一.部署Ingress-Nginx
1.Ingress-Nginx和nginx-Ingress的区别对比
Ingress-Nginx是K8S官方写的一个Ingress Controller,而"nginx-Ingress"是Nginx官方写的资源清单。
注意,部署时要观察对比一下K8S和Ingress-Nginx对应的版本以来关系哟。
github地址:
https://github.com/kubernetes/ingress-nginx
2.Ingress-Nginx的安装方式
安装文档:
https://kubernetes.github.io/ingress-nginx/deploy/#installation-guide
如上图所示,官方推荐了三种安装方式:
- 使用"helm"安装;
- 使用"kubectl apply"创建yaml资源清单的方式进行安装;
- 使用第三方插件的方式进行安装;
3.基于helm安装Ingress-nginx
1.添加Ingress-nginx的官方仓库
[root@master231 ~]# helm repo add yinzhengjie-ingress-nginx https://kubernetes.github.io/ingress-nginx
"yinzhengjie-ingress-nginx" has been added to your repositories
[root@master231 ~]#
[root@master231 ~]# helm repo list
NAME URL
yinzhengjie-ingress-nginx https://kubernetes.github.io/ingress-nginx
[root@master231 ~]#
·
2.更新软件源
[root@master231 ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "yinzhengjie-ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@master231 ~]#
3.下载指定版本的ingres-nginx软件包
[root@master231 ~]# helm search repo ingress-nginx
NAME CHART VERSION APP VERSION DESCRIPTION
yinzhengjie-ingress-nginx/ingress-nginx 4.9.0 1.9.5 Ingress controller for Kubernetes using NGINX a...
[root@master231 ~]#
[root@master231 ~]# helm pull yinzhengjie-ingress-nginx/ingress-nginx --version 4.2.5
4.解压软件包
[root@master231 ~]# tar xf ingress-nginx-4.2.5.tgz
5.修改配置文件
[root@master231 ~]# sed -i '/registry:/s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com#g' ingress-nginx/values.yaml
[root@master231 ~]# sed -i 's#ingress-nginx/controller#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i 's#ingress-nginx/kube-webhook-certgen#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i 's#v1.3.0#kube-webhook-certgen-v1.3.0#' ingress-nginx/values.yaml
[root@master231 ~]# sed -ri '/digest:/s@^@#@' ingress-nginx/values.yaml
[root@master231 ~]# sed -i '/hostNetwork:/s#false#true#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i '/dnsPolicy/s#ClusterFirst#ClusterFirstWithHostNet#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i '/kind/s#Deployment#DaemonSet#' ingress-nginx/values.yaml
[root@master231 ~]# sed -i '/default:/s#false#true#' ingress-nginx/values.yaml
温馨提示:
- 修改镜像为国内的镜像,否则无法下载海外镜像,除非你会FQ;
- 如果使用我提供的镜像需要将digest注释掉,因为我的镜像是从海外同步过来的,被重新构建过,其digest不一致;
- 建议大家使用宿主机网络效率最高,但是使用宿主机网络将来DNS解析策略会直接使用宿主机的解析;
- 如果还想要继续使用K8S内部的svc名称解析,则需要将默认的"ClusterFirst"的DNS解析策略修改为"ClusterFirstWithHostNet";
- 建议将Deployment类型改为DaemonSet类型,可以确保在各个节点部署一个Pod,也可以修改"nodeSelector"字段让其调度到指定节点;
- 如果仅有一个ingress controller,可以考虑将"ingressClassResource.default"设置为true,表示让其成为默认的ingress controller;
6.创建Ingress专用的名称空间
[root@master231 ~]# kubectl create ns yinzhengjie-ingress
namespace/yinzhengjie-ingress created
[root@master231 ~]#
7.使用helm一键安装Ingress
[root@master231 ~]# helm install myingress ingress-nginx -n yinzhengjie-ingress
NAME: myingress
LAST DEPLOYED: Fri Jan 19 20:43:01 2024
NAMESPACE: yinzhengjie-ingress
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace yinzhengjie-ingress get services -o wide -w myingress-ingress-nginx-controller'
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: foo
spec:
ingressClassName: nginx
rules:
- host: www.example.com
http:
paths:
- pathType: Prefix
backend:
service:
name: exampleService
port:
number: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
[root@master231 ~]#
7.查看创建的创建的资源
[root@master231 manifests]# kubectl get all -n yinzhengjie-ingress -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/myingress-ingress-nginx-controller-2skwt 1/1 Running 0 41s 10.0.0.233 worker233 <none> <none>
pod/myingress-ingress-nginx-controller-z6slc 1/1 Running 0 41s 10.0.0.232 worker232 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/myingress-ingress-nginx-controller LoadBalancer 10.200.239.174 <pending> 80:31882/TCP,443:31490/TCP 41s app.kubernetes.io/component=controller,app.kubernetes.io/instance=myingress,app.kubernetes.io/name=ingress-nginx
service/myingress-ingress-nginx-controller-admission ClusterIP 10.200.191.152 <none> 443/TCP 41s app.kubernetes.io/component=controller,app.kubernetes.io/instance=myingress,app.kubernetes.io/name=ingress-nginx
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
daemonset.apps/myingress-ingress-nginx-controller 2 2 2 2 2 kubernetes.io/os=linux 41s controller registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/ingress-nginx:v1.3.1 app.kubernetes.io/component=controller,app.kubernetes.io/instance=myingress,app.kubernetes.io/name=ingress-nginx
[root@master231 manifests]#
二.Ingress Nginx初体验实战案例
1.创建测试环境
[root@master231 yinzhengjie]# cat deploy-apps.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apps-v1
spec:
replicas: 3
selector:
matchLabels:
apps: v1
template:
metadata:
labels:
apps: v1
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apps
spec:
selector:
apps: v1
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl apply -f deploy-apps.yaml
deployment.apps/deployment-apps-v1 created
service/svc-apps created
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl get svc,deploy,po
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 14d
service/svc-apps ClusterIP 10.200.134.229 <none> 80/TCP 47s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deployment-apps-v1 3/3 3 3 47s
NAME READY STATUS RESTARTS AGE
pod/deployment-apps-v1-5f6bb6f75b-g8vst 1/1 Running 0 47s
pod/deployment-apps-v1-5f6bb6f75b-tlm26 1/1 Running 0 47s
pod/deployment-apps-v1-5f6bb6f75b-vrhbs 1/1 Running 0 47s
[root@master231 yinzhengjie]#
2.创建Ingress资源
[root@master231 yinzhengjie]# cat 01-apps-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: apps-ingress
spec:
rules:
- host: apps.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apps
port:
number: 80
path: /
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl apply -f 01-apps-ingress.yaml
ingress.networking.k8s.io/apps-ingress created
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
apps-ingress nginx apps.yinzhengjie.com 80 71s
[root@master231 yinzhengjie]#
3.验证Ingress-nginx的controller配置
[root@master231 ~]# kubectl get pod -n yinzhengjie-ingress -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myingress-ingress-nginx-controller-2skwt 1/1 Running 0 82m 10.0.0.233 worker233 <none> <none>
myingress-ingress-nginx-controller-z6slc 1/1 Running 0 82m 10.0.0.232 worker232 <none> <none>
[root@master231 ~]#
[root@master231 ~]#
[root@master231 ~]# kubectl -n yinzhengjie-ingress exec -it myingress-ingress-nginx-controller-2skwt -- bash
bash-5.1$
bash-5.1$ grep yinzhengjie.com nginx.conf -n
441: ## start server apps.yinzhengjie.com
443: server_name apps.yinzhengjie.com ;
575: ## end server apps.yinzhengjie.com
bash-5.1$
温馨提示:
不难发现,当我们创建Ingress规则时,其回自动将这个规则同步到ingress-nginx-controller的nginx.conf配置文件中哟~
4.查看po,svc,ing的详细信息
[root@master231 yinzhengjie]# kubectl get po,svc,ing
NAME READY STATUS RESTARTS AGE
pod/deployment-apps-v1-6bc556784f-57z4l 1/1 Running 0 116s
pod/deployment-apps-v1-6bc556784f-68tq7 1/1 Running 0 116s
pod/deployment-apps-v1-6bc556784f-s7jw5 1/1 Running 0 116s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 14d
service/svc-apps ClusterIP 10.200.88.156 <none> 80/TCP 116s
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/apps-ingress nginx apps.yinzhengjie.com 80 10m
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl describe ing
Name: apps-ingress
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
apps.yinzhengjie.com
/ svc-apps:80 (10.100.1.27:80,10.100.1.28:80,10.100.2.15:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 10m nginx-ingress-controller Scheduled for sync
Normal Sync 10m nginx-ingress-controller Scheduled for sync
[root@master231 yinzhengjie]#
5.访问测试
如上图所示。windows我们可以直接访问Ingress-nginx的主机就可以查看到相应的服务啦,只不过别忘记做hosts解析即可。
温馨提示:
也可以使用Linux命令行工具curl进行测试。
[root@master231 yinzhengjie]# curl -H 'host: apps.yinzhengjie.com' 10.0.0.232
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v1</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: green">凡人修仙传 v1 </h1>
<div>
<img src="1.jpg">
<div>
</body>
</html>
[root@master231 yinzhengjie]#
三.Ingress Nginx实现域名重定向
1.背景说明
假如你们公司有域名变更的需求,但是之前的网站依旧是有部分流量的,想要将其流量迁移到新的域名中就可以考虑使用重定向功能。
如上图所示,修改nginx的配置文件有三种方式:
- configMap:
使用ConfigMap在NGINX中设置全局配置。
- annotations:
如果您想要特定Ingress规则的特定配置,请使用此注释。
- Custom template:
当需要更具体的设置时,如"open_file_cache",将侦听选项调整为rcvbuf,或者当无法通过ConfigMap更改配置时。
参考链接:
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/
2.基于注解实现域名跳转
[root@master231 yinzhengjie]# cat 02-redirect.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: apps-redirect
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: https://www.cnblogs.com/yinzhengjie
spec:
rules:
- host: blog.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apps
port:
number: 80
path: /
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl apply -f 02-redirect.yaml
ingress.networking.k8s.io/apps-redirect created
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl describe ing apps-redirect
Name: apps-redirect
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
blog.yinzhengjie.com
/ svc-apps:80 (10.100.1.27:80,10.100.1.28:80,10.100.2.15:80)
Annotations: nginx.ingress.kubernetes.io/permanent-redirect: https://www.cnblogs.com/yi
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 12s nginx-ingress-controller Scheduled for sync
Normal Sync 12s nginx-ingress-controller Scheduled for sync
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]#
3.访问测试
如上图所示,我们可以使用windows测试访问也可以使用Linux来直接基于命令行的方式访问。
除了跳转网站外,我们还可以设置返回的状态码,若不设置默认返回301的状态码。如果需要修改状态码添加相应注解信息即可。
只不过修改资源后,一定要删除Ingress规则后重新创建才能生效哟。
参考案例:
[root@master231 yinzhengjie]# cat 02-redirect.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: apps-redirect
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: https://www.cnblogs.com/yinzhengjie
# 注意,这个状态码不能胡写哈,否则不识别,默认依旧返回301哟~
nginx.ingress.kubernetes.io/permanent-redirect-code: '308'
spec:
rules:
- host: blog.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apps
port:
number: 80
path: /
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl create -f 02-redirect.yaml
ingress.networking.k8s.io/apps-redirect created
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# curl -H 'host: blog.yinzhengjie.com' 10.0.0.232 -I
HTTP/1.1 308 Permanent Redirect
Date: Sat, 20 Jan 2024 10:15:41 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://www.cnblogs.com/yinzhengjie
[root@master231 yinzhengjie]#
四.Ingress Nginx区分移动端和pc端
1.部署移动端测试环境
1.创建deploy,svc资源
[root@master231 yinzhengjie]# cat 01-deploy-svc-apps.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apps-v1
spec:
replicas: 3
selector:
matchLabels:
apps: v1
template:
metadata:
labels:
apps: v1
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apps
spec:
selector:
apps: v1
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master231 yinzhengjie]#
2.创建Ingress资源
[root@master231 yinzhengjie]# cat 02-ingress-iphone.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: apps-iphone
spec:
rules:
- host: m.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apps
port:
number: 80
path: /
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
2.部署pc端测试
1.创建deploy,svc资源
[root@master231 yinzhengjie]# cat 03-deploy-apple.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apple
spec:
replicas: 3
selector:
matchLabels:
apps: apple
template:
metadata:
labels:
apps: apple
spec:
containers:
- name: apple
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apple
spec:
selector:
apps: apple
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master231 yinzhengjie]#
2.创建Ingress资源
[root@master231 yinzhengjie]# cat 04-apple-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: apple
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
set $agentflag 0;
if ($http_user_agent ~* "(Mobile)" ){
set $agentflag 1;
}
if ( $agentflag = 1 ) {
return 301 http://m.yinzhengjie.com;
}
spec:
rules:
- host: yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apple
port:
number: 80
path: /
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
参考连接:
https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#server-snippet
3.测试验证
如上图所示,我们测试成功啦~
五.Ingress Nginx基本认证
1.使用htpasswd工具创建生成nginx认证用户
1.安装htpasswd工具
[root@master231 yinzhengjie]# yum -y install httpd
2.使用htpasswd工具生成测试用户名和密码
[root@master231 yinzhengjie]# htpasswd -c auth jasonyin
New password:
Re-type new password:
Adding password for user jasonyin
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# cat auth
jasonyin:$apr1$v.iw5HUE$n7xcqnT3Aj23qIK0vurGU1
[root@master231 yinzhengjie]#
2.将创建的密码文件用secrets资源存储
[root@master231 yinzhengjie]# kubectl create secret generic nginx-basic-auth --from-file=auth
secret/nginx-basic-auth created
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl get secrets nginx-basic-auth
NAME TYPE DATA AGE
nginx-basic-auth Opaque 1 12s
[root@master231 yinzhengjie]#
3.部署测试应用
[root@master231 yinzhengjie]# cat deploy-apple.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apple
spec:
replicas: 3
selector:
matchLabels:
apps: apple
template:
metadata:
labels:
apps: apple
spec:
containers:
- name: apple
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apple
spec:
selector:
apps: apple
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl apply -f deploy-apple.yaml
deployment.apps/deployment-apple created
service/svc-apple created
[root@master231 yinzhengjie]#
4.创建Ingress用于认证信息
[root@master231 yinzhengjie]# cat ingress-basic-auth.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-basic-auth
annotations:
# 登录的提示信息
nginx.ingress.kubernetes.io/auth-realm: Please Input Your Username and Passowrd
# 对应认证信息,也就是我们创建的secrets资源名称,里面保存了我们创建的有效用户
nginx.ingress.kubernetes.io/auth-secret: nginx-basic-auth
# 指定认证类型
nginx.ingress.kubernetes.io/auth-type: basic
spec:
rules:
- host: auth.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apple
port:
number: 80
path: /
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl apply -f ingress-basic-auth.yaml
ingress.networking.k8s.io/ingress-basic-auth created
[root@master231 yinzhengjie]#
5.访问测试
如上图所示,直接进行访问测试即可。
六.Ingress Nginx实现前后端分离
1.创建测试服务
[root@master231 yinzhengjie]# cat deploy-apple.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apple
spec:
replicas: 3
selector:
matchLabels:
apps: apple
template:
metadata:
labels:
apps: apple
spec:
containers:
- name: apple
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apple
spec:
selector:
apps: apple
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master231 yinzhengjie]#
2.编写Ingress规则实现rewrite
[root@master231 yinzhengjie]# cat ingress-rewrite.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-rewrite
annotations:
# 这句话的是意思是将"/api(/|$)(.*)"改写为"/.*",
# 后端在调用时会直接将"/api(/|$)"的内容取消掉.
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: www.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apple
port:
number: 80
# 注意,这里用到了2个分组,小括号代表分组,共计2个小括号,
# 上面的注解中"rewrite-target"使用到第二个小括号的参数。
path: /api(/|$)(.*)
pathType: ImplementationSpecific
[root@master231 yinzhengjie]#
3.测试访问
七.Ingress Nginx https
1.生成自建证书
1.生成证书文件
[root@master231 yinzhengjie]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=www.yinzhengjie.com"
2.将证书文件以secrets形式存储
[root@master231 yinzhengjie]# kubectl create secret tls ca-secret --cert=tls.crt --key=tls.key
secret/ca-secret created
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl get secrets ca-secret
NAME TYPE DATA AGE
ca-secret kubernetes.io/tls 2 84s
[root@master231 yinzhengjie]#
2.部署测试服务
[root@master231 yinzhengjie]# cat deploy-apple.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apple
spec:
replicas: 3
selector:
matchLabels:
apps: apple
template:
metadata:
labels:
apps: apple
spec:
containers:
- name: apple
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apple
spec:
selector:
apps: apple
ports:
- protocol: TCP
port: 80
targetPort: 80
[root@master231 yinzhengjie]#
3.配置Ingress添加TLS证书
[root@master231 yinzhengjie]# cat ingress-https.html
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-rewrite
# 如果指定了"ingressClassName"参数,就不需要在这里重复声明啦。
# 如果你的K8S 1.22- 版本,则使用注解的方式进行传参即可。
#annotations:
# kubernetes.io/ingress.class: "nginx"
spec:
# 指定Ingress controller,要求你的K8S 1.22+
ingressClassName: nginx
rules:
- host: www.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apple
port:
number: 80
path: /
pathType: ImplementationSpecific
# 配置https证书
tls:
- hosts:
- www.yinzhengjie.com
secretName: ca-secret
[root@master231 yinzhengjie]#
[root@master231 yinzhengjie]# kubectl apply -f ingress-https.html
ingress.networking.k8s.io/ingress-rewrite created
[root@master231 yinzhengjie]#
4.测试访问