ingress 1.1.1 添加https证书
参考:https://www.cnblogs.com/litter-rabbit/articles/15710593.html
1、ingress开启nodeport类型的443端口
方式1、修改deploy.yaml
vim deploy.yaml +283 spec: type: LoadBalancer externalTrafficPolicy: Local ipFamilyPolicy: SingleStack ipFamilies: - IPv4 ports: - name: http port: 80 nodePort: 80 protocol: TCP targetPort: http appProtocol: http - name: https port: 443 nodePort: 443 #添加 protocol: TCP targetPort: https appProtocol: https
方式二:编写service-nodeport.yaml,然后apply
apiVersion: v1 kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx #app.kubernetes.io/part-of: ingress-nginx spec: type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP nodePort: 80 - name: https port: 443 targetPort: 443 protocol: TCP selector: app.kubernetes.io/name: ingress-nginx #app.kubernetes.io/part-of: ingress-nginx
2、导入证书文件到k8s secret 指定命名空间
kubectl create secret tls https-secret --key tls.key --cert tls.crt -n monitoring
3、创建对应的ingress规则
vim prometheus-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
注意:如果不加这一条,在外网访问的时候,可能出现404
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: prometheus namespace: monitoring annotations: kubernetes.io/ingress.class: "nginx" spec: rules: - host: prometheus.seewintech.com http: paths: - backend: service: name: prometheus-k8s port: number: 9090 path: / pathType: Prefix - host: prometheus.boge.com http: paths: - backend: service: name: prometheus-k8s port: number: 9090 path: / pathType: Prefix tls: - hosts: - prometheus.seewintech.com secretName: https-secret
浙公网安备 33010602011771号