34-Ingress
一、svc和Ingress的区别
svc和Ingress本质上都是实现服务发现的资源类型。
svc主要实现方式是基于四层负载实现。
而Ingress基于七层负载实现。但Ingress的实现需要单独部署第三方组件。
二、Ingress和IngressClass
Ingress是K8S集群内置的资源,本质上是配置文件,将域名解析到对应的svc。
IngressClass可以解读k8s的Ingress资源,从而翻译为能识别的配置文件,对外部用户提供访问路由。
三、基于helm部署Ingress-nginx实战
1.Ingress-Nginx概述
Ingress-Nginx是K8S官方写的一个Ingress Controller,而"nginx-Ingress"是Nginx官方写的资源清单。
注意,部署时要观察对比一下K8S和Ingress-Nginx对应的版本以来关系哟。
github地址:
https://github.com/kubernetes/ingress-nginx
安装文档:
https://kubernetes.github.io/ingress-nginx/deploy/#installation-guide
如上图所示,官方推荐了三种安装方式:
- 使用"helm"安装;
- 使用"kubectl apply"创建yaml资源清单的方式进行安装;
- 使用第三方插件的方式进行安装;
2.添加第三方仓库
[root@master231 helm]# helm repo add dingzhiyan-ingress https://kubernetes.github.io/ingress-nginx
"dingzhiyan-ingress" has been added to your repositories
[root@master231 helm]#
[root@master231 helm]# helm repo list
NAME URL
dingzhiyan-ingress https://kubernetes.github.io/ingress-nginx
[root@master231 helm]#
3.搜索Ingress-nginx的Chart
[root@master231 helm]# helm search repo ingress-nginx
NAME CHART VERSION APP VERSION DESCRIPTION
dingzhiyan-ingress/ingress-nginx 4.12.0 1.12.0 Ingress controller for Kubernetes using NGINX a...
[root@master231 helm]#
[root@master231 helm]#
[root@master231 helm]# helm search repo ingress-nginx -l
NAME CHART VERSION APP VERSION DESCRIPTION
dingzhiyan-ingress/ingress-nginx 4.12.0 1.12.0 Ingress controller for Kubernetes using NGINX a...
...
dingzhiyan-ingress/ingress-nginx 4.5.2 1.6.4 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.5.0 1.6.3 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.4.2 1.5.1 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.4.0 1.5.1 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.3.0 1.4.0 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.2.5 1.3.1 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.2.4 1.3.1 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.2.3 1.3.0 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.2.2 1.3.0 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.2.1 1.3.0 Ingress controller for Kubernetes using NGINX a...
dingzhiyan-ingress/ingress-nginx 4.2.0 1.3.0 Ingress controller for Kubernetes using NGINX a...
...
[root@master231 helm]#
4.下载指定的Chart
[root@master231 helm]# helm pull dingzhiyan-ingress/ingress-nginx --version 4.2.5
5.解压软件包并修改配置参数
[root@master231 helm]# tar xf ingress-nginx-4.2.5.tgz
[root@master231 helm]#
[root@master231 helm]# sed -i '/registry:/s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com#g' ingress-nginx/values.yaml
[root@master231 helm]# sed -i 's#ingress-nginx/controller#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i 's#ingress-nginx/kube-webhook-certgen#yinzhengjie-k8s/ingress-nginx#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i 's#v1.3.0#kube-webhook-certgen-v1.3.0#' ingress-nginx/values.yaml
[root@master231 helm]# sed -ri '/digest:/s@^@#@' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/hostNetwork:/s#false#true#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/dnsPolicy/s#ClusterFirst#ClusterFirstWithHostNet#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/kind/s#Deployment#DaemonSet#' ingress-nginx/values.yaml
[root@master231 helm]# sed -i '/default:/s#false#true#' ingress-nginx/values.yaml
温馨提示:
- 修改镜像为国内的镜像,否则无法下载海外镜像,除非你会FQ;
- 如果使用我提供的镜像需要将digest注释掉,因为我的镜像是从海外同步过来的,被重新构建过,其digest不一致;
- 建议大家使用宿主机网络效率最高,但是使用宿主机网络将来DNS解析策略会直接使用宿主机的解析;
- 如果还想要继续使用K8S内部的svc名称解析,则需要将默认的"ClusterFirst"的DNS解析策略修改为"ClusterFirstWithHostNet";
- 建议将Deployment类型改为DaemonSet类型,可以确保在各个节点部署一个Pod,也可以修改"nodeSelector"字段让其调度到指定节点;
- 如果仅有一个ingress controller,可以考虑将"ingressClassResource.default"设置为true,表示让其成为默认的ingress controller;
6.安装ingress-nginx
[root@master231 ingress-nginx]# helm upgrade --install ing-class-linux96 ingress-nginx -n ingress-nginx --create-namespace
Release "ing-class-linux96" does not exist. Installing it now.
NAME: ing-class-linux96
LAST DEPLOYED: Mon Apr 21 11:50:25 2025
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace ingress-nginx get services -o wide -w ing-class-linux96-ingress-nginx-controller'
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: foo
spec:
ingressClassName: nginx
rules:
- host: www.example.com
http:
paths:
- pathType: Prefix
backend:
service:
name: exampleService
port:
number: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
[root@master231 ingress-nginx]#
7.验证Ingress-nginx是否安装成功
[root@master231 ingress-nginx]# helm list -n ingress-nginx
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
ing-class-linux96 ingress-nginx 1 2025-04-21 11:50:25.883175792 +0800 CST deployed ingress-nginx-4.2.5 1.3.1
[root@master231 ingress-nginx]#
[root@master231 ingress-nginx]# kubectl get ingressclass,deploy,svc,po -n ingress-nginx
NAME CONTROLLER PARAMETERS AGE
ingressclass.networking.k8s.io/nginx k8s.io/ingress-nginx <none> 3m46s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ing-class-linux96-ingress-nginx-controller LoadBalancer 10.200.149.170 10.0.0.153 80:47228/TCP,443:40326/TCP 3m46s
service/ing-class-linux96-ingress-nginx-controller-admission ClusterIP 10.200.223.163 <none> 443/TCP 3m46s
NAME READY STATUS RESTARTS AGE
pod/ing-class-linux96-ingress-nginx-controller-2ls5c 1/1 Running 0 3m46s
pod/ing-class-linux96-ingress-nginx-controller-bvgj2 1/1 Running 0 3m46s
[root@master231 ingress-nginx]#
温馨提示:
如果镜像拉取失败,可以使用我的仓库地址导入即可。
http://192.168.16.253/Resources/Kubernetes/Add-ons/ingress-nginx/dingzhiyan-ingress-nginx-v1.3.1.tar.gz
8.访问测试
对于外部而言,可以直接基于"10.0.0.153"地址进行访问。
http://10.0.0.153
四、ingress的映射http案例
1.为什么要学习Ingress
NodePort在暴露服务时,会监听一个NodePort端口,且多个服务无法使用同一个端口的情况。
因此我们说Service可以理解为四层代理。说白了,就是基于IP:PORT的方式进行代理。
假设"v1.dingzhiyan.com"的服务需要监听80端口,而"v2.dingzhiyan.com"和"v3.dingzhiyan.com"同时也需要监听80端口,svc就很难实现。
这个时候,我们可以借助Ingress来实现此功能,可以将Ingress看做七层代理,底层依旧基于svc进行路由。
而Ingress在K8S是内置的资源,表示主机到svc的解析规则,但具体实现需要安装附加组件(对应的是IngressClass),比如ingress-nginx,traefik等。
IngressClass和Ingress的关系优点类似于: nginx和nginx.conf的关系。
2.准备环境
[root@master231 ingresses]# cat > 01-deploy-svc-xiuxian.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-v1
spec:
replicas: 3
selector:
matchLabels:
apps: v1
template:
metadata:
labels:
apps: v1
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-v2
spec:
replicas: 3
selector:
matchLabels:
apps: v2
template:
metadata:
labels:
apps: v2
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-v3
spec:
replicas: 3
selector:
matchLabels:
apps: v3
template:
metadata:
labels:
apps: v3
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian-v1
spec:
type: ClusterIP
selector:
apps: v1
ports:
- port: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian-v2
spec:
type: ClusterIP
selector:
apps: v2
ports:
- port: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian-v3
spec:
type: ClusterIP
selector:
apps: v3
ports:
- port: 80
EOF
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl apply -f 01-deploy-svc-xiuxian.yaml
deployment.apps/deploy-xiuxian-v1 created
deployment.apps/deploy-xiuxian-v2 created
deployment.apps/deploy-xiuxian-v3 created
service/svc-xiuxian-v1 created
service/svc-xiuxian-v2 created
service/svc-xiuxian-v3 created
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
deploy-xiuxian-v1-6bc556784f-7x68g 1/1 Running 0 31s apps=v1,pod-template-hash=6bc556784f
deploy-xiuxian-v1-6bc556784f-995hf 1/1 Running 0 31s apps=v1,pod-template-hash=6bc556784f
deploy-xiuxian-v1-6bc556784f-ztwj5 1/1 Running 0 31s apps=v1,pod-template-hash=6bc556784f
deploy-xiuxian-v2-64bb8c9785-4f525 1/1 Running 0 31s apps=v2,pod-template-hash=64bb8c9785
deploy-xiuxian-v2-64bb8c9785-7f48v 1/1 Running 0 31s apps=v2,pod-template-hash=64bb8c9785
deploy-xiuxian-v2-64bb8c9785-qr2zr 1/1 Running 0 31s apps=v2,pod-template-hash=64bb8c9785
deploy-xiuxian-v3-698c86cf85-8jfbj 1/1 Running 0 31s apps=v3,pod-template-hash=698c86cf85
deploy-xiuxian-v3-698c86cf85-gggwb 1/1 Running 0 31s apps=v3,pod-template-hash=698c86cf85
deploy-xiuxian-v3-698c86cf85-j28rb 1/1 Running 0 31s apps=v3,pod-template-hash=698c86cf85
[root@master231 ingresses]#
3.编写Ingress规则
[root@master231 ingresses]# cat > 02-ingress-xiuxian.yaml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-xiuxian
spec:
ingressClassName: nginx
rules:
- host: v1.dingzhiyan.com
http:
paths:
- pathType: Prefix
backend:
service:
name: svc-xiuxian-v1
port:
number: 80
path: /
- host: v2.dingzhiyan.com
http:
paths:
- pathType: Prefix
backend:
service:
name: svc-xiuxian-v2
port:
number: 80
path: /
- host: v3.dingzhiyan.com
http:
paths:
- pathType: Prefix
backend:
service:
name: svc-xiuxian-v3
port:
number: 80
path: /
EOF
4.如果出现报错需要解决(可跳过,前提是你没有出错的情况)
4.1 修改配置文件
[root@master231 ingress-nginx]# kubectl apply -f 02-ingress-xiuxian.yaml
Error from server (InternalError): error when creating "02-ingress-xiuxian.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": failed to call webhook: Post "https://ing-class-linux96-ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s": x509: certificate is not valid for any names, but wanted to match ing-class-linux96-ingress-nginx-controller-admission.ingress-nginx.svc
[root@master231 ingress-nginx]#
[root@master231 ingress-nginx]# vim ingress-nginx/values.yaml
...
589 admissionWebhooks:
...
596 enabled: false # 将此字段设置为false
helm upgrade --install ing-class-linux96 ingress-nginx -n ingress-nginx --create-namespace
4.2 重新安装Ingress-nginx使得配置生效
[root@master231 ingress-nginx]# helm -n ingress-nginx uninstall ing-class-linux96
release "ing-class-linux96" uninstalled
[root@master231 ingress-nginx]#
[root@master231 ingress-nginx]# helm upgrade --install ing-class-linux96 ingress-nginx -n ingress-nginx --create-namespace
4.3 验证pod是否就绪
[root@master231 ingress-nginx]# kubectl get ingressclass,svc,po -o wide -n ingress-nginx
NAME CONTROLLER PARAMETERS AGE
ingressclass.networking.k8s.io/nginx k8s.io/ingress-nginx <none> 71s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/ing-class-linux96-ingress-nginx-controller LoadBalancer 10.200.182.87 10.0.0.153 80:24311/TCP,443:42523/TCP 71s app.kubernetes.io/component=controller,app.kubernetes.io/instance=ing-class-linux96,app.kubernetes.io/name=ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/ing-class-linux96-ingress-nginx-controller-cpc26 1/1 Running 0 71s 10.0.0.233 worker233 <none> <none>
pod/ing-class-linux96-ingress-nginx-controller-pxplf 1/1 Running 0 71s 10.0.0.232 worker232 <none> <none>
[root@master231 ingress-nginx]#
5.创建Ingress规则
[root@master231 ingresses]# kubectl apply -f 02-ingress-xiuxian.yaml
ingress.networking.k8s.io/ingress-xiuxian created
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-xiuxian nginx v1.dingzhiyan.com,v2.dingzhiyan.com,v3.dingzhiyan.com 80 6s
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl describe ingress ingress-xiuxian
Name: ingress-xiuxian
Labels: <none>
Namespace: default
Address: 10.0.0.151
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
v1.dingzhiyan.com
/ svc-xiuxian-v1:80 (10.100.1.37:80,10.100.1.40:80,10.100.2.109:80)
v2.dingzhiyan.com
/ svc-xiuxian-v2:80 (10.100.1.38:80,10.100.1.41:80,10.100.2.110:80)
v3.dingzhiyan.com
/ svc-xiuxian-v3:80 (10.100.1.39:80,10.100.1.42:80,10.100.2.111:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 0s (x2 over 19s) nginx-ingress-controller Scheduled for sync
Normal Sync 0s (x2 over 19s) nginx-ingress-controller Scheduled for sync
[root@master231 ingresses]#
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-xiuxian-v1-6bc556784f-7x68g 1/1 Running 0 3m43s 10.100.2.109 worker233 <none> <none>
deploy-xiuxian-v1-6bc556784f-995hf 1/1 Running 0 3m43s 10.100.1.37 worker232 <none> <none>
deploy-xiuxian-v1-6bc556784f-ztwj5 1/1 Running 0 3m43s 10.100.1.40 worker232 <none> <none>
deploy-xiuxian-v2-64bb8c9785-4f525 1/1 Running 0 3m43s 10.100.1.38 worker232 <none> <none>
deploy-xiuxian-v2-64bb8c9785-7f48v 1/1 Running 0 3m43s 10.100.2.110 worker233 <none> <none>
deploy-xiuxian-v2-64bb8c9785-qr2zr 1/1 Running 0 3m43s 10.100.1.41 worker232 <none> <none>
deploy-xiuxian-v3-698c86cf85-8jfbj 1/1 Running 0 3m43s 10.100.2.111 worker233 <none> <none>
deploy-xiuxian-v3-698c86cf85-gggwb 1/1 Running 0 3m43s 10.100.1.42 worker232 <none> <none>
deploy-xiuxian-v3-698c86cf85-j28rb 1/1 Running 0 3m43s 10.100.1.39 worker232 <none> <none>
[root@master231 ingresses]#
6.windows添加解析记录
10.0.0.232 v1.dingzhiyan.com v2.dingzhiyan.com
10.0.0.233 v3.dingzhiyan.com
或者:(二选一)
10.0.0.153 v1.dingzhiyan.com v2.dingzhiyan.com v3.dingzhiyan.com
7.访问Ingress-class服务
http://v1.dingzhiyan.com/
http://v2.dingzhiyan.com/
http://v3.dingzhiyan.com/
8.Ingress和Ingress class底层原理验证
[root@master231 ingresses]# kubectl get pods -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-ingress-class-ingress-nginx-controller-6bnkr 1/1 Running 0 53m 10.0.0.233 worker233 <none> <none>
my-ingress-class-ingress-nginx-controller-gqg7g 1/1 Running 0 53m 10.0.0.232 worker232 <none> <none>
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl -it -n ingress-nginx exec my-ingress-class-ingress-nginx-controller-6bnkr -- bash
bash-5.1$ grep dingzhiyan.com /etc/nginx/nginx.conf
## start server v1.dingzhiyan.com
server_name v1.dingzhiyan.com ;
## end server v1.dingzhiyan.com
## start server v2.dingzhiyan.com
server_name v2.dingzhiyan.com ;
## end server v2.dingzhiyan.com
## start server v3.dingzhiyan.com
server_name v3.dingzhiyan.com ;
## end server v3.dingzhiyan.com
bash-5.1$
exit
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-xiuxian nginx v1.dingzhiyan.com,v2.dingzhiyan.com,v3.dingzhiyan.com 10.0.0.151 80 5m45s
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl delete -f 02-ingress-xiuxian.yaml
ingress.networking.k8s.io "ingress-xiuxian" deleted
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl get ing
No resources found in default namespace.
[root@master231 ingresses]#
[root@master231 ingresses]#
[root@master231 ingresses]# kubectl -it -n ingress-nginx exec my-ingress-class-ingress-nginx-controller-6bnkr -- bash
bash-5.1$
bash-5.1$ grep dingzhiyan.com /etc/nginx/nginx.conf
bash-5.1$
五、ingress的映射https案例
1.生成证书文件(如果有证书跳过此步骤)
[root@master231 ingress-nginx]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=www.yinzhengjie.com"
[root@master231 ingress-nginx]# ll tls.*
-rw-r--r-- 1 root root 1139 Apr 21 14:35 tls.crt
-rw------- 1 root root 1704 Apr 21 14:35 tls.key
[root@master231 ingress-nginx]#
2.将证书文件以secrets形式存储
[root@master231 ingress-nginx]# kubectl create secret tls ca-secret --cert=tls.crt --key=tls.key
secret/ca-secret created
[root@master231 ingress-nginx]#
[root@master231 ingress-nginx]# kubectl get secret/ca-secret
NAME TYPE DATA AGE
ca-secret kubernetes.io/tls 2 6s
[root@master231 ingress-nginx]#
3.部署测试服务
[root@master231 02-casedemo-https]# cat > deploy-apple.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-apple
spec:
replicas: 3
selector:
matchLabels:
apps: apple
template:
metadata:
labels:
apps: apple
spec:
containers:
- name: apple
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:apple
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-apple
spec:
selector:
apps: apple
ports:
- protocol: TCP
port: 80
targetPort: 80
EOF
[root@master231 02-casedemo-https]#
[root@master231 02-casedemo-https]# kubectl apply -f deploy-apple.yaml
deployment.apps/deployment-apple created
service/svc-apple created
[root@master231 02-casedemo-https]#
[root@master231 02-casedemo-https]# kubectl get pods -l apps=apple -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deployment-apple-5496cd9b6c-2psch 1/1 Running 0 89s 10.100.1.43 worker232 <none> <none>
deployment-apple-5496cd9b6c-7rf6c 1/1 Running 0 89s 10.100.1.44 worker232 <none> <none>
deployment-apple-5496cd9b6c-cglvj 1/1 Running 0 89s 10.100.2.112 worker233 <none> <none>
[root@master231 02-casedemo-https]#
4.配置Ingress添加TLS证书
[root@master231 02-casedemo-https]# cat ingress-tls.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-tls-https
# 如果指定了"ingressClassName"参数,就不需要在这里重复声明啦。
# 如果你的K8S 1.22- 版本,则使用注解的方式进行传参即可。
#annotations:
# kubernetes.io/ingress.class: "nginx"
spec:
# 指定Ingress Class,要求你的K8S 1.22+
ingressClassName: nginx
rules:
- host: www.yinzhengjie.com
http:
paths:
- backend:
service:
name: svc-apple
port:
number: 80
path: /
pathType: ImplementationSpecific
# 配置https证书
tls:
- hosts:
- www.yinzhengjie.com
secretName: ca-secret
[root@master231 02-casedemo-https]#
[root@master231 02-casedemo-https]# kubectl apply -f ingress-tls.yaml
ingress.networking.k8s.io/ingress-tls-https created
[root@master231 02-casedemo-https]#
[root@master231 02-casedemo-https]# kubectl get ingress ingress-tls-https
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-tls-https nginx www.yinzhengjie.com 80, 443 5s
[root@master231 02-casedemo-https]#
[root@master231 02-casedemo-https]# kubectl describe ingress ingress-tls-https
Name: ingress-tls-https
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
ca-secret terminates www.yinzhengjie.com
Rules:
Host Path Backends
---- ---- --------
www.yinzhengjie.com
/ svc-apple:80 (10.100.1.43:80,10.100.1.44:80,10.100.2.112:80)
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 9s nginx-ingress-controller Scheduled for sync
Normal Sync 9s nginx-ingress-controller Scheduled for sync
[root@master231 02-casedemo-https]#
5.windows添加解析
10.0.0.233 www.yinzhengjie.com
6.访问测试
https://www.yinzhengjie.com/
温馨提示:
如果google浏览器自建证书不认可,可以用鼠标在空白处单击左键,而后输入:"thisisunsafe",就会自动跳转。
当然,如果不想打这个代码,可以使用火狐浏览器打开即可。
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18888863
浙公网安备 33010602011771号