1.配置k3s kubernetes config
$ cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
$ chown $USER ~/.kube/config
2.安装ingress
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
- 配置ingress-nginx使用主机的80和443端口
$ helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--set controller.hostNetwork=true \
--set controller.service.enabled=false \
--set controller.hostPort.enabled=true \
--set controller.hostPort.ports.http=80 \
--set controller.hostPort.ports.https=443
3.查看ingress状态
root@master:~/kubernetes-dashboard# kubectl get pods -A | grep ingress-nginx
ingress-nginx ingress-nginx-controller-66d6ffdc99-hl48h 1/1 Running 0 147m
kube-system svclb-ingress-nginx-controller-7205d9f3-cmtt6 2/2 Running 0 3h3m
kube-system svclb-ingress-nginx-controller-7205d9f3-fnwlt 2/2 Running 0 3h3m
kube-system svclb-ingress-nginx-controller-7205d9f3-knt4t 2/2 Running 0 3h3m
kube-system svclb-ingress-nginx-controller-7205d9f3-sm4x6 2/2 Running 0 3h3m
root@master:~/kubernetes-dashboard#
4.配置ingress证书
# 将证书转换为base64格式
cat fullchain1.pem | base64 -w 0
# 将private key转换为base64格式
cat privkey1.pem | base64 -w 0
apiVersion: v1
kind: Secret
metadata:
# secret名
name: k3s-seclabs-tls
# 证书放置的namespace
namespace: kubernetes-dashboard
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTi………省略………
tls.key: LS0tLS1CRUdJTi………省略………
root@master:~/ingress-nginx/secrets# kubectl apply -f kubernetes-dashboard-secret.yaml
secret/k3s-seclabs-tls created
root@master:~/ingress-nginx/secrets#
root@master:~/ingress-nginx/secrets# kubectl get secrets -n kubernetes-dashboard
NAME TYPE DATA AGE
admin-user kubernetes.io/service-account-token 3 21h
k3s-seclabs-tls kubernetes.io/tls 2 33m
kubernetes-dashboard-csrf Opaque 1 22h
sh.helm.release.v1.kubernetes-dashboard.v1 helm.sh/release.v1 1 22h
root@master:~/ingress-nginx/secrets#
浙公网安备 33010602011771号