|NO.Z.00354|——————————|CloudNative|——|KuberNetes&运维.V70|——|IngressNginx.v06|SSL配置|
一、SSH配置
### --- SSH配置
~~~ # SSL官网地址:
~~~ https://kubernetes.github.io/ingress-nginx/user-guide/tls/
二、配置SSL;https;Ingress单证书
### --- 生成自签名证书和私钥
[root@k8s-master01 rewrite]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj "/CN=test-tls.test.com/0=test-tls.test.com"
Generating a 2048 bit RSA private key
.................................................................................................................................................................................................................+++
....+++
writing new private key to 'tls.key'
-----
Subject Attribute 0 has no known NID, skipped
[root@k8s-master01 rewrite]# ls
tls.cert tls.key### --- 将cert和key配置成secrets;域名证书
~~~ 这个secrets时候TLS的secrets
[root@k8s-master01 rewrite]# kubectl create secret tls ca-cert --key tls.key --cert tls.cert -n ratel-test1
secret/ca-cert created### --- 查看生成的域名证书的secrets
[root@k8s-master01 rewrite]# kubectl get secret -n ratel-test1
NAME TYPE DATA AGE
ca-cert kubernetes.io/tls 2 61s三、配置Ingress
### --- 配置Ingress
~~~ http://krm.test.com/——>Ingress——>创建——>选择集群:test1
~~~ ——>Namespace: ratel-test1——>选择service:ingress-test1
~~~ ——>Ingress名称“test-tls.test.com——>域名:test-tls.test.com
~~~ ——>HTTPS:开启——>证书:ca-cert——>Create——>END
~~~ ——>配置host文件:192.168.1.11 test-tls.test.com### --- 配置hosts
[root@k8s-master01 rewrite]# vim /etc/hosts
192.168.1.11 test-tls.test.com### --- curl这个域名,有没有做redirect
~~~ 这个域名只要是配置了https,就会自动跳转到https
[root@k8s-master01 rewrite]# curl test-tls.test.com -I
HTTP/1.1 308 Permanent Redirect
Date: Tue, 01 Jun 2021 06:50:54 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://test-tls.test.com/ 四、访问https域名:https://test-tls.test.com/
五、禁用https强制跳转
### --- 禁用https强制跳转
~~~ nginx.ingress.kubernetes.io/ssl-redirect: "false"
~~~ https配置了http就会强制自动跳转,若是不想跳转,
~~~ 可以关闭ssl-redirect:false更改为false就可以,默认是true;是全局配置的### --- 生成TLS.yaml文件
[root@k8s-master01 rewrite]# cat nginx-ingress-TLS.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
generation: 1
name: test-tls
namespace: ratel-test1
spec:
rules:
- host: test-tls.test.com
http:
paths:
- backend:
serviceName: ingress-test
servicePort: 80
path: /
tls:
- hosts:
- test-tls.test.com
secretName: ca-certWalter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
——W.S.Landor
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通