|
本文档记录如何使用ingress去对外暴露集群内服务或端口,如何部署ingress,可见我的另一篇文章
k8s部署ingress
如何把ingress玩出花来,我不太懂,我就是拿来部署起来,把服务暴露出去通过域名访问而已
使用ingress分为2个,对外的http和对外的https
HTTP
ingress对外暴露的是服务,所以可以自己建一个development和service,比如是一个nginx,端口80
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
ports:
- name: nginx-http
port: 80
targetPort: 80
selector:
app: nginx
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.12.3
imagePullPolicy: IfNotPresent
ports:
- name: nginx-http
containerPort: 80
ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: http.fxwx.com
http:
paths:
- path:
backend:
serviceName: nginx-service
servicePort: 80
执行完后就可以通过http.fxwx.com访问nginx主页
HTTPS
ingress要使用https得配合secret来使用,准备好加密的crt和key文件
创建secret,可以通过yaml创建,也可以通过指令
$ kubectl create secret tls ingress-secret --cert=server.crt --key=server.key
修改上面的ingress,加上tls
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- http.fxwx.com
secretName: ingress-secret
rules:
- host: http.fxwx.com
http:
paths:
- path:
backend:
serviceName: nginx-service
servicePort: 80
执行完后就可以通过https://http.fxwx.com访问nginx主页
如何访问自定义的域名
windows下,修改C盘windows/system32/drivers/etc/hosts文件
添加 服务器IP http.fxwx.com
服务器IP是deployment部署到的服务器的IP
|