ingress-nginx-全站https

openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=www.chuan.com'

openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=www.chuan.com'

openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=mobile.chuan.com'

openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=mobile.chuan.com'

openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

root@slave002:/opt/ingress/Ingress/certsge# ls
server.crt  server.key

#上传到k8s

kubectl  create secret generic chuan-tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key -n chuan

kubectl  create secret generic mobile-tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key -n chuan

root@slave002:/opt/ingress/Ingress/certsge# kubectl get secrets -nchuan
NAME                  TYPE                                  DATA   AGE
default-token-vl4xt   kubernetes.io/service-account-token   3      2d4h
tls-secret            Opaque                                2      17s

  

root@slave002:/opt/ingress/Ingress# kubectl describe secrets mobile-tls-secret -nchuan
Name:         mobile-tls-secret
Namespace:    chuan
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
tls.crt:  1679 bytes
tls.key:  3268 bytes

  

root@slave002:/opt/ingress/Ingress# kubectl apply -f  ingress-https-chuan_single-host.yaml 
root@slave002:/opt/ingress/2021/Ingress# cat ingress-https-chuan_single-host.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: nginx-web
  namespace: chuan
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/ssl-redirect: 'true' #SSL重定向,即将http请求强制重定向至https,等于nginx中的全站https
spec:
  tls:
  - hosts:
    - www.chuan.com
    secretName: tls-secret 
  rules:
  - host: www.chuan.com
    http:
      paths:
      - path: /
        backend:
          serviceName: chuan-tomcat-app1-service
          servicePort: 80

  

listen k8s-443
  bind 192.168.192.188:443
  mode tcp
  server k8s1 192.168.192.151:40444 check inter 3s fall 3 rise 5
  server k8s2 192.168.192.152:40444 check inter 3s fall 3 rise 5

  

 

 

root@slave002:/opt/ingress/Ingress# cat ingress-https-chuan_multi-host.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: nginx-web
  namespace: chuan
  annotations:
    kubernetes.io/ingress.class: "nginx" ##指定Ingress Controller的类型
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  tls:
  - hosts:
    - www.chuan.com
    secretName: chuan-tls-secret
  - hosts:
    - mobile.chuan.com
    secretName: mobile-tls-secret
  rules:
  - host: www.chuan.com
    http:
      paths:
      - path: /
        backend:
          serviceName: chuan-tomcat-app1-service
          servicePort: 80
  - host: mobile.chuan.com
    http:
      paths:
      - path: /
        backend:
          serviceName: chuan-tomcat-app2-service
          servicePort: 80

  

 

       

   

 

posted @ 2021-11-28 20:22  gg888666  阅读(101)  评论(0)    收藏  举报