k8s之Ingress 实现 http 代理访问
前提:
1、服务器已经运行了 ingress-controller 服务
2、测试用 Nginx 镜像已经上传到仓库(方便测试用,也可忽略)
一、查看运行环境是否正常
[root@k8s-master ingress]# kubectl get pods -n ingress-nginx NAME READY STATUS RESTARTS AGE default-http-backend-5c9bb94849-snbm7 1/1 Running 0 19h nginx-ingress-controller-84d5b54fdf-hrx7p 1/1 Running 0 19h [root@k8s-master ingress]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default-http-backend ClusterIP 10.103.169.169 <none> 80/TCP 19h ingress-nginx NodePort 10.107.203.11 <none> 80:32080/TCP,443:32443/TCP 18h [root@k8s-master ingress]#
二、创建并生成证书
# 生成证书 openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/k8s/https/tls.key -x509 -out /opt/k8s/https/tls.crt -subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=wangzy -days 3650 # 创建证书 kubectl create secret tls tls-secret --key=tls.key --cert tls.crt req 产生证书签发申请命令 -newkey 生成新私钥 rsa:4096 生成秘钥位数 -nodes 表示私钥不加密 -sha256 使用SHA-2哈希算法 -keyout 将新创建的私钥写入的文件名 -x509 签发X.509格式证书命令。X.509是最通用的一种签名证书格式。 -out 指定要写入的输出文件名 -subj 指定用户信息 -days 有效期
三、配置 Web 测试访问页面
属性 https.yml 配置文件并允许
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-v3 spec: replicas: 2 template: metadata: labels: name: nginx-version3 spec: containers: - name: nginx-version image: registry.cn-hangzhou.aliyuncs.com/wangzy001/nginx:v3 #阿里云事前准备好的测试镜像 imagePullPolicy: IfNotPresent ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: test-v3 spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx-version3
步骤如下
# 1、书写并运行资源配置文件 [root@k8s-master https]# vi https.yml [root@k8s-master https]# kubectl apply -f https.yml # 2、查看 pod [root@k8s-master https]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-v3-79cc8b69cd-tsp4z 1/1 Running 0 68s nginx-v3-79cc8b69cd-zhf8b 1/1 Running 0 68s # 3、查看服务 [root@k8s-master https]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d test-v3 ClusterIP 10.104.184.146 <none> 80/TCP 84s # 4、访问测试 [root@k8s-master https]# curl 10.104.184.146 Hello wangzy! This is v3 version [root@k8s-master https]#
四、配置 Ingress 规则
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-nginxv3 spec: tls: - hosts: - www3.wangzy.com secretName: tls-secret rules: - host: www3.wangzy.com http: paths: - path: / backend: serviceName: test-v3 # 与需要访问的web服务名称一致 servicePort: 80
步骤如下
# 1、书写配置文件
[root@k8s-master https]# vi ingress-https.yml [root@k8s-master https]# kubectl apply -f ingress-https.yml ingress.extensions/test-nginxv3 created
# 2、查看信息 [root@k8s-master https]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d test-v3 ClusterIP 10.104.184.146 <none> 80/TCP 15m [root@k8s-master https]# kubectl get ingress NAME HOSTS ADDRESS PORTS AGE test-nginxv3 www3.wangzy.com 80, 443 15s
# 3、查看访问暴露端口 [root@k8s-master https]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default-http-backend ClusterIP 10.103.169.169 <none> 80/TCP 145m ingress-nginx NodePort 10.107.203.11 <none> 80:32080/TCP,443:32443/TCP 59m [root@k8s-master https]#
五、配置本地 Hosts 文件
# 目录位置:C:\Windows\System32\drivers\etc
部署服务的IP www3.wangzy.com
六、页面访问测试
1、登入页面
、
2、显示页面信息
