In default scenarios, if TLS is not configured in Ingress, the service will be exposed though HTTP protocol. If TLS is configured in Ingress, the service will be exposed though HTTPS protocol. The service described by Ingress is only able to be exposed though one type of protocol. To deal with the limitations of this rule, TKE provides support for mixed use of both protocols.
If you need to expose services through HTTP and HTTPS protocols simultaneously, you can refer to this document to enable mixed protocols and configure all forwarding rules to kubernetes.io/ingress.http-rules
and kubernetes.io/ingress.https-rules
annotations.
The rule format of kubernetes.io/ingress.http-rules
and kubernetes.io/ingress.https-rules
is a Json Array
. The format for each object is as below:
{
"host": "<domain>",
"path": "<path>",
"backend": {
"serviceName": "<service name>",
"servicePort": "<service port>"
}
}
TKE Ingress Controller
supports mixed configuration of HTTP
and HTTPS
rules. The steps are as follows:
kubernetes.io/ingress.rule-mix
annotation in Ingress and set it to true
.kubernetes.io/ingress.http-rules
and kubernetes.io/ingress.https-rules
, and add them to the corresponding rule set. If a corresponding rule is not found in Ingress annotation, it is added to the HTTPS rule set by default.VIP
, and Path defaults to /
).apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.http-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]'
kubernetes.io/ingress.https-rules: '[{"host":"www.tencent.com","path":"/","backend":{"serviceName":"sample-service","servicePort":"80"}}]'
kubernetes.io/ingress.rule-mix: "true"
name: sample-ingress
namespace: default
spec:
rules:
- host: www.tencent.com
http:
paths:
- backend:
serviceName: sample-service
servicePort: 80
path: /
tls:
- secretName: tencent-com-cert
This example contains the following configuration:
tencent-com-cert
.ingress.spec.rule
in both kubernetes.io/ingress.http-rules
and kubernetes.io/ingress.https-rules
.
Was this page helpful?