76. 如何在 RKE CLI 和 Rancher v2.x 配置的 RKE Kubernetes 集群中启用 ingress-nginx 的遗留 TLS 版本

Environment 环境An RKE Kubernetes cluster provisioned by the Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x由 Rancher Kubernetes Engine RKE CLI 或 Rancher v2.x 配置的 RKE Kubernetes 集群Situation 地理位置This article details how to enable TLS 1.1 on the ingress-nginx controller in Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned RKE Kubernetes clusters.本文详细介绍了如何在 Rancher Kubernetes EngineRKECLI 或 Rancher v2.x 配置 RKE 集群中的 ingress-nginx 控制器上启用 TLS 1.1。Pre-requisites: 先修条件For RKE CLI provisioned clusters, you will require the RKE binary and access to the cluster configuration YAML, rkestate file and kubectl access with the kubeconfig for the cluster sourced对于 RKE CLI 配置集群你需要 RKE 二进制文件并访问集群配置 YAML、rkestate 文件和 kubectl 访问使用 kubeconfig 访问集群的来源For Rancher v2.x provisioned RKE clusters, you will require cluster owner or global admin permissions in Rancher对于 Rancher v2.x 配置的 RKE 集群你需要在 Rancher 中获得集群所有者或全局管理员权限Resolution 结局Configuration for RKE CLI provisioned clustersRKE CLI 配置集群配置Edit the cluster configuration YAML file to include thessl-protocolsoption for the ingress, as follows:编辑集群配置的 YAML 文件加入入口的ssl 协议选项具体如下ingress: provider: nginx options: ssl-protocols: TLSv1.1 TLSv1.2Apply the changes to the cluster, by invokingrke up:通过调用rke up将这些更改应用到集群上rke up --config cluster configuration yaml fileVerify the new configuration:验证新配置for pod in $(kubectl get pods -l appingress-nginx -n ingress-nginx --no-headers -o name | awk -F / {print $2}); do echo -n Checking $pod .... ; kubectl -n ingress-nginx exec $pod -- bash -c cat /etc/nginx/nginx.conf | grep ssl_protocols | grep 1.1 /dev/null 21 echo Good || echo Bad; doneConfiguration for Rancher-provisioned RKE clustersRancher 配置的 RKE 集群配置Login into the Rancher UI登录牧场主界面Go toCluster Management前往集群管理ClickEdit Configfor the relevant Rancher-provisioned RKE cluster点击编辑配置以查看相关的 Rancher 配置 RKE 集群ClickEdit as YAML点击编辑为 YAML 代码Include thessl-protocolsoption for the ingress, as follows:为入口包含SSL 协议选项具体如下ingress: provider: nginx options: ssl-protocols: TLSv1.1 TLSv1.2ClickSaveat the bottom of the page点击页面底部的保存Wait for cluster to finish upgrading等集群升级完成Explore the cluster and launch a kubectl shell探索星团并发射库贝克特尔炮弹Run the following inside the kubectl shell to verify the new argument:在 kubectl shell 内运行以下操作以验证新参数for pod in $(kubectl get pods -l appingress-nginx -n ingress-nginx --no-headers -o name | awk -F /访问Rancher-K8S解决方案博主企业合作伙伴 https://blog.csdn.net/lidw2009