环境准备
准备service和pod
为了后面的实验比较方便,创建如下图所示的模型
创建tomcat-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: nginx:1.17.1
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deployment
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
app: tomcat-pod
template:
metadata:
labels:
app: tomcat-pod
spec:
containers:
- name: tomcat
image: tomcat:8.5-jre10-slim
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: dev
spec:
selector:
app: nginx-pod
clusterIP: None
type: ClusterIP
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
namespace: dev
spec:
selector:
app: tomcat-pod
clusterIP: None
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
创建并查看
为了避免之前创建pod的影响,直接删除重建命名空间 [root@master ~]# kubectl delete ns dev [root@master ~]# kubectl create ns dev # 创建 [root@master ~]# kubectl create -f tomcat-nginx.yaml # 查看 [root@master ~]# kubectl get svc -n dev
Http代理
创建ingress-http.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-http
namespace: dev
spec:
rules:
- host: nginx.itheima.com #域名
http:
paths:
- path: / #路径
backend:
serviceName: nginx-service #访问nginx.itheima.com会跳转到nginx-service的80端口
servicePort: 80
- host: tomcat.itheima.com
http:
paths:
- path: /
backend:
serviceName: tomcat-service
servicePort: 8080
创建并观察
# 创建 [root@master ~]# kubectl create -f ingress-http.yaml # 查看 [root@master ~]# kubectl get ing ingress-http -n dev # 查看详情 [root@master ~]# kubectl describe ing ingress-http -n dev
...
# 接下来,在本地电脑上配置host文件,解析上面的两个域名到192.168.1.50(master)上 本机hosts地址C:\Windows\System32\drivers\etc
查看ingress-nginx暴露的端口 [root@master ~]# kubectl get svc -n ingress-nginx 访问 http://nginx.itheima.com:31067/ http://tomcat.itheima.com:31067/
Https代理
创建证书
# 生成证书 openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=BJ/L=BJ/O=nginx/CN=itheima.com" # 创建密钥 kubectl create secret tls tls-secret --key tls.key --cert tls.crt
创建ingress-https.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-https
namespace: dev
spec:
tls:
- hosts:
- nginx.itheima.com
- tomcat.itheima.com
secretName: tls-secret # 指定秘钥,名字要对应
rules:
- host: nginx.itheima.com
http:
paths:
- path: /
backend:
serviceName: nginx-service
servicePort: 80
- host: tomcat.itheima.com
http:
paths:
- path: /
backend:
serviceName: tomcat-service
servicePort: 8080
创建并查看
# 创建 [root@master ~]# kubectl create -f ingress-https.yaml # 查看 [root@master ~]# kubectl get ing ingress-https -n dev # 查看详情 [root@master ~]# kubectl describe ing ingress-https -n dev
# 下面可以通过浏览器访问 注:因为是自签证书,所以提示不安全 https://nginx.itheima.com:31453/ https://tomcat.itheima.com:31453/
参考
黑马B站k8s课程https://www.bilibili.com/video/BV1Qv41167ck/ https://gitee.com/yooome/golang/blob/main/k8s%E8%AF%A6%E7%BB%86%E6%95%99%E7%A8%8B-%E8%B0%83%E6%95%B4%E7%89%88/k8s%E8%AF%A6%E7%BB%86%E6%95%99%E7%A8%8B.md https://www.yuque.com/fairy-era/yg511q/xyqxge标签:Ingress,Http,tomcat,ingress,dev,nginx,Https,com,itheima From: https://www.cnblogs.com/gys001/p/16944498.html