Ingress基于Https代理pod
1、构建TLS站点
(1)准备证书,在xianchaomaster1节点操作
cd /root/
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=ak.lucky.com(2)生成secret,在xianchaomaster1节点操作
kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key(3)查看secret
kubectl get secret
(4)查看tomcat-ingress-secret详细信息
kubectl describe secret tomcat-ingress-secret
创建yaml并应用
vi ingress-tomcat-tls.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
spec:
ingressClassName: nginx
tls:
- hosts:
- ak.lucky.com
secretName: tomcat-ingress-secret
rules:
- host: ak.lucky.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc
port:
number: 80
增肌本地hosts内容
浏览器打开 ak.lucky.com
