开启HTTPS服务
vim nginx-service.yaml
暴露443端口
apiVersion: v1
kind: Service
metadata:
name: nginx2-pv
labels:
run: nginx2-pv
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30080
name: http
- port: 443
targetPort: 443
nodePort: 30443
name: https
selector:
run: nginx2-pv
kubectl apply -f nginx-service.yaml
创建集群的服务器证书
mkdir /root/cert &&cd /root/cert
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt
Ingress上配置证书
kubectl create secret tls secret-https --key tls.key --cert tls.crt
kubectl describe secret secret-https
开启TLS
增加tls规则
tls:
- hosts:
- hello-world.info
secretName: secret-https
cat nginx-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pv-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- hello-world.info
secretName: secret-https
rules:
- host: hello-world.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx2-pv
port:
number: 80
kubectl apply -f nginx-pv-ingress.yaml
检验HTTPS
kubectl get svc -n ingress-nginx
kubectl get ingress
因为使用的自签名,所以会提示不被信任,所以在实际生产环境,需要去阿里云注册签名。
https://hello-world.info