文章目录
一、自签证书&&创建ingress规则
shell
## ingress配置https访问,这里使用自签证书实现https访问
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=JS/L=CZ/O=Acme, Inc./CN=*.yaoyao.com"
kubectl create secret tls tls-secret --key=tls.key --cert=tls.crt -n myapp
kubectl apply -f test-ing-https.ymltest-ingress-https.yaml
yaml
# 启动了一个nginx服务nginx-svc3,ingress的tls-secret为之前创建的secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment3
namespace: myapp
spec:
replicas: 1
selector:
matchLabels:
app: nginx-backend3
template:
metadata:
labels:
app: nginx-backend3
spec:
containers:
- name: nginx
image: docker.io/library/nginx:latest
imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc3
namespace: myapp
spec:
ports:
- targetPort: 80
port: 80
selector:
app: nginx-backend3
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ing3
namespace: myapp
spec:
ingressClassName: nginx
tls:
- hosts:
- www.yaoyao.com
secretName: tls-secret
rules:
- host: www.yaoyao.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc3
port:
number: 80二、测试https访问
在另一台机器上配置hosts解析www.yaoyao.com,然后访问 curl --cacert tls.crt https://www.yaoyao.com:10443
这里的10443端口是ingress-nginx-controller服务暴露的nodeport端口
