$ roxctl central generate interactive \
--plaintext-endpoints=<endpoints_spec> (1)
×
通过 HTTP 公开 RHACS 门户
启用未加密的HTTP服务器,通过入口控制器、7层负载均衡器、Istio或其他解决方案公开RHACS门户。(Enable an unencrypted HTTP server to expose the RHACS portal through ingress controllers, Layer 7 load balancers, Istio, or other solutions.)
如果您使用的是入口控制器、Istio或更喜欢未加密HTTP后端的7层负载均衡器,您可以配置Red Hat Advanced Cluster Security for Kubernetes以通过HTTP公开RHACS门户。这样做会使RHACS门户可通过明文后端访问。(If you use an ingress controller, Istio, or a Layer 7 load balancer that prefers unencrypted HTTP back ends, you can configure Red Hat Advanced Cluster Security for Kubernetes to expose the RHACS portal over HTTP. Doing this makes the RHACS portal available over a plaintext back end.)
|
要通过HTTP公开RHACS门户,您必须使用入口控制器、7层负载均衡器或Istio来使用HTTPS加密外部流量。直接使用纯HTTP将RHACS门户公开给外部客户端是不安全的。(To expose the RHACS portal over HTTP, you must be using an ingress controller, a Layer 7 load balancer, or Istio to encrypt external traffic with HTTPS. It is insecure to expose the RHACS portal directly to external clients by using plain HTTP.) |
您可以在安装期间或现有部署中通过HTTP公开RHACS门户。(You can expose the RHACS portal over HTTP during installation or on an existing deployment.)
先决条件 (Prerequisites)
-
要指定HTTP端点,必须使用
<endpoints_spec>。它是一个用逗号分隔的单个端点规范列表,格式为<type>@<addr>:<port>,其中-
type为grpc或http。使用http作为类型适用于大多数用例。对于高级用例,您可以使用grpc或省略其值。如果您省略type的值,则可以在代理中配置两个端点,一个用于gRPC,另一个用于HTTP。这两个端点都指向Central上相同的公开HTTP端口。但是,大多数代理不支持在同一个外部端口上同时承载gRPC和HTTP流量。(typeisgrpcorhttp. Usinghttpas type works in most use cases. For advanced use cases, you can either usegrpcor omit its value. If you omit the value fortype, you can configure two endpoints in your proxy, one for gRPC and the other for HTTP. Both these endpoints point to the same exposed HTTP port on Central. However, most proxies do not support carrying both gRPC and HTTP traffic on the same external port.) -
addr是在其中公开Central的IP地址。如果只需要一个仅可通过端口转发访问的HTTP端点,您可以省略此项,或使用localhost或127.0.0.1。(addris the IP address to expose Central on. You can omit this, or uselocalhostor127.0.0.1if you need an HTTP endpoint which is only accessible by using port-forwarding.) -
port是要在其中公开Central的端口。(portis the port to expose Central on.) -
以下是几个有效的
<endpoints_spec>值-
8080 -
http@8080 -
:8081 -
grpc@:8081 -
localhost:8080 -
http@localhost:8080 -
http@8080,grpc@8081 -
8080, grpc@:8081, [email protected]:8082
-
-
安装期间通过HTTP公开RHACS门户 (Exposing the RHACS portal over HTTP during the installation)
如果您使用roxctl CLI安装Red Hat Advanced Cluster Security for Kubernetes,请使用--plaintext-endpoints选项和roxctl central generate interactive命令在安装期间启用HTTP服务器。(If you are installing Red Hat Advanced Cluster Security for Kubernetes using the roxctl CLI, use the --plaintext-endpoints option with the roxctl central generate interactive command to enable the HTTP server during the installation.)
步骤 (Procedure)
-
运行以下命令以在交互式安装过程中指定HTTP端点
1 端点规范格式为 <type>@<addr>:<port>。有关详细信息,请参阅“先决条件”部分。(Endpoint specifications in the form of<type>@<addr>:<port>. See the Prerequisites section for details.)
对现有部署通过HTTP公开RHACS门户 (Exposing the RHACS portal over HTTP for an existing deployment)
您可以在现有的Red Hat Advanced Cluster Security for Kubernetes部署上启用HTTP服务器。(You can enable the HTTP server on an existing Red Hat Advanced Cluster Security for Kubernetes deployment.)
步骤 (Procedure)
-
创建一个补丁并定义一个
ROX_PLAINTEXT_ENDPOINTS环境变量 (Create a patch and define aROX_PLAINTEXT_ENDPOINTSenvironment variable)$ CENTRAL_PLAINTEXT_PATCH=' spec: template: spec: containers: - name: central env: - name: ROX_PLAINTEXT_ENDPOINTS value: <endpoints_spec> (1) '1 端点规范格式为 <type>@<addr>:<port>。有关详细信息,请参阅“先决条件”部分。(Endpoint specifications in the form of<type>@<addr>:<port>. See the Prerequisites section for details.) -
将
ROX_PLAINTEXT_ENDPOINTS环境变量添加到Central部署 (Add theROX_PLAINTEXT_ENDPOINTSenvironment variable to the Central deployment)$ oc -n stackrox patch deploy/central -p "$CENTRAL_PLAINTEXT_PATCH"