微服务探索之路04篇k8s增加子节点,metrics资源监控,ingress-nginx域名配置及https配置

技术分享 3年前 (2022-06-28) 0 999+

1 k8s增加子节点

1.1 子节点服务器安装docker，使用脚本自动安装

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

安装完之后设置docker守护进程配置vim /etc/docker/daemon.json，内容为

{         "insecure-registries": ["http://127.0.0.1:8080"],         "exec-opts": ["native.cgroupdriver=systemd"],         "bip": "172.17.0.1/24",         "registry-mirrors": [         "https://xxxxx.mirror.aliyuncs.com"          ] }

insecure-registries是设置私有镜像仓库地址
exec-opts是设置驱动程序，这边为了装k8s的时候驱动程序相同
bip是设置内网ip段
registry-mirrors是设置国内镜像，这边是使用阿里云加速镜像xxxxx登录阿里云加速站就可以看到对应的内容了。
重启docker systemctl restart docker

1.2. 子节点服务器k8s配置

根据第2篇1-3点安装k8s环境，第4步骤的时候跳回本文往下看

1.3子节点接入

查看主节点join命令kubeadm token list,如果没查到执行重新生成的命令kubeadm token create --print-join-command

这里为了更方便管理可以把子节点主机名字改一下，修改方法为：

执行vim /etc/hostname,修改名称
执行vim /etc/hosts,修改对应的主机名，如下图node2可以修改为跟第上一步相同的主机名

复制出join链接在子节点执行，执行之后如下图

此时可以去主节点服务器查看是否成功，在主节点执行kubectl get nodes,如下图出现子节点表示接入成功

2 k8s metrics-server资源监控

必须有子节点之后才能成功安装资源监控资源监控只有一个主节点的时候安装会报错。
下载github上的yaml然后修改镜像为阿里云镜像，修改地址类型只留InternalIP如下图为修改地方

下面为修改后的可以直接使用

apiVersion: v1 kind: ServiceAccount metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     k8s-app: metrics-server     rbac.authorization.k8s.io/aggregate-to-admin: "true"     rbac.authorization.k8s.io/aggregate-to-edit: "true"     rbac.authorization.k8s.io/aggregate-to-view: "true"   name: system:aggregated-metrics-reader rules: - apiGroups:   - metrics.k8s.io   resources:   - pods   - nodes   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     k8s-app: metrics-server   name: system:metrics-server rules: - apiGroups:   - ""   resources:   - nodes/metrics   verbs:   - get - apiGroups:   - ""   resources:   - pods   - nodes   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     k8s-app: metrics-server   name: metrics-server-auth-reader   namespace: kube-system roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     k8s-app: metrics-server   name: metrics-server:system:auth-delegator roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:auth-delegator subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     k8s-app: metrics-server   name: system:metrics-server roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:metrics-server subjects: - kind: ServiceAccount   name: metrics-server   namespace: kube-system --- apiVersion: v1 kind: Service metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system spec:   ports:   - name: https     port: 443     protocol: TCP     targetPort: https   selector:     k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata:   labels:     k8s-app: metrics-server   name: metrics-server   namespace: kube-system spec:   selector:     matchLabels:       k8s-app: metrics-server   strategy:     rollingUpdate:       maxUnavailable: 0   template:     metadata:       labels:         k8s-app: metrics-server     spec:       containers:       - args:         - --cert-dir=/tmp         - --secure-port=4443         - --kubelet-preferred-address-types=InternalIP         - --kubelet-use-node-status-port         - --metric-resolution=15s         - --kubelet-insecure-tls         image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.1 #这边改为阿里云加速镜像，全文的image都对应已修改         imagePullPolicy: IfNotPresent         livenessProbe:           failureThreshold: 3           httpGet:             path: /livez             port: https             scheme: HTTPS           periodSeconds: 10         name: metrics-server         ports:         - containerPort: 4443           name: https           protocol: TCP         readinessProbe:           failureThreshold: 3           httpGet:             path: /readyz             port: https             scheme: HTTPS           initialDelaySeconds: 20           periodSeconds: 10         resources:           requests:             cpu: 200m             memory: 200Mi         securityContext:           allowPrivilegeEscalation: false           readOnlyRootFilesystem: true           runAsNonRoot: true           runAsUser: 1000         volumeMounts:         - mountPath: /tmp           name: tmp-dir       nodeSelector:         kubernetes.io/os: linux       priorityClassName: system-cluster-critical       serviceAccountName: metrics-server       volumes:       - emptyDir: {}         name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata:   labels:     k8s-app: metrics-server   name: v1beta1.metrics.k8s.io spec:   group: metrics.k8s.io   groupPriorityMinimum: 100   insecureSkipTLSVerify: true   service:     name: metrics-server     namespace: kube-system   version: v1beta1   versionPriority: 100

修改完之后执行kubectl apply -f metrics.yml,文件名自己下载的时候定义的可以随意。
执行完之后等待一会，然后看登录k8s面板查看可以看到界面上出现了cpu和内存使用率的指标如下图

3 Ingress-nginx

下载脚本修改镜像内容为国内的镜像,下载地址点这

下方代码为修改后可用代码可直接复制使用

apiVersion: v1 kind: Namespace metadata:   labels:     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx   name: ingress-nginx --- apiVersion: v1 automountServiceAccountToken: true kind: ServiceAccount metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx   namespace: ingress-nginx --- apiVersion: v1 kind: ServiceAccount metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission   namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx   namespace: ingress-nginx rules: - apiGroups:   - ""   resources:   - namespaces   verbs:   - get - apiGroups:   - ""   resources:   - configmaps   - pods   - secrets   - endpoints   verbs:   - get   - list   - watch - apiGroups:   - ""   resources:   - services   verbs:   - get   - list   - watch - apiGroups:   - networking.k8s.io   resources:   - ingresses   verbs:   - get   - list   - watch - apiGroups:   - networking.k8s.io   resources:   - ingresses/status   verbs:   - update - apiGroups:   - networking.k8s.io   resources:   - ingressclasses   verbs:   - get   - list   - watch - apiGroups:   - ""   resourceNames:   - ingress-controller-leader   resources:   - configmaps   verbs:   - get   - update - apiGroups:   - ""   resources:   - configmaps   verbs:   - create - apiGroups:   - ""   resources:   - events   verbs:   - create   - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission   namespace: ingress-nginx rules: - apiGroups:   - ""   resources:   - secrets   verbs:   - get   - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx rules: - apiGroups:   - ""   resources:   - configmaps   - endpoints   - nodes   - pods   - secrets   - namespaces   verbs:   - list   - watch - apiGroups:   - ""   resources:   - nodes   verbs:   - get - apiGroups:   - ""   resources:   - services   verbs:   - get   - list   - watch - apiGroups:   - networking.k8s.io   resources:   - ingresses   verbs:   - get   - list   - watch - apiGroups:   - ""   resources:   - events   verbs:   - create   - patch - apiGroups:   - networking.k8s.io   resources:   - ingresses/status   verbs:   - update - apiGroups:   - networking.k8s.io   resources:   - ingressclasses   verbs:   - get   - list   - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission rules: - apiGroups:   - admissionregistration.k8s.io   resources:   - validatingwebhookconfigurations   verbs:   - get   - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx   namespace: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: ingress-nginx subjects: - kind: ServiceAccount   name: ingress-nginx   namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission   namespace: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: Role   name: ingress-nginx-admission subjects: - kind: ServiceAccount   name: ingress-nginx-admission   namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: ingress-nginx subjects: - kind: ServiceAccount   name: ingress-nginx   namespace: ingress-nginx --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: ingress-nginx-admission subjects: - kind: ServiceAccount   name: ingress-nginx-admission   namespace: ingress-nginx --- apiVersion: v1 data:   allow-snippet-annotations: "true" kind: ConfigMap metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-controller   namespace: ingress-nginx --- apiVersion: v1 kind: Service metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-controller   namespace: ingress-nginx spec:   ports:   - appProtocol: http     name: http     port: 80     protocol: TCP     targetPort: http     nodePort: 80 #新增设置对外http端口   - appProtocol: https     name: https     port: 443     protocol: TCP     targetPort: https     nodePort: 443 #新增设置对外https端口   selector:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx   type: NodePort --- apiVersion: v1 kind: Service metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-controller-admission   namespace: ingress-nginx spec:   ports:   - appProtocol: https     name: https-webhook     port: 443     targetPort: webhook   selector:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx   type: ClusterIP --- apiVersion: apps/v1 kind: DaemonSet metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-controller   namespace: ingress-nginx spec:   minReadySeconds: 0   revisionHistoryLimit: 10   selector:     matchLabels:       app.kubernetes.io/component: controller       app.kubernetes.io/instance: ingress-nginx       app.kubernetes.io/name: ingress-nginx   template:     metadata:       labels:         app.kubernetes.io/component: controller         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/name: ingress-nginx     spec:       containers:       - args:         - /nginx-ingress-controller         - --election-id=ingress-controller-leader         - --controller-class=k8s.io/ingress-nginx         - --ingress-class=nginx         - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller         - --validating-webhook=:8443         - --validating-webhook-certificate=/usr/local/certificates/cert         - --validating-webhook-key=/usr/local/certificates/key         env:         - name: POD_NAME           valueFrom:             fieldRef:               fieldPath: metadata.name         - name: POD_NAMESPACE           valueFrom:             fieldRef:               fieldPath: metadata.namespace         - name: LD_PRELOAD           value: /usr/local/lib/libmimalloc.so         image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.3 #修改为国内镜像，本文使用阿里云加速镜像         imagePullPolicy: IfNotPresent         lifecycle:           preStop:             exec:               command:               - /wait-shutdown         livenessProbe:           failureThreshold: 5           httpGet:             path: /healthz             port: 10254             scheme: HTTP           initialDelaySeconds: 10           periodSeconds: 10           successThreshold: 1           timeoutSeconds: 1         name: controller         ports:         - containerPort: 80           name: http           protocol: TCP         - containerPort: 443           name: https           protocol: TCP         - containerPort: 8443           name: webhook           protocol: TCP         readinessProbe:           failureThreshold: 3           httpGet:             path: /healthz             port: 10254             scheme: HTTP           initialDelaySeconds: 10           periodSeconds: 10           successThreshold: 1           timeoutSeconds: 1         resources:           requests:             cpu: 100m             memory: 90Mi         securityContext:           allowPrivilegeEscalation: true           capabilities:             add:             - NET_BIND_SERVICE             drop:             - ALL           runAsUser: 101         volumeMounts:         - mountPath: /usr/local/certificates/           name: webhook-cert           readOnly: true       dnsPolicy: ClusterFirst       hostNetwork: true       nodeSelector:         kubernetes.io/os: linux       serviceAccountName: ingress-nginx       terminationGracePeriodSeconds: 300       volumes:       - name: webhook-cert         secret:           secretName: ingress-nginx-admission --- apiVersion: batch/v1 kind: Job metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission-create   namespace: ingress-nginx spec:   template:     metadata:       labels:         app.kubernetes.io/component: admission-webhook         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/part-of: ingress-nginx         app.kubernetes.io/version: 1.1.3       name: ingress-nginx-admission-create     spec:       containers:       - args:         - create         - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc         - --namespace=$(POD_NAMESPACE)         - --secret-name=ingress-nginx-admission         env:         - name: POD_NAMESPACE           valueFrom:             fieldRef:               fieldPath: metadata.namespace         image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1         imagePullPolicy: IfNotPresent         name: create         securityContext:           allowPrivilegeEscalation: false       nodeSelector:         kubernetes.io/os: linux       restartPolicy: OnFailure       securityContext:         fsGroup: 2000         runAsNonRoot: true         runAsUser: 2000       serviceAccountName: ingress-nginx-admission --- apiVersion: batch/v1 kind: Job metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission-patch   namespace: ingress-nginx spec:   template:     metadata:       labels:         app.kubernetes.io/component: admission-webhook         app.kubernetes.io/instance: ingress-nginx         app.kubernetes.io/name: ingress-nginx         app.kubernetes.io/part-of: ingress-nginx         app.kubernetes.io/version: 1.1.3       name: ingress-nginx-admission-patch     spec:       containers:       - args:         - patch         - --webhook-name=ingress-nginx-admission         - --namespace=$(POD_NAMESPACE)         - --patch-mutating=false         - --secret-name=ingress-nginx-admission         - --patch-failure-policy=Fail         env:         - name: POD_NAMESPACE           valueFrom:             fieldRef:               fieldPath: metadata.namespace         image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1         imagePullPolicy: IfNotPresent         name: patch         securityContext:           allowPrivilegeEscalation: false       nodeSelector:         kubernetes.io/os: linux       restartPolicy: OnFailure       securityContext:         fsGroup: 2000         runAsNonRoot: true         runAsUser: 2000       serviceAccountName: ingress-nginx-admission --- apiVersion: networking.k8s.io/v1 kind: IngressClass metadata:   labels:     app.kubernetes.io/component: controller     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: nginx spec:   controller: k8s.io/ingress-nginx --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata:   labels:     app.kubernetes.io/component: admission-webhook     app.kubernetes.io/instance: ingress-nginx     app.kubernetes.io/name: ingress-nginx     app.kubernetes.io/part-of: ingress-nginx     app.kubernetes.io/version: 1.1.3   name: ingress-nginx-admission webhooks: - admissionReviewVersions:   - v1   clientConfig:     service:       name: ingress-nginx-controller-admission       namespace: ingress-nginx       path: /networking/v1/ingresses   failurePolicy: Fail   matchPolicy: Equivalent   name: validate.nginx.ingress.kubernetes.io   rules:   - apiGroups:     - networking.k8s.io     apiVersions:     - v1     operations:     - CREATE     - UPDATE     resources:     - ingresses   sideEffects: None

执行脚本kubectl apply -f ingress.yaml

执行上面脚本如果遇到端口限制报错是因为service默认端口范围是30000-32767。打开文件编辑vim /etc/kubernetes/manifests/kube-apiserver.yaml在如图位置增加一行- --service-node-port-range=1-65535

编辑后执行systemctl restart kubelet重启，重启之后在执行ingress.yaml就可以了成功了。

登录面板查询如图成功（如果马上看可能还没安装完成会有红色区块，可以等待几分钟）

服务对外开放访问，三种方式

NodePort，设置Service的type就可以对外暴露端口这种方式如果服务很多那就得暴露很多端口不适合生产环境。
LoadBalancer，这个是云原生才会采用的方式
Ingress，本文主要介绍这个方式使用ingress-nginx

第一步，拉取一个镜像部署服务资源,此处使用的使用仓库镜像拉取方法（可参考03篇）

apiVersion: v1 kind: Service metadata:   name: test       # Service 名称   namespace: yuan-yao spec:   selector:     app: test     release: canary   ports:   - name: http     targetPort: 80      # 指定容器端口     port: 80            # Service 自己开放的端口      --- apiVersion: apps/v1 kind: Deployment metadata:   name: test   namespace: yuan-yao spec:   replicas: 3   selector:     matchLabels:       app: test       release: canary   template:     metadata:       labels:         app: test         release: canary     spec:       imagePullSecrets:       - name: yuanyao-se #第三篇的私有镜像有讲到怎么获得这个       containers:       - name: test         image: 159.xx.71.xx:8080/yuanyao/website01:1.0.2 #这里是私有仓库的镜像         ports:         - name: http           containerPort: 80

第二步，创建ingress-nginx，特别提示：命名空间必须和对应的Service命名空间一样不然外部访问的时候会报503错误

apiVersion: networking.k8s.io/v1 kind: Ingress               #写个资源，资源对象是Ingress，就由此Ingress资源对象定义的规则，来配置Ingress转发情况 metadata:   name: ingress-test    #名称随便写   namespace: yuan-yao   #必须和对应Service的命名空间一样 spec:   ingressClassName: nginx       #默认就写Nginx   rules:   - host: q1.wyb.com         #服务的域名     http:       paths:        - pathType: Prefix        #表示以前缀的方式进行匹配         path: /              #前缀必须有个"/"，才可以成功匹配         backend:           service:              #规定Ingress后端的Service             name: test      #后端Service的名称             port:                 number: 80      #后端Service监听的端口

注意：如果是本地虚拟机测试此处的域名是自定义随便的，在访问的服务器编辑hosts文件把域名配置一下才能访问，如果是服务器正式域名的使用就不需要这个配置。配置修改如下图：
微服务探索之路04篇k8s增加子节点,metrics资源监控,ingress-nginx域名配置及https配置
，以上配置完就可以直接浏览器访问查看。

第四步，配置https

①下载域名证书复制格式为.key和.crt的文件到服务器随意目录下方便自己管理就行。

②切换至文件所在目录执行命令kubectl -n 命名空间 create secret tls digital-api-ingress-secret --cert=digital.api.xxxxx.com_bundle.crt --key=digital.api.xxxxxx.com.key，创建Secrets。

③修改第三步的脚本为主要内容是增加了tls到rules之间的内容

apiVersion: networking.k8s.io/v1 kind: Ingress               #写个资源，资源对象是Ingress，就由此Ingress资源对象定义的规则，来配置Ingress转发情况 metadata:   name: ingress-test    #名称随便写   namespace: yuan-yao   #必须和对应Service的命名空间一样 spec:   ingressClassName: nginx       #默认就写Nginx   tls: #这里配置https   - hosts:       - digital.api.fjyuanyao.com       secretName: digital-api-ingress-secret   rules:   - host: q1.wyb.com         #服务的域名     http:       paths:        - pathType: Prefix        #表示以前缀的方式进行匹配         path: /              #前缀必须有个"/"，才可以成功匹配         backend:           service:              #规定Ingress后端的Service             name: test      #后端Service的名称             port:                 number: 80      #后端Service监听的端口

④如果更新kubectl apply -f xxxx.yaml

发表评论