在Linux中的python容器中为在Azure Kubernetes Service中运行的Flask API服务器实现HTTPS支持

ws51t4hk  于 2023-05-28  发布在  Kubernetes
关注(0)|答案(1)|浏览(134)

我正在Azure Kubernetes Service上的Linux Docker容器中运行Python中的Flask API服务器。现在,他们通过HTTP进行通信,我如何让他们通过HTTPS进行通信?
我找到了下面的帖子,但我正在寻找更多的信息。也许是Azure的特色。How to implement HTTPS support for Flask HTTP server running as Kubernetes container
我的Deployment en Service看起来像这样:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: flask-app-deployment
spec:
  selector:
    matchLabels:
      app: test-app
  template:
    metadata:
      labels:
        app: test-app
    spec:
      containers:
      - name: test-app
        image: <image>
        env:
        - name: <token-secret-env-name>
          valueFrom:
            secretKeyRef:
              name: <token-secret-name>
              key: <token-secret>
        imagePullPolicy: Always
        resources:
          requests:
            cpu: "500m"
            memory: "800Mi"
          limits:
            cpu: "500m"
            memory: "800Mi"
        ports:
        - containerPort: <port>

      imagePullSecrets:
      - name: <secret>
---

apiVersion: v1
kind: Service
metadata:
  name: flask-app-service
spec:
  selector:
    app: test-app
  ports:
  - port: <port>
    protocol: TCP
    targetPort: <port>
  type: LoadBalancer
w1jd8yoj

w1jd8yoj1#

如何让他们通过HTTPS进行通信
我已经尝试按照要求通过HTTPS服务器运行。

  • 出于测试目的,使用了来自可信证书颁发机构(CA)的SSL证书。

下面是我的docker和Kubernetes的部署服务文件。

flask-app-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mydockerfile
spec:
  replicas: 3
  selector:
    matchLabels:
      app: mydockerfile
  template:
    metadata:
      labels:
        app: mydockerfile
    spec:
      containers:
        - name: mydockerfile
          image: *****.azurecr.io/mydockerfile
          ports:
            - containerPort: 5000
          volumeMounts:
            - name: ssl-certificate
              mountPath: "/etc/ssl/certs"
              readOnly: true
      volumes:
        - name: ssl-certificate
          secret:
            secretName: my-ssl-certificate

sample.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mydockerfile
spec:
  replicas: 3
  selector:
    matchLabels:
      app: mydockerfile
  template:
    metadata:
      labels:
        app: mydockerfile
    spec:
      containers:
        - name: mydockerfile
          image: ******.azurecr.io/mydockerfile:v1
          ports:
            - containerPort: 5000
          volumeMounts:
            - name: ssl-certificate
              mountPath: "/etc/ssl/certs"
              readOnly: true
      volumes:
        - name: ssl-certificate
          secret:
            secretName: my-ssl-certificate
  • 将docker文件镜像到容器中。

  • 已将Docker镜像推送到容器注册表

  • 已登录Azure容器注册表

  • 应用Kubernetes清单来部署Flask API服务器。

  • 已验证部署是否成功。

Docker镜像:

最后,它通过HTTPS进行通信。

相关问题