部署参考: https://mp.weixin.qq.com/s/XoUaW-vBtQFxwNM3UdD8QA
灰度发布参考:https://www.bilibili.com/video/BV1ki4y1Z7Ax/?spm_id_from=333.788.recommend_more_video.0
测试:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
app: my-nginx
template:
metadata:
labels:
app: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
app: my-nginx
spec:
ports:
- port: 80
protocol: TCP
name: http
selector:
app: my-nginx
ingress不带tls:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-nginx
namespace: default
spec:
ingressClassName: nginx # 使用 nginx 的 IngressClass(关联的 ingress-nginx 控制器)
rules:
- host: www.lanpanpan123.com # 将域名映射到 my-nginx 服务
http:
paths:
- path: /
pathType: Prefix
backend:
service: # 将所有请求发送到 my-nginx 服务的 80 端口
name: my-nginx
port:
number: 80
制作证书脚本
#!/bin/bash
domain=www.lanpanpan123.com
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=${domain}
kubectl create secret tls my-ingress-secret --cert=tls.crt --key=tls.key
使用上一步生成的secret创建tls的ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-nginx-tls
namespace: default
spec:
ingressClassName: nginx # 使用 nginx 的 IngressClass(关联的 ingress-nginx 控制器)
tls:
- hosts:
- www.lanpanpan123.com
secretName: my-ingress-secret
rules:
- host: www.lanpanpan123.com # 将域名映射到 my-nginx 服务
http:
paths:
- path: /
pathType: Prefix
backend:
service: # 将所有请求发送到 my-nginx 服务的 80 端口
name: my-nginx
port:
number: 80
使用上一步脚本生成的tls.crt访问