current position:Home>K8s deployment-43-take you to learn ingress nginx (Part 2)
K8s deployment-43-take you to learn ingress nginx (Part 2)
2022-04-29 18:34:45【51CTO】
Continuation ~~~ This article is done
3
TLS and https Configuration of
In many cases ,nginx I can represent https agreement , So our ingress-nginx How to realize this function , Let's see below. .
I don't have https certificate , So you need to generate your own https certificate ;
[[email protected] ~]# cd namespace/
[[email protected] namespace]# mkdir tls
[[email protected] namespace]# cd tls/
[[email protected] tls]# vim gen-secret.sh
#!/bin/bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout yunweijia.key -out yunweijia.crt -subj "/CN=*.yunweijia.com/O=*.yunweijia.com"
kubectl create secret tls yunweijia-tls --key yunweijia.key --cert yunweijia.crt
[[email protected] tls]# sh gen-secret.sh
Generating a 2048 bit RSA private key
.......+++
.....................................+++
writing new private key to 'yunweijia.key'
-----
secret/yunweijia-tls created
[[email protected] tls]#
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
After running the above script , Generated and imported k8s in , Let's look at ;
[[email protected] tls]# ls
gen-secret.sh yunweijia.crt yunweijia.key
[[email protected] tls]#
[[email protected] tls]# kubectl get secret yunweijia-tls -o yaml
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPekNDQWlPZ0F3SUJBZ0lKQU42S1M2MjRCTld4TUEwR0NTcUdTSWIzRFFFQkN3VUFNRFF4R0RBV0JnTlYKQkFNTUR5b3VlWFZ1ZDJWcGFtbGhMbU52YlRFWU1CWUdBMVVFQ2d3UEtpNTVkVzUzWldscWFXRXVZMjl0TUI0WApEVEl5TURReU1URXdNRGN4TUZvWERUSXpNRFF5TVRFd01EY3hNRm93TkRFWU1CWUdBMVVFQXd3UEtpNTVkVzUzClpXbHFhV0V1WTI5dE1SZ3dGZ1lEVlFRS0RBOHFMbmwxYm5kbGFXcHBZUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDaFozcVFaZWxLTkYvYStOYUNqTGVUS21xWWhDN3Mza0Y4TW5BdApXS0l1Z1llT1hlTmpBdUZ2aFIvRklJU1lhM2F2aG03UGMzNlhNRzBNVDZWRUhjakt3VkxLTWcvZnFyKys5QzB0CjV3Ujd4NngrWFVRLzRDQmRkZDlkeCtJOHN4bUgzLzRxODYxd211YVNGRHFEYWZUSVUyVSs1bHQ2VnZ5V29IRjcKYWFNSGxjZUNMUTFtKzJha1RGNDFPSERUSFhRemh0bUhHck9paHBLYmZWbmJtQmltb1RoU1RwRzJTcWJWZlVHOQphT2Z5UnNBTmlCNmtDeXgrVTNrZWVmc0FUOVJIbmVSZDhrR25lclMxQ1JGdzB4K3JhcVRzQ25Nb3dJdDBHbXpGCi9Md2R0YVVVWUFQeFRnaThNQjhsSjJPNnZFTVRuOVg5SHhrM0NqRHY1eGx6RVlzcEFnTUJBQUdqVURCT01CMEcKQTFVZERnUVdCQlRpTld4Zmhub3dMQTlCZjhxSld3ZlYrV3NER0RBZkJnTlZIU01FR0RBV2dCVGlOV3hmaG5vdwpMQTlCZjhxSld3ZlYrV3NER0RBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFjCnZNak1VdGZnQ1R0N3BJMG9Vb0tEVU52VEdRY3p0clpCQUYwMzNwR1FNL3htTlIrUFNLbDZGc0FYWjRZd1NkYjYKNUVDMXYwN09zclVWam9xajh6UDNpQXFrVkdISVFFYmpFK1dyaDZsVHpDVkJUbUlXekFKbjRpMTJYcTh3QmljKwpaVzVYN1FRc3NBcGc0SHBVL0owNG9DYklyS1EvNFdkb2IyNzN3STVVYWNHUXFLbVlaZ01jWnY4Vjc0a004ZTFTCnl4OGNPTzMxaGNaTzRLYXY3N1F2L0hjT0g1RnRVY09jbVBiTk5VSEpwT3FJcEIyUHhLUnZibWpQSmE2Zk1xTDcKWDBzV1VTNDFzcitVWW8xcGU2bTJLZndDd2RlaHZVWlRqNG1ubWErZXYvN1pwRnhjdHNicU9sR1BPZFVVZXpDYwp4NkNUa3VXODY2cmdFM1ZzMUh6bQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2haM3FRWmVsS05GL2EKK05hQ2pMZVRLbXFZaEM3czNrRjhNbkF0V0tJdWdZZU9YZU5qQXVGdmhSL0ZJSVNZYTNhdmhtN1BjMzZYTUcwTQpUNlZFSGNqS3dWTEtNZy9mcXIrKzlDMHQ1d1I3eDZ4K1hVUS80Q0JkZGQ5ZHgrSThzeG1IMy80cTg2MXdtdWFTCkZEcURhZlRJVTJVKzVsdDZWdnlXb0hGN2FhTUhsY2VDTFExbSsyYWtURjQxT0hEVEhYUXpodG1IR3JPaWhwS2IKZlZuYm1CaW1vVGhTVHBHMlNxYlZmVUc5YU9meVJzQU5pQjZrQ3l4K1Uza2VlZnNBVDlSSG5lUmQ4a0duZXJTMQpDUkZ3MHgrcmFxVHNDbk1vd0l0MEdtekYvTHdkdGFVVVlBUHhUZ2k4TUI4bEoyTzZ2RU1UbjlYOUh4azNDakR2CjV4bHpFWXNwQWdNQkFBRUNnZ0VBSDVya3JCdllsN2d6d093VERSTkM2eVZXSkRGV0F2bnVkc1JscE91RExub2MKc2lyK1dLZjZ2dHloZ1BkQ0g1cURiaEZ6NTFsbFEzT3ZGc2NOeEkzVWdLZGtiOFZueUZObUlwMHJyNTVhQ1dicgpCdjk2V3N1bmFzV25ESFVVZnZCUElvVWcvd1lpUXplQnlMNy9TalpZUVZYYk1IcnBGTWF0eFV6N2k3Lyt0WUEyCkQvTVRjTWdKeFhkY2JWSWN1SFc2clFlVnV6MVlJYWV5ZENra3BFZmdXVXhSaEtXZ0dlRlpGT0FXMUVldEd4KzkKYjBQK21HZmY5YWFQMUNCdWJaT0ZZZHdhNFczQVJWbGlmZit1VWNod1BQUG1ZNmFTSmhCa1VUN0t2QkhlOUM1RwovazNGc0M4T1J0UkFoWXpWNnRPdjlqV0Z5b2liQVNnMHVaZXR2VkNaaFFLQmdRRFY0Yk05UEZ0VjB5ZmVoUlpqCnYwYUZ0Rm95cTlJQ2JndVdFaG9KVXNseFpsc1VzOGd3MUx1Z013VDVtcWpydVRPMm8waEhQVGV1MTRBYUhwWjYKUm1NOEh4c0kwZ3o4Zy9ocW4vN3NhQ253VjJRSzFKOTNSYW9QemI5RVQ3c0ttRWxITVBaM1NNWnYwQXk5MmdtMwpxbmFnOHREZUlLdC8xWE1YclJpMll3cEx5d0tCZ1FEQk1FTXFqbXNjZFBVa20vUkp5aDdpSjBhY0VXSUtHSWt3CkMvV1o5T1h3MFdMeTAyTEJYTHR1cEZ5UEpUR0xkU21iZjVEYTl1ZkFWRW04Z1RYSGxWd0hKUDJSQWduU1pIMEIKbE5pKzQwMVNRQmdyZHpZME9xYTVOK1lQY3Y0djM5aDI3cURKaGJSZmFibE9kMFpndVh2UlhsSDRjRU0yajR3cgpVWVVyU1ZxT1d3S0JnR1VLd0hPd2ZQRzUxTDhDSHNhMnlXbEcvOG1xZElkalY2UHBIMVhDUDVxTUlZRlJRY1VYCjZ4L09tbzRVNjdLWkJ2NUVlMVAwYnNieDFmb0E4MVFHeHNEVGJTRW9vcXYwNkxudXBpOG5NcER4cURpWnBGQmoKbitqaGFYZXJOeERWU3VFUUY0L1kySzVnR25UaWVlN0Q0RkUvQlQrN0xXb3grN0oydXhNSERRa3JBb0dCQUxUQgorNVp0K3pwOUZJSlVpWlloVUJRNnU0NTdsVWZzL1MrL2dPVzBoeEYwV1Nqck1KUEx1SFFseFpVS0wvbFVmc0hICjhqbHVuQmtReEkxa09IV3VBcFdNdnRSWEcrbUhySTgyUGpjZFp0TjJ0U2EyUERsU1IzMDJHRVNNUzlsdmtKSjMKWkdvcWVFSnVJYnlSVFlCakRMOHhpWER6V1hCTGo5TllTMG5kTUtYUkFvR0FER1hOYUhNMW95ZElVd1lnQ3ZmNAo0ZzJlb0dycXBrOGg4aFNJWmVybVltbnptS2V6WHcveGhMd3N1dWVrYi93YUZnVkZ6NXQ5WWFHTnljQ0RaeFJmCm5Ya0xCTW85UE4xMElEQmlzVmR4Y1ZENUE5UlNmZS9PNUlhOTFiUi9qQUtuL3Z4Mk9RL3RxY014ZnZaVGlQZFAKbE5mUXdZR2tubHZhVWxlQlRQSWNkSkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
creationTimestamp: "2022-04-21T10:07:11Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:tls.crt: {}
f:tls.key: {}
f:type: {}
manager: kubectl-create
operation: Update
time: "2022-04-21T10:07:11Z"
name: yunweijia-tls
namespace: default
resourceVersion: "556920"
uid: 787c6446-84f5-41ca-aa05-8ca417b4dabd
type: kubernetes.io/tls
[[email protected] tls]#
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
So how do we use this certificate ? We can log in to the container , Look at the specific method of using , Let's log in to have ingress-nginx Look at the node of ;
[[email protected] ~]# crictl ps | grep ingress
be698c18d686e acac7d63e4060 3 hours ago Running nginx-ingress-controller 6 5460063ad17c5
[[email protected] ~]# crictl exec -it be698c18d686e bash
[email protected]:/etc/nginx$ /nginx-ingress-controller --help
# Omit part
--default-ssl-certificate string Secret containing a SSL certificate to be used by the default HTTPS server (catch-all).
Takes the form "namespace/name".
# Omit part
[[email protected] ~]#
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
You can see that we need to add a parameter to specify , Then let's revise ingress-nginx The configuration file ;
[[email protected] tls]# vim /root/ingress-nginx/mandatory.yaml
# stay args Next add a line ;
- --default-ssl-certificate=default/yunweijia-tls
# It becomes the following format ;
containers:
- name: nginx-ingress-controller
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.20.0
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --default-ssl-certificate=default/yunweijia-tls
[[email protected] tls]#
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
After modification , Let's make it work , That is to say, re apply once ;
[[email protected] tls]# cd /root/ingress-nginx/
[[email protected] ingress-nginx]# kubectl apply -f mandatory.yaml
[[email protected] ingress-nginx]# cd -
/root/namespace/tls
[[email protected] tls]#
- 1.
- 2.
- 3.
- 4.
- 5.
After the container is successfully restarted , Let's use https The way to visit and have a look ;
[[email protected] tls]# kubectl get pod -n ingress-nginx
NAME READY STATUS RESTARTS AGE
default-http-backend-86dcdf4845-gfwn8 1/1 Running 5 4d20h
nginx-ingress-controller-b228z 1/1 Running 0 60s
nginx-ingress-controller-zlpm4 1/1 Running 0 77s
[[email protected] tls]#
# Visit the address to see
https://springboot.yunweijia.com/hello?name=yunweijia
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
The return status is as follows :
You can see the return 404, Why did you return this ? Because of our ingress Not added in , Then we configure , Original spring-web.yaml In the document ingress Change it .
[[email protected] tls]# vim ../healthcheck/spring-web.yaml
# Omit part
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: springboot-web-demo
spec:
rules:
- host: springboot.yunweijia.com
http:
paths:
- path: /
backend:
serviceName: springboot-web-demo
servicePort: 80
tls:
- hosts:
- springboot.yunweijia.com
secretName: yunweijia-tls
[[email protected] tls]# kubectl apply -f ../healthcheck/spring-web.yaml
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
When new pod After running , Let's visit the following address again :
https://springboot.yunweijia.com/hello?name=yunweijia
- 1.
Report errors and sort them out
Use ingress-nginx agent https When , Report errors 503 Service Temporarily Unavailable , How should we check .1、 First we know that , When all external calls the services in the container , It's all over ingress-nginx, Well, first of all, let's look at its log , Use the following command to view ;
For the rest, go to VX official account “ Operation and maintenance home ” , reply “150” see .
------ The following contents are anti-counterfeiting contents , Can be ignored ------
------ The following contents are anti-counterfeiting contents , Can be ignored ------
------ The following contents are anti-counterfeiting contents , Can be ignored ------
Is it reliable to pay for the training of power operation and maintenance engineers? Nanshan District recruits operation and maintenance engineers. The necessary basic knowledge of operation and maintenance engineers. The difference between junior high school senior operation and maintenance engineers. Is it easy for operation and maintenance engineers to be promoted? Hong Kong linux Operation and maintenance engineer operation and maintenance engineer working principle Tencent idc Operation and Maintenance Engineer Interview Lanzhou big data operation and Maintenance Engineer Recruitment operation and maintenance engineer equipment substation operation and maintenance engineer work plan data operation and maintenance engineer treatment basis desktop operation and maintenance engineer operation and maintenance engineer is it difficult for Guangxi communication operation and maintenance engineer training class operation and maintenance engineer to have a degree? Radio telescope operation and maintenance engineer Yongqing environmental protection operation and maintenance engineer treatment how about Haier biological operation and Maintenance Engineer written test answer of operation and Maintenance Engineer
copyright notice
author[51CTO],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/119/202204291604290564.html
The sidebar is recommended
- About node JS server related concepts
- Access control module (2)
- About virtual lists
- Developing figma plug-in using Vue 3 + vite
- Learn more about the garbage collection engine of chrome V8 JavaScript engine
- Vue3 uses vite instead of webpack
- How to upload applet code through node? Just take a look
- Using H5 video tag in Vue to play local video in pop-up window
- What is the difference between classes in Es5 and ES6?
- [Vue] play with the slot
guess what you like
[Part 4 of front-end deployment] using docker to build cache and multi-stage construction to optimize single page applications
Vue2 simple use of vant (based on Vue CLI)
node. JS server
React uses concurrent mode. When the rendering phase exceeds the time slice, high priority tasks jump the queue. How will the lanes on the fiber of the previous task be solved
Vuecli2 multi page, how to remove HTML suffix
Vue router dynamically modifies routing parameters
How to use webpack or configure quasar after context isolation is turned on by electron?
Vue3 how do parent components call child component methods
Es learning notes (I): http request
【Java WEB】AJAX
Random recommended
- Java project: nursing home management system (java + springboot + thymeleaf + HTML + JS + MySQL)
- Java project: drug management system (java + springboot + HTML + layui + bootstrap + seals + MySQL)
- Java project: agricultural material management system (java + springboot + easyUI + HTML + Maven + MySQL)
- How do Vue, native JS and jQuery feel about development
- The Ajax backend accepts post data and writes it directly to the database
- Java project: agricultural material management system (java + springboot + easyUI + HTML + Maven + MySQL)
- Brother Lao Yu takes you to play with esp32:14 and personally make a two-way wireless remote control (I)
- How to create JavaScript custom events
- A king's time, I learned nginx
- Vue quick start (with actual small items: Notepad, weather forecast, music player)
- Vue: convert user input to numeric type
- - Status code: 404 for http://mirrors.cloud.aliyuncs.com/centos/8/AppStream/x86_64/os/repodata/repom
- vue. config. Understanding of agent in JS
- After the node is successfully installed, CMD can be executed, but the compiler webstorm runs NPM install and prompts that there is no solution to this command
- How to develop and deploy front-end code in large companies
- Vue assigns permissions to buttons through instructions
- [development diary from 22 years to April] Vue problems encountered in actual projects and their solutions
- [methodology 1] CSS development skills - global style setting and local style
- vue3. 0 dynamically bind and obtain DOM through ref;
- How to use HTML to display segmentation
- How to use HTML for touch event in mobile terminal
- How to define and use HTML box model
- How to use the box pack attribute and box align attribute inside the box in HTML
- What are the differences and relationships among HTML, CSS and JS
- How to save home page as HTML
- How to solve the post request return 405 of nginx reverse proxy to HTML page
- How to upload pictures without refresh with HTML5 + PHP
- How to define HTML text tags, pictures, paths, hyperlinks and anchors
- How to upload static HTML files to the host or server
- How to use calculated and watch in Vue
- How does Vue Preview PDF, word, xls, PPT and txt files
- Can jQuery listen for events
- Luxury cars "senseless price increase", the configuration of the new Porsche Macan remains unchanged, with a maximum increase of 19000 yuan
- 1-ch579m program upgrade OTA (self built Internet of things platform) - ch579m uses its own Ethernet to remotely download and upgrade MCU program through HTTP (MCU program rotation check and update)
- The front-end downloads files, and the back-end sends gzip files. Is there a way to get the file size?
- Why does Vue route jump refresh the page?
- The conversion code of Babel in the project needs to include node_ Modules
- [nginx] prefix removal in nginx proxy pass configuration
- Vue packaging error module build failed: typeerror: this getOptions is not a function
- Use of I18N in Vue