ingress-nginx-全站https
openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=www.chuan.com'
openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=www.chuan.com'
openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=mobile.chuan.com'
openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=mobile.chuan.com'
openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
root@slave002:/opt/ingress/Ingress/certsge# ls
server.crt server.key
#上传到k8s
kubectl create secret generic chuan-tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key -n chuan
kubectl create secret generic mobile-tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key -n chuan
root@slave002:/opt/ingress/Ingress/certsge# kubectl get secrets -nchuan NAME TYPE DATA AGE default-token-vl4xt kubernetes.io/service-account-token 3 2d4h tls-secret Opaque 2 17s
root@slave002:/opt/ingress/Ingress# kubectl describe secrets mobile-tls-secret -nchuan Name: mobile-tls-secret Namespace: chuan Labels: <none> Annotations: <none> Type: Opaque Data ==== tls.crt: 1679 bytes tls.key: 3268 bytes
root@slave002:/opt/ingress/Ingress# kubectl apply -f ingress-https-chuan_single-host.yaml root@slave002:/opt/ingress/2021/Ingress# cat ingress-https-chuan_single-host.yaml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: nginx-web namespace: chuan annotations: kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型 nginx.ingress.kubernetes.io/ssl-redirect: 'true' #SSL重定向,即将http请求强制重定向至https,等于nginx中的全站https spec: tls: - hosts: - www.chuan.com secretName: tls-secret rules: - host: www.chuan.com http: paths: - path: / backend: serviceName: chuan-tomcat-app1-service servicePort: 80
listen k8s-443 bind 192.168.192.188:443 mode tcp server k8s1 192.168.192.151:40444 check inter 3s fall 3 rise 5 server k8s2 192.168.192.152:40444 check inter 3s fall 3 rise 5
root@slave002:/opt/ingress/Ingress# cat ingress-https-chuan_multi-host.yaml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: nginx-web namespace: chuan annotations: kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型 nginx.ingress.kubernetes.io/ssl-redirect: 'true' spec: tls: - hosts: - www.chuan.com secretName: chuan-tls-secret - hosts: - mobile.chuan.com secretName: mobile-tls-secret rules: - host: www.chuan.com http: paths: - path: / backend: serviceName: chuan-tomcat-app1-service servicePort: 80 - host: mobile.chuan.com http: paths: - path: / backend: serviceName: chuan-tomcat-app2-service servicePort: 80