k8s Nginx-ingress配置https

Posted 2021-09-22 青衫解衣

官网:

https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/

 

创建证书:

说明:测试发现指定namespace和默认default都行，和namespace没有关系，证书放在当前目录下即可。

kubectl create secret tls test-cc --key=test.sit.51zhaoyou.com.key --cert=test.sit.51zhaoyou.com.pem

kubectl create secret tls test.sit.51zhaoyou.com --key=test.sit.51zhaoyou.com.key --cert=test.sit.51zhaoyou.com.pem -n nginx-example

 

 

查看证书:

# kubectl describe secrets -n nginx-example

 

关联service:

https主要是下面几行。

[root@master ~]# cat test-ingress.yaml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  namespace: nginx-example

  name: nginx-test

spec:

​  tls:

    - hosts:

      - test.sit.51zhaoyou.com

      secretName: test-cc​

  rules:

    - host: test.sit.51zhaoyou.com

      http:

        paths:

        - path: /

          backend:

            serviceName: my-nginx

            servicePort: 80

 

查看ingress:

[root@master ~]# kubectl get ing -A

NAMESPACE       NAME         HOSTS                    ADDRESS   PORTS     AGE

nginx-example   nginx-test   test.sit.51zhaoyou.com             80, 443   20m

绑定本地host文件:

Windows：

192.168.1.15 test.sit.51zhaoyou.com

浏览器访问: