
|
port:
|
|
number: 80
|
|
- name: http-redirect
|
|
match:
|
|
- port: 80
|
|
redirect:
|
|
port: 443
|
|
scheme: https
|
|
EOF
|
|
```
|
|
|
|
3. 访问 HTTP 实现自动跳转到 HTTPS
|
|
|