Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to add certificates for Ingress and back-end Nginx in K8S". The explanation in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian slowly and deeply to study and learn "how to add certificates for Ingress and back-end Nginx in K8S" together!

preface

The previous nginx is http protocol working, so how to add certificates should operate.

create a certificate

You can apply for a one-year free certificate online or build your own certificate. Below is a self-created certificate.

Download Self-Build Certificate Script

wget -O Makefile https://raw.githubusercontent.com/kubernetes/examples/master/staging/https-nginx/Makefile

Create certificate file

make keys KEY=/tmp/nginx.key CERT=/tmp/nginx.crt

Write the certificate to K8S secret

# kubectl create secret tls nginxsecret --key /tmp/nginx.key --cert /tmp/nginx.crtsecret/nginxsecret created

Write nginx configuration to K8S config map

# cat default.confserver { listen 80 default_server; listen [::]:80 default_server ipv6only=on; listen 443 ssl; root /usr/share/nginx/html; index index.html; server_name localhost; ssl_certificate /etc/nginx/ssl/tls.crt; ssl_certificate_key /etc/nginx/ssl/tls.key; location / { try_files $uri $uri/ =404; }}# kubectl create configmap nginxconfigmap --from-file=default.confconfigmap/nginxconfigmap created Consolidate backend pods and certificates, publish using Service [root@master01 ~]# cat nginx-app.yaml apiVersion: v1kind: Servicemetatus: name: my-nginx labels: run: my-nginxspec: type: NodePort ports: - port: 8080 targetPort: 80 protocol: TCP name: http - port: 443 protocol: TCP name: https selector: run: my-nginx---apiVersion: apps/v1kind: Deploymentmetadata: name: my-nginxspec: selector: matchLabels: run: my-nginx replicas: 1 template: metadata: labels: run: my-nginx spec: volumes: - name: secret-volume secret: secretName: nginxsecret - name: configmap-volume configMap: name: nginxconfigmap containers: - name: nginxhttps image: bprashanth/nginxhttps:1.0 ports: - containerPort: 443 - containerPort: 80 volumeMounts: - mountPath: /etc/nginx/ssl name: secret-volume - mountPath: /etc/nginx/conf.d name: configmap-volume[root@master01 ~]# kubectl apply -f nginx-app.yaml service/my-nginx createddeployment.apps/my-nginx created

View Operation

[root@master01 ~]# kubectl get service -o wideNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTORmy-nginx NodePort 192.20.27.173 8080:32529/TCP,443:32699/TCP 22s run=my-nginx[root@master01 ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESmy-nginx-85fccfd5dc-2pzvw 1/1 Running 0 64s 192.10.205.224 work01

attempting to access

[root@master01 ~]# curl -k https://192.20.27.173 Welcome to nginx!

Service uses NodePort for port exposure, so you can visit https://any node IP:32699 in your browser, and you can also see that the certificate has taken effect.

Since it is a self-built certificate, you need to manually ignore the error.

Integrating ingress and certificates # cat ingress.yamlapiVersion: extensions/v1beta1kind: Ingresmetadata: name: secret-tls-ingress annotations: ingress.kubernetes.io/ssl-redirect: "False"spec: tls: - hosts: - test.com secretName: nginxsecret rules: - host: test.com http: paths: - backend: serviceName: my-nginx servicePort: 80 path: /# kubectl apply -f ingress.yaml ingress.extensions/secret-tls-ingress created

Binding ingress-controller to work01/02, so bind test.com to work01 IP outside the cluster for testing.

# curl -k https://test.comWelcome to nginx!

It can be successfully accessed.

Thank you for reading, the above is the content of "How to add certificates for Ingress and backend Nginx in K8S". After studying this article, I believe that everyone has a deeper understanding of how to add certificates for Ingress and backend Nginx in K8S. The specific use situation still needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.