kubernetes-Ingress nginx

内部pod是Https

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: xxx
  name: xxx-web
  annotations:
    # 文件上传限制
    nginx.ingress.kubernetes.io/proxy-body-size: "200M"
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
  ingressClassName: nginx
  rules:
    - host: www.xxx.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: xxx-web
                port:
                  number: 443

Ingress配置Https

https://kubernetes.io/zh-cn/docs/concepts/services-networking/ingress/

  • 创建secret
kubectl create secret tls xxx-secret --cert=xxx.crt --key=xxx.key
  • 配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: xxx
  name: xxx-web
  annotations:
    # 文件上传限制
    nginx.ingress.kubernetes.io/proxy-body-size: "200M"
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - www.xxx.net
    secretName: xxx-secret
  rules:
    - host: www.xxx.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: xxx-web
                port:
                  number: 443

Websocket配置

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: xxx
  name: xxx-web
  annotations:
    # 代理发送超时
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    # 代理读取超时
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    # 代理连接超时
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
    # 基于客户端出口ip哈希
    nginx.ingress.kubernetes.io/upstream-hash-by: "$http_x_forwarded_for"
spec:
  ingressClassName: nginx
  rules:
    - host: www.xxx.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: xxx-web
                port:
                  number: 443
posted @ 2022-06-27 09:53  Ranger-dev  阅读(61)  评论(0编辑  收藏  举报