如何在GKE中使用HTTPS部署Echo应用程序?
如何在GKE中使用HTTPS部署Echo应用程序?
使用Echo框架开发了一个Web应用程序。使用其自动 TLS 设置功能。https://<DOMAIN>
package main
import (
"net/http"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
"golang.org/x/crypto/acme/autocert"
)
func main() {
e := echo.New()
env := os.Getenv("ENV")
if env == "prod" {
e.AutoTLSManager.HostPolicy = autocert.HostWhitelist("arealdomain.com")
e.AutoTLSManager.Cache = autocert.DirCache("/var/www/cert")
e.Pre(middleware.HTTPSWWWRedirect())
}
e.GET("/healthcheck", func(c echo.Context) error {
return c.JSON(http.StatusOK, {"ok"})
})
switch env {
case "prod":
e.Logger.Fatal(e.StartAutoTLS(":8443"))
case "dev":
e.Logger.Fatal(e.Start(":9000"))
default:
e.Logger.Fatal(e.Start(":9000"))
}
}
在 Kubernetes 中部署了它。
开发.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: testapp
spec:
selector:
matchLabels:
app: testapp
replicas: 3
template:
metadata:
labels:
app: testapp
spec:
containers:
- name: testapp
image: gcr.io/<PROJECT_ID>/testapp
ports:
- containerPort: 9000
- containerPort: 8443
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
exec:
command:
- "true"
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 20
httpGet:
path: /healthcheck
port: 9000
服务.yml
apiVersion: v1
kind: Service
metadata:
name: testapp
spec:
type: NodePort
ports:
- name: http
protocol: TCP
port: 80
targetPort: 9000
selector:
app: testapp
ingress.yml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: testingress
annotations:
kubernetes.io/ingress.global-static-ip-name: testip // a real IP
networking.gke.io/managed-certificates: testcertificate
kubernetes.io/ingress.class: "gce"
spec:
backend:
serviceName: testapp
servicePort: 80
managedcertificate.yml
手掌心1回答
-
慕少森
如果您刚刚开始使用 GKE,我建议您只创建服务和部署,并使用 UI 创建入口和托管证书我创建并部署了一个示例应用程序:main.go 中的代码package mainimport ( "log" "net/http")func main() { // change this handlers for echo handlers http.HandleFunc("/", http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { rw.WriteHeader(http.StatusOK) rw.Write([]byte("Hello World...")) })) http.HandleFunc("/health", http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { rw.WriteHeader(http.StatusOK) })) log.Panic(http.ListenAndServe(":8080", nil))}DockerfileFROM golang:alpine AS builderRUN apk add --no-cache gitWORKDIR /go/src/appCOPY . .RUN go build -o bin main.go#final stageFROM alpine:latestRUN apk --no-cache add ca-certificatesCOPY --from=builder /go/src/app/bin /appENTRYPOINT ./appEXPOSE 8080k8s-artifacts.yamlapiVersion: apps/v1kind: Deploymentmetadata: name: testappspec: selector: matchLabels: app: testapp replicas: 3 template: metadata: labels: app: testapp spec: containers: - name: testapp image: gcr.io/<ACCOUNT>/test ports: - containerPort: 8080 livenessProbe: initialDelaySeconds: 10 periodSeconds: 10 exec: command: - "true" readinessProbe: initialDelaySeconds: 5 periodSeconds: 20 httpGet: path: /health port: 8080---apiVersion: v1kind: Servicemetadata: name: testappspec: type: NodePort ports: - name: http protocol: TCP port: 80 targetPort: 8080 selector: app: testapp---apiVersion: "extensions/v1beta1"kind: "Ingress"metadata: name: "lb-2" namespace: "default"spec: backend: serviceName: "testapp" servicePort: 80有了这个,你将至少有一个http入口,你可以通过互联网访问。之后,在验证服务已启动并运行时,可以编辑负载均衡器的前端以添加 https 规则和托管证书
随时随地看视频慕课网APP
相关分类
Go