37、k8s-ingress-https代理--TLS传输层安全协议(证书的生成)
在上一个实验基础上进行:使用上一个实验的deployment、pod、和ingress-nginx
1、先生成证书: ·openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=intheima.com" --------------------------------------------------------------------------------------------------- Generating a 2048 bit RSA private key ..........+++ ......................................................................................................................................................................................................................................................................................................................................................+++ writing new private key to 'tls.key' ----- #-x509 通用的证书格式 #-newkey rsa:2048 -keyout tls.key 生成一个私钥rsa 文件tls.key #-out tls.crt 生成crt ----------------------------------------------------------------------------------------------------- 2、创建密钥: · kubectl create secret tls tls-secret --key tls.key --cert tls.crt #使用tls.key和tls.crt 来生成tls-secret加密证书 ----------------------------------------- secret/tls-secret created #注:TLS:传输层安全协议 与SSL差不多 ------------------------------------------ 3、创建ingress-https.yaml文件: --------------------------------------------------------------------------------------------------- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-https namespace: dev spec: tls: #添加安全认证协议(TLS即传输层安全协议-是SSL的加强版) - hosts: - nginx.xiaoxin.com #允许这两个域名使用加密证书 - tomcat.xiaoxin.com secretName: tls-secret #指定密钥-名字要和上面生成的tls名字一致 rules: - host: nginx.xiaoxin.com http: paths: - path: / backend: serviceName: nginx-service servicePort: 80 - host: tomcat.xiaoxin.com http: paths: - path: / backend: serviceName: tomcat-service servicePort: 8080 --------------------------------------------------------------------------------------------------- 4、执行文件生成ingress:kubectl create -f ingress-https.yaml 5、查看生成的ingress-https:kubectl get ing ingress-https -ndev ------------------------------------------------------------------- NAME HOSTS ADDRESS PORTS AGE ingress-https nginx.xiaoxin.com,tomcat.xiaoxin.com 10.97.145.253 80, 443 60s ------------------------------------------------------------------------------------------------ 6、查看详细信息:kubectl describe ing ingress-https -ndev ------------------------------------------------------------------------------------------------ Name: ingress-https Namespace: dev Address: 10.97.145.253 Default backend: default-http-backend:80 (<none>) TLS: #这里比http多了一个TLS 传输层安全协议 tls-secret terminates nginx.xiaoxin.com,tomcat.xiaoxin.com Rules: Host Path Backends ---- ---- -------- nginx.xiaoxin.com / nginx-service:80 (10.244.1.11:80,10.244.1.14:80,10.244.1.15:80) tomcat.xiaoxin.com / tomcat-service:8080 (10.244.1.12:8080,10.244.1.13:8080,10.244.1.18:8080) Annotations: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 109s nginx-ingress-controller Ingress dev/ingress-https Normal UPDATE 108s nginx-ingress-controller Ingress dev/ingress-https ------------------------------------------------------------------------------------------------------------ 7、查看ingress-nginx服务给https分配的端口: ·kubectl get svc ingress-nginx -n ingress-nginx --------------------------------------------------------------------------------------------- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.97.145.253 <none> 80:30090/TCP,443:32457/TCP 24h #这里给https分配的外部访问的端口是32457 ------------------------------------------------------------------------------------------------ 8、访问: ·https://nginx.xiaoxin.com:32457/ ·https://tomcat.xiaoxin.com:32457/
本文作者:little小新
本文链接:https://www.cnblogs.com/littlecc/p/17686240.html
版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行许可。
分类:
标签:
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步