|NO.Z.00354|——————————|CloudNative|——|KuberNetes&運維.V70|-----------------------------------------------------------|IngressNginx.v06|SSL配置|
阿新 • • 發佈:2022-04-01
[CloudNative:KuberNetes&運維.V70] [Applications.KuberNetes] [|DevOps|k8s|k8s運維|**3節點.V1**|IngressNginxSSL配置|]
一、SSH配置
### --- SSH配置
~~~ # SSL官網地址:
~~~ https://kubernetes.github.io/ingress-nginx/user-guide/tls/
二、配置SSL;https;Ingress單證書### --- 生成自簽名證書和私鑰 [root@k8s-master01 rewrite]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj "/CN=test-tls.test.com/0=test-tls.test.com" Generating a 2048 bit RSA private key .................................................................................................................................................................................................................+++ ....+++ writing new private key to 'tls.key' ----- Subject Attribute 0 has no known NID, skipped [root@k8s-master01 rewrite]# ls tls.cert tls.key
### --- 將cert和key配置成secrets;域名證書
~~~ 這個secrets時候TLS的secrets
[root@k8s-master01 rewrite]# kubectl create secret tls ca-cert --key tls.key --cert tls.cert -n ratel-test1
secret/ca-cert created
三、配置Ingress### --- 檢視生成的域名證書的secrets [root@k8s-master01 rewrite]# kubectl get secret -n ratel-test1 NAME TYPE DATA AGE ca-cert kubernetes.io/tls 2 61s
### --- 配置Ingress
~~~ http://krm.test.com/——>Ingress——>建立——>選擇叢集:test1
~~~ ——>Namespace: ratel-test1——>選擇service:ingress-test1
~~~ ——>Ingress名稱“test-tls.test.com——>域名:test-tls.test.com
~~~ ——>HTTPS:開啟——>證書:ca-cert——>Create——>END
~~~ ——>配置host檔案:192.168.1.11 test-tls.test.com
### --- 配置hosts
[root@k8s-master01 rewrite]# vim /etc/hosts
192.168.1.11 test-tls.test.com
### --- curl這個域名,有沒有做redirect
~~~ 這個域名只要是配置了https,就會自動跳轉到https
[root@k8s-master01 rewrite]# curl test-tls.test.com -I
HTTP/1.1 308 Permanent Redirect
Date: Tue, 01 Jun 2021 06:50:54 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://test-tls.test.com/
四、訪問https域名:https://test-tls.test.com/
五、禁用https強制跳轉
### --- 禁用https強制跳轉
~~~ nginx.ingress.kubernetes.io/ssl-redirect: "false"
~~~ https配置了http就會強制自動跳轉,若是不想跳轉,
~~~ 可以關閉ssl-redirect:false更改為false就可以,預設是true;是全域性配置的
### --- 生成TLS.yaml檔案
[root@k8s-master01 rewrite]# cat nginx-ingress-TLS.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
generation: 1
name: test-tls
namespace: ratel-test1
spec:
rules:
- host: test-tls.test.com
http:
paths:
- backend:
serviceName: ingress-test
servicePort: 80
path: /
tls:
- hosts:
- test-tls.test.com
secretName: ca-cert
===============================END===============================
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart ——W.S.Landor
來自為知筆記(Wiz)