Please enable Javascript to view the contents

nginx ingress 配置域名证书

 ·  ☕ 1 分钟 · 👀... 阅读

nginx ingress 配置域名证书(默认以ingress-nginx为例)

 创建证书

默认已经签发证书

创建 secret

创建好证书以后,需要将证书内容放到 secret 中,secret 中全部内容需要 base64 编码

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# ingress-secret.yml
apiVersion: v1
kind: Secret
metadata:
  name: ingress-secret-prom
  namespace: monitoring
type: kubernetes.io/tls
data:
  tls.crt: <base64 encoded cert>
  tls.key: <base64 encoded key>

完成创建

1
2
3
4
~# kubectl apply -f ingress-secret.yml -n monitoring
secret/ingress-secret created
~# kubectl apply -f ingress-secret.yml -n kube-system
secret/ingress-secret created

或者通过如下方式

1
kubectl create secret tls ingress-secret --key tls.key.pem --cert tls.pem

配置ingress

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: prom
  namespace: monitoring
spec:
  tls:
  - hosts:
    - prom.k7s.xyz
    - grafana.k7s.xyz
    - alter.k7s.xyz
    secretName: ingress-secret
  rules:
  - host: prom.k7s.xyz
    http:
      paths:
      - backend:
          serviceName: prometheus-k8s
          servicePort: 9090
  - host: grafana.k7s.xyz
    http:
      paths:
      - backend:
          serviceName: grafana
          servicePort: 3000
  - host: alter.k7s.xyz
    http:
      paths:
      - backend:
          serviceName: alertmanager-main
          servicePort: 9093
分享

ysicing
作者
ysicing
云原生爱好者


目录