Ingress

ingress-nginx

• 部署ingress-nginx 控制器

  kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/cloud/deploy.yaml
  

• 测试tls

  openssl genrsa -out tls.key 2048
  openssl req -x509 -new -key tls.key -out tls.crt -subj /CN="*" -days 3650
  kubectl create secret tls https-test --cert=./tls.crt --key=./tls.key  
  

  apiVersion: v1
  kind: Pod
  metadata:
    name: test-tls
    labels:
      app: python
  spec:
    containers:
    - name: test-tls
      image: python
      command: ["python","-m","http.server"]
      ports:
      - name: http
        containerPort: 8000
  ---
  apiVersion: v1
  kind: Service
  metadata:
    name: test-tls-svc
    labels:
      tier: frond
  spec:
    selector:
      app: python
    ports:
    - name: http
      port: 80
      targetPort: 8000
    type: ClusterIP
  ---
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: tls-example-ingress
    annotations:
      kubernetes.io/ingress.class: "nginx"
      ingressClass.kubernetes.io/is-default-class: "true"
      ingressClassName: "nginx"
  spec:
    tls:
    - hosts:
        - test.com
      secretName: https-test
    rules:
    - host: test.com
      http:
        paths:
        - path: /bin
          pathType: Prefix  #类比nginx 中的 location
          backend:
            service:
              name: test-tls-svc
              port: 
                number: 80
  

• 在k8s 集群外使用代理访问

  upstream test {
  	 	server 10.4.7.50:31196;  # 10.4.7.50:31196  ingress controller的地址和端口
  		}
  
  	server {
          listen       80;
          location / {
          rewrite ^.*(.*) https://test.com:31196/$1 permanent;
          }