Ingress的Http與Https代理

環境準備

準備service和pod

為了后面的實驗比較方便，創建如下圖所示的模型

創建tomcat-nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: dev
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
      - name: nginx
        image: nginx:1.17.1
        ports:
        - containerPort: 80

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-deployment
  namespace: dev
spec:
  replicas: 3
  selector:
    matchLabels:
      app: tomcat-pod
  template:
    metadata:
      labels:
        app: tomcat-pod
    spec:
      containers:
      - name: tomcat
        image: tomcat:8.5-jre10-slim
        ports:
        - containerPort: 8080

---

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: dev
spec:
  selector:
    app: nginx-pod
  clusterIP: None
  type: ClusterIP
  ports:
  - port: 80
    targetPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: tomcat-service
  namespace: dev
spec:
  selector:
    app: tomcat-pod
  clusterIP: None
  type: ClusterIP
  ports:
  - port: 8080
    targetPort: 8080

創建并查看

為了避免之前創建pod的影響，直接刪除重建命名空間
[root@master ~]# kubectl delete ns dev
[root@master ~]# kubectl create ns dev

# 創建
[root@master ~]# kubectl create -f tomcat-nginx.yaml

# 查看
[root@master ~]# kubectl get svc -n dev

Http代理

創建ingress-http.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-http
  namespace: dev
spec:
  rules:
  - host: nginx.itheima.com     #域名
    http:
      paths:
      - path: /                #路徑
        backend:
          serviceName: nginx-service   #訪問nginx.itheima.com會跳轉到nginx-service的80端口
          servicePort: 80
  - host: tomcat.itheima.com
    http:
      paths:
      - path: /
        backend:
          serviceName: tomcat-service
          servicePort: 8080

創建并觀察

# 創建
[root@master ~]# kubectl create -f ingress-http.yaml

# 查看
[root@master ~]# kubectl get ing ingress-http -n dev

# 查看詳情
[root@master ~]# kubectl describe ing ingress-http -n dev

...

# 接下來,在本地電腦上配置host文件,解析上面的兩個域名到192.168.1.50(master)上
本機hosts地址C:\Windows\System32\drivers\etc

查看ingress-nginx暴露的端口
[root@master ~]# kubectl get svc -n ingress-nginx

訪問

http://nginx.itheima.com:31067/
http://tomcat.itheima.com:31067/

Https代理

創建證書

# 生成證書
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=itheima.com"

# 創建密鑰
kubectl create secret tls tls-secret --key tls.key --cert tls.crt

創建ingress-https.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-https
  namespace: dev
spec:
  tls:
    - hosts:
      - nginx.itheima.com
      - tomcat.itheima.com
      secretName: tls-secret # 指定秘鑰，名字要對應
  rules:
  - host: nginx.itheima.com
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx-service
          servicePort: 80
  - host: tomcat.itheima.com
    http:
      paths:
      - path: /
        backend:
          serviceName: tomcat-service
          servicePort: 8080

創建并查看

# 創建
[root@master ~]# kubectl create -f ingress-https.yaml

# 查看
[root@master ~]# kubectl get ing ingress-https -n dev

# 查看詳情
[root@master ~]# kubectl describe ing ingress-https -n dev

# 下面可以通過瀏覽器訪問
注：因為是自簽證書，所以提示不安全

https://nginx.itheima.com:31453/
https://tomcat.itheima.com:31453/

參考

黑馬B站k8s課程https://www.bilibili.com/video/BV1Qv41167ck/
https://gitee.com/yooome/golang/blob/main/k8s%E8%AF%A6%E7%BB%86%E6%95%99%E7%A8%8B-%E8%B0%83%E6%95%B4%E7%89%88/k8s%E8%AF%A6%E7%BB%86%E6%95%99%E7%A8%8B.md
https://www.yuque.com/fairy-era/yg511q/xyqxge

posted @ 2022-12-02 15:03 gys001 閱讀(432) 評論(0) 收藏舉報

刷新頁面返回頂部