k8s之Ingress 實現 http 代理訪問
前提:
1、服務器已經運行了 ingress-controller 服務
2、測試用 Nginx 鏡像已經上傳到倉庫(方便測試用,也可忽略)
一、查看運行環境是否正常
[root@k8s-master ingress]# kubectl get pods -n ingress-nginx NAME READY STATUS RESTARTS AGE default-http-backend-5c9bb94849-snbm7 1/1 Running 0 19h nginx-ingress-controller-84d5b54fdf-hrx7p 1/1 Running 0 19h [root@k8s-master ingress]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default-http-backend ClusterIP 10.103.169.169 <none> 80/TCP 19h ingress-nginx NodePort 10.107.203.11 <none> 80:32080/TCP,443:32443/TCP 18h [root@k8s-master ingress]#
二、創建並生成證書
# 生成證書 openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/k8s/https/tls.key -x509 -out /opt/k8s/https/tls.crt -subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=wangzy -days 3650 # 創建證書 kubectl create secret tls tls-secret --key=tls.key --cert tls.crt req 產生證書簽發申請命令 -newkey 生成新私鑰 rsa:4096 生成秘鑰位數 -nodes 表示私鑰不加密 -sha256 使用SHA-2哈希算法 -keyout 將新創建的私鑰寫入的文件名 -x509 簽發X.509格式證書命令。X.509是最通用的一種簽名證書格式。 -out 指定要寫入的輸出文件名 -subj 指定用戶信息 -days 有效期
三、配置 Web 測試訪問頁面
屬性 https.yml 配置文件並允許
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-v3 spec: replicas: 2 template: metadata: labels: name: nginx-version3 spec: containers: - name: nginx-version image: registry.cn-hangzhou.aliyuncs.com/wangzy001/nginx:v3 #阿里雲事前准備好的測試鏡像 imagePullPolicy: IfNotPresent ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: test-v3 spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: name: nginx-version3
步驟如下
# 1、書寫並運行資源配置文件 [root@k8s-master https]# vi https.yml [root@k8s-master https]# kubectl apply -f https.yml # 2、查看 pod [root@k8s-master https]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-v3-79cc8b69cd-tsp4z 1/1 Running 0 68s nginx-v3-79cc8b69cd-zhf8b 1/1 Running 0 68s # 3、查看服務 [root@k8s-master https]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d test-v3 ClusterIP 10.104.184.146 <none> 80/TCP 84s # 4、訪問測試 [root@k8s-master https]# curl 10.104.184.146 Hello wangzy! This is v3 version [root@k8s-master https]#
四、配置 Ingress 規則
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-nginxv3 spec: tls: - hosts: - www3.wangzy.com secretName: tls-secret rules: - host: www3.wangzy.com http: paths: - path: / backend: serviceName: test-v3 # 與需要訪問的web服務名稱一致 servicePort: 80
步驟如下
# 1、書寫配置文件
[root@k8s-master https]# vi ingress-https.yml [root@k8s-master https]# kubectl apply -f ingress-https.yml ingress.extensions/test-nginxv3 created
# 2、查看信息 [root@k8s-master https]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 9d test-v3 ClusterIP 10.104.184.146 <none> 80/TCP 15m [root@k8s-master https]# kubectl get ingress NAME HOSTS ADDRESS PORTS AGE test-nginxv3 www3.wangzy.com 80, 443 15s
# 3、查看訪問暴露端口 [root@k8s-master https]# kubectl get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default-http-backend ClusterIP 10.103.169.169 <none> 80/TCP 145m ingress-nginx NodePort 10.107.203.11 <none> 80:32080/TCP,443:32443/TCP 59m [root@k8s-master https]#
五、配置本地 Hosts 文件
# 目錄位置:C:\Windows\System32\drivers\etc
部署服務的IP www3.wangzy.com
六、頁面訪問測試
1、登入頁面
、
2、顯示頁面信息
