创建Secret
下载nginx证书,文件包含(tls.crt && tls.key)
kubectl create secret tls nginx-tls --cert=pat/to/tls.crt --key=path/to/tls.key
ingress 创建
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
namespace: default
spec:
# 主要是这里的tls配置。secretName 调用的上面创建的create
tls:
- hosts:
- test.lswzw.cn
secretName: nginx-tls
rules:
- host: test.lswzw.cn
http:
paths:
- path: /
backend:
serviceName: nginx
servicePort: 80
- path: /api
backend:
serviceName: server-api
servicePort: 80
创建Nginx应用,判断证书是否生效。
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 2
selector:
matchLabels:
k8s-app: nginx
template:
metadata:
labels:
k8s-app: nginx
spec:
containers:
- image: nginx:1.17.0-alpine
name: nginx
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- name: http
port: 80
targetPort: 80
selector:
k8s-app: nginx