我试图在GKE k8s中创建一个全局网关
这就是我努力实现这一目标的方式,
全局外部应用LB(网关)(HTTPS)--> Caddy webserver --> Wordpress
这是我的规格文件
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: mydomain-external-https
namespace: my-ns
annotations:
networking.gke.io/certmap: mydomain-space-certmap
spec:
gatewayClassName: gke-l7-global-external-managed
listeners:
- name: https
protocol: HTTPS
port: 443
addresses:
- type: NamedAddress
value: caddy-static-ip
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1beta1
metadata:
name: mydomain-space-external-http-route
namespace: my-ns
labels:
gateway: mydomain-external-https
spec:
parentRefs:
- name: mydomain-external-https
hostnames:
- "v1.mydomain.space"
- "v2.mydomain.space"
rules:
- backendRefs:
- name: caddy-app-service
port: 80字符串
这将创建一个LB,并将证书和静态IP附加到LB。
我猜这个Caddy配置文件对上下文也很重要,所以它在这里;
v1.mydomain.space:80 {
root * /var/www/html/v1.mydomain.space
php_fastcgi localhost:9000
file_server
encode gzip
log {
output file /var/log/caddy/v1.mydomain.space.access.log
}
@static {
file
path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.pdf *.webp
}
header @static Cache-Control max-age=5184000
}
v2.mydomain.space:80 {
root * /var/www/html/v2.mydomain.space
php_fastcgi localhost:9000
file_server
encode gzip
log {
output file /var/log/caddy/v2.mydomain.space.access.log
}
@static {
file
path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.pdf *.webp
}
header @static Cache-Control max-age=5184000
}型
现在的问题是,当我试图访问https://v1.mydomain.space或https://v2.mydomain.space时,https://v1.mydomain.space/wp-admin/setup-config.php页面使用HTTPS正确加载并提供HTTP 200 status,但所有静态内容链接都使用http协议返回。
http://v1.mydomain.space/wp-includes/css/dashicons.min.css?ver=6.4.1
http://v1.mydomain.space/wp-admin/css/l10n.min.css?ver=6.4.1
http://v1.mydomain.space/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1型
所有这些都无法加载。
我猜这是由Caddy config负责的,但我不能确定。或者是GKE网关的问题?这里有什么问题?
1条答案
按热度按时间brtdzjyr1#
如果您已经创建了您的域证书,您需要终止GKE Gateway和HTTP Route YAML的TLS证书,如下所示:
字符串
您可以在以下文档中查看更多详细信息: