ingress-nginx 配置例子
文档说明:只记录关键地方;
试验环境: linux debian 11
目标:自建K8S 对外提供 http https 服务
ingress-nginx 暴露服务端口
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.2.0
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort # 关键点就在这里了
externalIPs:
- 192.168.3.123
- 192.168.3.124
生成secret TLS
kubectl create -n default secret tls com-xiaoshuogeng-tls-cert-secret \
--key=/data/tls/wildcard.xiaoshuogeng.com.key.pem \
--cert=/data/tls/wildcard.xiaoshuogeng.com.fullchain.pem
ingress-nginx 配置路由
com-xiaoshuogeng-confluence-service是内部服务名称
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-com-xiaoshuogeng-confluence
namespace: default
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "True"
spec:
ingressClassName: nginx
rules:
- host: confluence.xiaoshuogeng.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: com-xiaoshuogeng-confluence-service
port:
number: 80
tls:
- hosts:
- confluence.xiaoshuogeng.com
secretName: com-xiaoshuogeng-tls-cert-secret
