-
具体如何部署ingress 请参考
https://blog.csdn.net/weixin_43632687/article/details/128234227 -
制作域名证书
ellis.rockwell.com 可以设置成你想要的域名
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" -addext "subjectAltName = DNS:${HOST}"
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/ellis/k8s/tls.key -out /home/ellis/k8s/tls.crt -subj "/CN=ellis.kpmg.com/O=ellis.kpmg.com" -addext "subjectAltName = DNS:ellis.kpmg.com"
- 制作secret,保存证书,以便ingress引用
apiVersion: v1
kind: Secret
metadata:
name: ellis.kpmg.com
# 这个namespace 要与ingress 的命名空间一致,否则引用不到
namespace: logging
type: kubernetes.io/tls
data:
tls.crt: |
EzCCAfugAwIBAgIUYnHjbxdoqI0PvyfojZdpXoBFf+wwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOZWxsaXMua3BtZy5jb20wHhcNMjIxMjEwMDE0MDAzWhcNMzYwODE4MDE0MDAzWjAZMRcwFQYDVQQDDA5lbGxpcy5rcG1nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRTP7q3tHIWNU55oe3CVB7xk6+VSKOWeTeK6KwBV+T/sdz/rsVctNuVgHiKVY+qavun5IxymDbje+tRps1BD9TVYJGZiq+5MJICg0y57+NkIYzjLNk9g0PvQgE4+JXRRIW5jAU2ttfNIWO2M8hdOdC/CDiQosgNiBB57N412lphxbKvVbwAV401lGSJ4JKR/maoaEm0ecFDB+X6fKtSdrFqGzUi0N3xdukDvIKGSrEsGF5kHTV+ZwcI5Xweyw8ClXkfAlLqxT/xCSq5WMDCpgFqw8BO0NDFofsunJLcjXmOkRtAdWCn6tgWD/hDCUiX7mpp+mSa9jWL18Qmpry9tXECAwEAAaNTMFEwHQYDVR0OBBYEFEJA1P3Z3jpyZz6UqBVIPWQlTgXGMB8GA1UdIwQYMBaAFEJA1P3Z3jpyZz6UqBVIPWQlTgXGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAWkwqqgJk4apYaTHVdXHeGCIf3rxoMTB4Eff/z0LjX3qliwRtyBbEFyKqBHWFgmr+AkC+t0X9HNhCLVtQ9hdeNbRlruHJfyf+38sE/mV0xvhxOaDVVvZcyKWHRE2uJdsfnZMOrt8dA/kXBQ/KTjkhTN1wmvezi3aAI3IhZXcnDge22AoZsKdnf904i1Tid26ttPuFJ8dnLCk615tOv1gkvFnX+7ej/Icx5A26g9gVCDh7REPqLeJk0G7OPCTEpIZvd2NbJMZ8uC+mqVEax9qfzGH19fxu9sTrA4y9Pvw2q148Ng+Xa0i2YJbdKuV4mZN5VMfZIFi5QnohLTXL19zkY=
tls.key: |
vQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEUz+6t7RyFjVOeaHtwlQe8ZOvlUijlnk3iuisAVfk/7Hc/67FXLTblYB4ilWPqmr7p+SMcpg243vrUabNQQ/U1WCRmYqvuTCSAoNMue/jZCGM4yzZPYND70IBOPiV0USFuYwFNrbXzSFjtjPIXTnQvwg4kKLIDYgQeezeNdpaYcWyr1W8AFeNNZRkieCSkf5mqGhJtHnBQwfl+nyrUnaxahs1ItDd8XbpA7yChkqxLBheZB01fmcHCOV8HssPApV5HwJS6sU/8QkquVjAwqYBasPATtDQxaH7LpyS3I15jpEbQHVgp+rYFg/4QwlIl+5qafpkmvY1i9fEJqa8vbVxAgMBAAECggEAHEXY4azfAacNGjYOCc14i9RCboDTKyvaXRNWGp8+5y2jka4In0eQjCblj3Zsh/oE2iT9lvRR02XDTMo/eUOrYf0woQc5n8DNq9lMy1njoB2lb0KwDMD9DGWCXea0de7jLVbhQUb14fIaot90aaBzWQqJxoudxa2dMLI+WGns/iLh21ufWaUMY9lZNfDLaXT2C5iENvUbaRbCXHISu2ZpD8bNq5zparEtxF/Augp6tLPprKo0BXtifbuQK2bcCWRLwqVL392JiRLf50fmqfieyU4M4IqLTgKAJEkXswJ3DMsDkwoqyzx6P7vzxgpxuxiOgBtx4yOGAn5qsbV4Ko2AmQKBgQDmYFHDdM/ecQqxRMuH1l7QeyRVglTZBGv0Z8B2hn+uPOVIV5ypsvzHBJVEOEVFwBdvoTaj0jqlUHFriVAJwRPptcEsJpfJ+QykfndkR5RPgOxxKK8mKi2/jQwdywzgKDE3JEkZiIwgKNiGjX+ikFlbwW92uTU2m2ltnSlC/3TiUwKBgQDaKV4YPPrR8fgU47CjpVnfTGOVXrEZfXkT8tmJqDy353nFngmD/4pmuQunKqYCoZbmdVsGR8bSjedVTers6eN25jhIR/PmUgCFmQEu9P8DLYY87lQ18lRy+112zZyE0GnfeDGgYGa5KAwFYC3KD8tOIDgIWKE6a716zaM7ROpYqwKBgAbRyxnSF2UqS3q74pp+yge53XV6ijByZQ+zEotvp8/slYzyqvyLA9iQVirSz5ok+YygZRGsY3gJTZI1Wl0vjftZGgLIka205Z7o73fUdptz4Yvn/GdQ0FHfRwCKxjLMfch4FoHe/ObmzqINBj41r697pmUJTn3zU8ee413MWhVpAoGACE4w3d1ccyeyGSF99QzzefPPir07IsxLEr5ZF8uG3D18vlBA7nyJCVYcInYWMd1zAD0RhRCweg2a8/1uZyyUU096bw4GNAuFJ5DmoaIEH1vZU3KDVDZwjpwRN9emEMxaa36I7SEeaAglRQMfWyT0yXmiiHbPVIkLgqRXhYcfINcCgYEAtIybFJGUkbjR3zGo+XKxQbC/mwMSbfimIXpvebwlaw7ExB0HU6nI0imG6V992v0cDEIbbebVN8LH8xtr9fKBNwYC1ZDElstEVxCoYe05u6w2AgUFNjaNhuktEO0Bka3f7nQyevoUrTulCRxZeSwEyde5GxR5NSf5/ve72RwVAwg=
- 使用yaml生成secret
sudo kubectl apply -f ellis.rockwell.com.yaml
- 使用命令创建secret
sudo kubectl create secret tls ellis.kpmg.com --cert /home/ellis/k8s/tls.crt --key /home/ellis/k8s/tls.key -n logging
- 新增ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: es-ingress
namespace: logging
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
defaultBackend:
service:
name: kibana
port:
number: 5601
tls:
- hosts:
- ellis.rockwell.com
secretName: ellis.rockwell.com
rules:
- host: ellis.rockwell.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kibana
port:
number: 5601