IDEA激活码ADP服务证书挂载问题(HTTPS)
1 配置前提
| 集群master带有eip | 必须满足 |
|---|---|
| 服务已经暴露ingress(正常可访问) | 必须满足 |
kubectl get ingress | grep nginx-test
2 https配置
说明:有证书直接提供即可,没有证书自行生成即可,然后才可以进行证书挂载登陆验证。
第一步:制作自签证书
mkdir cert
openssl genrsa -out tls.key 2048openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Hangzhou/L=Hangzhou/O=devops/CN=test.myk8s.xxx.com(需要证书的域名)
会生成2个证书文件:
第二步:创建secret(证书)
kubectl create secret tls nginx-test --cert=tls.crt --key=tls.key
第三步:修改ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/ingress.class: nginx-ingress-controller
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
generation: 1
name: nginx-test
namespace: default
spec:
rules:
- host: test.myk8s.aliyunpoc.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /
tls:
- hosts:
- test.myk8s.aliyunpoc.com
secretName: nginx-test
3 浏览器访问
配置说明本机hosts以后,浏览器打开默认https打开
