配置Ingress

1.编写资源清单

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
root@k8s-master01:~/yaml/chapter13# vim ingress-demo-v1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-demo-v1
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: www.mylinuxops.cn
    http:
      paths:
      - path: /              # 路径
        pathType: Prefix     # 路径类型,有3种Exact、Prefix和ImplementationSpecific
        backend:
          service:
            name: demoapp
            port:
              number: 80
  tls:                             # 以下为使用tls的配置方法
  - hosts: 
    - www.mylinuxops.cn
    secretName: mylinuxops-tls

2.创建证书文件及secret

1
2
3
4
5
6
7
8
9
10
11
12
13
# 创建私钥
root@k8s-master01:~/yaml/chapter13# (umask 077;openssl genrsa -out tls.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................+++++
...............................................................................+++++
e is 65537 (0x010001)

# 创建自签证书
root@k8s-master01:~/yaml/chapter13# openssl req -new -x509 -key tls.key -out tls.crt -subj "/CN=www.mylinuxops.cn" -days 365

#创建secret
root@k8s-master01:~/yaml/chapter13# kubectl create secret tls mylinuxops-tls --cert=tls.crt --key=tls.key
secret/mylinuxops-tls created

3.应用资源清单

1
2
root@k8s-master01:~/yaml/chapter13# kubectl  apply -f ingress-demo-v1.yaml
ingress.networking.k8s.io/ingress-demo-v1 configured

4.部署deployment

此处使用v1beta1中的deployment

5.测试访问

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
root@k8s-master01:~/yaml/chapter13# curl -H "host:www.mylinuxops.cn" 172.16.11.82:31684
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>
# 由于定义了tls,此处产生了跳转。

# 对ingress的https端口进行访问
root@k8s-master01:~/yaml/chapter13# curl -H "host:www.mylinuxops.cn" https://172.16.11.82:31556
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
# 此处显示证书不被认可

# 对证书忽略
root@k8s-master01:~/yaml/chapter13# curl -k -H "host:www.mylinuxops.cn" https://172.16.11.82:31556
iKubernetes demoapp v1.0 !! ClientIP: 192.168.131.3, ServerName: deployment-demo-fb544c5d8-d2k7v, ServerIP: 192.168.96.24!
root@k8s-master01:~/yaml/chapter13# curl -k -H "host:www.mylinuxops.cn" https://172.16.11.82:31556
iKubernetes demoapp v1.0 !! ClientIP: 192.168.131.3, ServerName: deployment-demo-fb544c5d8-n76d2, ServerIP: 192.168.131.19!