HAOJX

部署一个有证书的ingress-nginx

字数统计: 266阅读时长: 1 min
2018/09/25 Share

生成证书和secret

1
2
3
4
5
6
7
8
9
openssl genrsa -out tls.key 2048

openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=shanghai/L=shanghai/O=devops/CN=tomcat.test.com

kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key-tls.key

kubectl get secret

kubectl describe secret tomcat-ingress-secret

部署一个实例

vim tomcat-deploy.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
targetPort: 8080
port: 8080
- name: ajp
targetPort: 8009
port: 8009



---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: myapp
image: tomcat:8.5.32-jre8-alpine
ports:
- name: http
containerPort: 8080
- name: ajp
containerPort: 8009

部署一个有证书的ingress

vim ingress-tomcat-tls.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.test.com
secretName: tomcat-ingress-secret
rules:
- host: tomcat.test.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080

应用这个yaml文件

1
2
kubectl apply -f tomcat-deploy.yaml
kubectl apply -f ingress-tomcat-tls.yaml

查看这个部署的ingress

1
kubectl get ingress

访问pod

在windows下测试的话 就编辑本地C:\Windows\System32\drivers\etc\hosts

把集群节点所在ip加上刚刚的tomcat.test.com

最后在浏览器中输入

https://tomcat.test.com:30443/

效果如下:

CATALOG
  1. 1. 生成证书和secret
  2. 2. 部署一个实例
  3. 3. 部署一个有证书的ingress
  4. 4. 应用这个yaml文件
  5. 5. 查看这个部署的ingress
  6. 6. 访问pod