Ingress的Http与Https代理
环境准备
准备service和pod
为了后面的实验比较方便,创建如下图所示的模型
创建tomcat-nginx.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: dev spec: replicas: 3 selector: matchLabels: app: nginx-pod template: metadata: labels: app: nginx-pod spec: containers: - name: nginx image: nginx:1.17.1 ports: - containerPort: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: tomcat-deployment namespace: dev spec: replicas: 3 selector: matchLabels: app: tomcat-pod template: metadata: labels: app: tomcat-pod spec: containers: - name: tomcat image: tomcat:8.5-jre10-slim ports: - containerPort: 8080 --- apiVersion: v1 kind: Service metadata: name: nginx-service namespace: dev spec: selector: app: nginx-pod clusterIP: None type: ClusterIP ports: - port: 80 targetPort: 80 --- apiVersion: v1 kind: Service metadata: name: tomcat-service namespace: dev spec: selector: app: tomcat-pod clusterIP: None type: ClusterIP ports: - port: 8080 targetPort: 8080
创建并查看
为了避免之前创建pod的影响,直接删除重建命名空间 [root@master ~]# kubectl delete ns dev [root@master ~]# kubectl create ns dev # 创建 [root@master ~]# kubectl create -f tomcat-nginx.yaml # 查看 [root@master ~]# kubectl get svc -n dev
Http代理
创建ingress-http.yaml
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-http namespace: dev spec: rules: - host: nginx.itheima.com #域名 http: paths: - path: / #路径 backend: serviceName: nginx-service #访问nginx.itheima.com会跳转到nginx-service的80端口 servicePort: 80 - host: tomcat.itheima.com http: paths: - path: / backend: serviceName: tomcat-service servicePort: 8080
创建并观察
# 创建 [root@master ~]# kubectl create -f ingress-http.yaml # 查看 [root@master ~]# kubectl get ing ingress-http -n dev # 查看详情 [root@master ~]# kubectl describe ing ingress-http -n dev
...
# 接下来,在本地电脑上配置host文件,解析上面的两个域名到192.168.1.50(master)上 本机hosts地址C:\Windows\System32\drivers\etc
查看ingress-nginx暴露的端口 [root@master ~]# kubectl get svc -n ingress-nginx 访问 http://nginx.itheima.com:31067/ http://tomcat.itheima.com:31067/
Https代理
创建证书
# 生成证书 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=itheima.com" # 创建密钥 kubectl create secret tls tls-secret --key tls.key --cert tls.crt
创建ingress-https.yaml
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-https namespace: dev spec: tls: - hosts: - nginx.itheima.com - tomcat.itheima.com secretName: tls-secret # 指定秘钥,名字要对应 rules: - host: nginx.itheima.com http: paths: - path: / backend: serviceName: nginx-service servicePort: 80 - host: tomcat.itheima.com http: paths: - path: / backend: serviceName: tomcat-service servicePort: 8080
创建并查看
# 创建 [root@master ~]# kubectl create -f ingress-https.yaml # 查看 [root@master ~]# kubectl get ing ingress-https -n dev # 查看详情 [root@master ~]# kubectl describe ing ingress-https -n dev
# 下面可以通过浏览器访问 注:因为是自签证书,所以提示不安全 https://nginx.itheima.com:31453/ https://tomcat.itheima.com:31453/
参考
黑马B站k8s课程https://www.bilibili.com/video/BV1Qv41167ck/
https://gitee.com/yooome/golang/blob/main/k8s%E8%AF%A6%E7%BB%86%E6%95%99%E7%A8%8B-%E8%B0%83%E6%95%B4%E7%89%88/k8s%E8%AF%A6%E7%BB%86%E6%95%99%E7%A8%8B.md
https://www.yuque.com/fairy-era/yg511q/xyqxge