白眉大叔 nginx-ingress-https 代理 案例
nginx-ingress 汇总 : 连接
首先自己先模拟生成一个证书(生产环境,可以购买证书的)
mkdir tls
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=wwws.bmds.com/O=nginxsvc"
这里要更换的是 wwws.bmds.com
这条命令使用 OpenSSL 生成一个有效期为 365 天的 自签名 X.509 证书。
kubectl create secret tls ingress-nginx-tls --key tls.key --cert tls.crt将上一步生成的证书和私钥打包成一个 Kubernetes Secret 资源。
然后编辑:
vi 2deployment-ingress-httpSproxy-www1.yaml
内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-ingress-httpproxy-www1
spec:
replicas: 2
selector:
matchLabels:
hostname: www1
template:
metadata:
labels:
hostname: www1
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/baimeidashu/myspring:v1.0
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: svc-ingress-httpproxy-www1
spec:
selector:
hostname: www1
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-httpproxy-www1
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- host: wwws.bmds.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: svc-ingress-httpproxy-www1
port:
number: 80
tls:
- hosts:
- wwws.bmds.com
secretName: ingress-nginx-tls
然后部署:
kubectl apply -f 2deployment-ingress-httpSproxy-www1.yaml
测试:
curl -k https://10.0.0.102 -H 'host:wwws.bmds.com'
说明成功了
浏览器访问,需要配置hosts
欢迎来撩 : 汇总all
