ingress-nginx 添加https证书

Posted littlevigra

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ingress-nginx 添加https证书相关的知识,希望对你有一定的参考价值。

1.配了一个证书,发现报错:

 kubectl logs  ingress-nginx-controller-96fnv   -n ingress-nginx

 unexpected error validating SSL certificate gscommon/https-secret for host oa2https01.mz.abc.com. Reason: x509: certificate is valid for *.idcsec.com, not oa2https01.mz.abc.com

基本可以确定是证书有问题

2.参考思路:

2.1生成证书文件:

openssl req -x509 -nodes -days 2920 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=*.idcsec.com/O=nginxsvc"

2.2 导入证书文件到k8s secret

kubectl create secret tls https-secret --key tls.key --cert tls.crt

我的配置:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-redirect: "True"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"ingress.kubernetes.io/ssl-redirect":"True"},"name":"pispower-oa-https","namespace":"gscommon"},"spec":{"rules":[{"host":"oahttps02.mz.pispower.com","http":{"paths":[{"backend":{"serviceName":"oa2gs","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["oahttps02.mz.pispower.com"],"secretName":"https-secret-02"}]}}
creationTimestamp: 2018-12-22T15:42:08Z
generation: 3
name: pispower-oa-https
namespace: gscommon
resourceVersion: "7947760"
selfLink: /apis/extensions/v1beta1/namespaces/gscommon/ingresses/pispower-oa-https
uid: 2425b1df-0600-11e9-9cd0-020050e80095

spec:
rules:
- host: oahttps02.mz.abc.com
http:
paths:
- backend:
serviceName: oa2gs
servicePort: 80
path: /
tls:
- hosts:
- oahttps02.mz.abc.com
secretName: https-secret04
status:
loadBalancer:
ingress:
- {}

参考:http://idcsec.com/articles/2018/09/28/1538105157281.html

关键: kubectl create secret tls https-secret04 --key mz.abc.key --cert mz.abc.com.crt -n gscommon

以上是关于ingress-nginx 添加https证书的主要内容,如果未能解决你的问题,请参考以下文章

Kubernetes Ingress-nginx高级用法

Kubernetes Ingress-nginx高级用法

k8s Nginx-ingress配置https

4.2.k8s.Ingress-Nginx

Ingress-Nginx

添加自签发的 SSL 证书为受信任的根证书