证书:在K8S上配置域名和https
<p>说明:在K8S上配置域名和https,下面命令在K8S任一主机上执行,</p>
<h1>1 主机上创建config文件</h1>
<h2>1.1 把下面内容从秒云kubectl控制台(页面)上复制到主机相应目录下</h2>
<pre><code class="language-bash">vim /root/.kube/config
把下面内容复制粘进config</code></pre>
<pre><code class="language-bash">cat /root/.kube/config
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://172.16.7.63/api/kubernetes/easytong
name: easytong
contexts:
- context:
cluster: easytong
namespace: csxiangmu
user: chiwen-user
name: chiwen
current-context: chiwen
kind: Config
preferences: {}
users:
- name: chiwen-user
user:
token: gAAAAABfcvm7HcNsV8TsytAmq5PP3C4m7nEQXu66YKIOQLoBN46zApwjXi28LuhAzyVcW2ttoq-uuhDx3ReTZaZRbqH2_B2nRBBOGEfnF-nP7vlZI-p4LWndBfEZzaLTFTVZ88HRzWhg280xLdayGS_CriK58Cqhpg</code></pre>
<p>说明:上面内容中的IP不需修改,K8S集群都通的。</p>
<h2>1.2 上传证书文件至主机上,如:/root/key</h2>
<pre><code class="language-bash">mkdir -pv /root/key</code></pre>
<p>上传证书文件至/root/key</p>
<h2>1.3 修改文件名</h2>
<p>把 key.txt 修改为 gfkd.key
把 gfkd.cer 修改为 gfkd.cert</p>
<h1>2 导入证书信息至保密字典</h1>
<pre><code class="language-bash">kubectl create secret tls tls-rancher-ingress --namespace default --key ./gfkd.key --cert ./gfkd.cert</code></pre>
<p>说明:namespace根据实际情况修改,默认为default.
在页面上查看证书已经导入成功。</p>
<h1>3 创建https的访问入口的yaml文件</h1>
<pre><code class="language-bash">vim https.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: easytong-web-ingress
spec:
tls:
- hosts:
- ecardapp.nudt.edu.cn
secretName: tls-rancher-ingress
rules:
- host: ecardapp.nudt.edu.cn
http:
paths:
- path: /easytong_web
backend:
serviceName: easytong-base-web-svc
servicePort: 8080</code></pre>
<p>说明:servicePort: 8080为容器端口</p>
<h1>4 生成ingreess</h1>
<pre><code class="language-bash">kubectl apply -f https.yml -n default</code></pre>
<p>说明:
命名空间根据实际修改
在访问入口ingresses页面查看已经添加成功。</p>
<h1>5 在windows主机hosts文件中添加</h1>
<p>C:\Windows\System32\drivers\etc\hosts</p>
<pre><code class="language-bash">K8S的VIP ecardapp.nudt.edu.cn</code></pre>