一、准备证书
1、有证书,上传证书文件至服务器
2、无证书(申请证书),上传证书文件至服务器
阿里云申请证书:https://www.aliyun.com/product/cas
腾讯云申请证书:https://cloud.tencent.com/product/ssl
注:免费申请一个单域名证书,有效期一年
3、创建 secret
例如:8623350_grafana.yangxingzhen.com_nginx.zip(这是从阿里云下载下来的证书文件)
[root@XiaoQiBoKe_120 ~]# unzip 8623350_grafana.yangxingzhen.com_nginx.zip
[root@XiaoQiBoKe_120 ~]# mv 8623350_grafana.yangxingzhen.com.pem grafana.yangxingzhen.com.pem
[root@XiaoQiBoKe_120 ~]# mv 8623350_grafana.yangxingzhen.com.key grafana.yangxingzhen.com.key
[root@XiaoQiBoKe_120 ~]# kubectl -n monitor create secret tls yangxingzhen-secret --key ./grafana.yangxingzhen.com.key --cert ./grafana.yangxingzhen.com.pem
4、Ingress中引用secret,配置https
[root@XiaoQiBoKe_120 ~]# vim ingress-grafana-secret.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-grafana
namespace: monitor
annotations:
nginx.ingress.kubernetes.io/rewrite-target: / # 重写路径
nginx.ingress.kubernetes.io/ssl-redirect: 'true' # 访问http跳转https
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" # 修改代理超时时间,默认是60s
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" # 接收代理数据超时时间,默认60s
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" # 发送数据至代理超时时间,默认60s
spec:
ingressClassName: nginx
tls:
- hosts:
- 'grafana.yangxingzhen.com'
secretName: yangxingzhen-secret
rules:
- host: grafana.yangxingzhen.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
[root@XiaoQiBoKe_120 ~]# kubectl get ingress -n monitor
[root@XiaoQiBoKe_120 ~]# kubectl apply -f ingress-grafana-secret.yaml
5、创建成功后,通过https://grafana.yangxingzhen.com访问服务
若文章图片、下载链接等信息出错,请在评论区留言反馈,博主将第一时间更新!如本文“对您有用”,欢迎随意打赏,谢谢!
评论