部署参考: https://mp.weixin.qq.com/s/XoUaW-vBtQFxwNM3UdD8QA
灰度发布参考:https://www.bilibili.com/video/BV1ki4y1Z7Ax/?spm_id_from=333.788.recommend_more_video.0
测试:
apiVersion: apps/v1kind: Deploymentmetadata:name: my-nginxspec:selector:matchLabels:app: my-nginxtemplate:metadata:labels:app: my-nginxspec:containers:- name: my-nginximage: nginxports:- containerPort: 80---apiVersion: v1kind: Servicemetadata:name: my-nginxlabels:app: my-nginxspec:ports:- port: 80protocol: TCPname: httpselector:app: my-nginx
ingress不带tls:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-nginx
namespace: default
spec:
ingressClassName: nginx # 使用 nginx 的 IngressClass(关联的 ingress-nginx 控制器)
rules:
- host: www.lanpanpan123.com # 将域名映射到 my-nginx 服务
http:
paths:
- path: /
pathType: Prefix
backend:
service: # 将所有请求发送到 my-nginx 服务的 80 端口
name: my-nginx
port:
number: 80
制作证书脚本
#!/bin/bash
domain=www.lanpanpan123.com
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=${domain}
kubectl create secret tls my-ingress-secret --cert=tls.crt --key=tls.key
使用上一步生成的secret创建tls的ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-nginx-tls
namespace: default
spec:
ingressClassName: nginx # 使用 nginx 的 IngressClass(关联的 ingress-nginx 控制器)
tls:
- hosts:
- www.lanpanpan123.com
secretName: my-ingress-secret
rules:
- host: www.lanpanpan123.com # 将域名映射到 my-nginx 服务
http:
paths:
- path: /
pathType: Prefix
backend:
service: # 将所有请求发送到 my-nginx 服务的 80 端口
name: my-nginx
port:
number: 80
使用上一步脚本生成的tls.crt访问
若有收获,就点个赞吧
0 人点赞
