1

Kubernetes surfaces an API proxy, which allows querying the internal services via eg: https://myhost.com/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/

This is all well, and good. However, for security & compliance reasons, all of our services expose an HTTPS endpoint. Attempting to access them by going to https://myhost/api/v1/proxy/namespaces/default/services/myhttpsservice:3000/ results in

 Error: 'read tcp 172.20.122.129:48830->100.96.29.113:3000: read: connection reset by peer' 
Trying to reach: 'http://100.96.29.113:3000/'

Because the endpoint, 100.96.29.113:3000 is in fact https.

Is there any way to configure the proxy to apply SSL to specific service endpoints?

(Edit: If this is not currently possible, a relevant github issue link for tracking the feature request is also acceptable answer until it will be)

4

1 回答 1

2

https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#manually-constructing-apiserver-proxy-urls中所述,(并在 slack 上指出),您可以访问 HTTPS 后面的服务通过在服务名称前加上 "https:" ;

使用上面的示例,正​​确的是:https://myhost/api/v1/proxy/namespaces/default/services/https:myhttpsservice:3000/

于 2017-09-24T00:43:29.800 回答