一、准备证书
1、有证书,上传证书文件至服务器
2、无证书(申请证书),上传证书文件至服务器
阿里云申请证书:https://www.aliyun.com/product/cas
腾讯云申请证书:https://cloud.tencent.com/product/ssl
注:免费申请一个单域名证书,有效期一年
3、创建 secret
例如:8623350_www.yangxingzhen.com_nginx.zip(这是从阿里云下载下来的证书文件)
[root@XiaoQiBoKe_120 ~]# unzip 8623350_www.yangxingzhen.com_nginx.zip
[root@XiaoQiBoKe_120 ~]# mv 8623350_www.yangxingzhen.com.pem www.yangxingzhen.com.pem
[root@XiaoQiBoKe_120 ~]# mv 8623350_www.yangxingzhen.com.key www.yangxingzhen.com.key
[root@XiaoQiBoKe_120 ~]# kubectl -n monitor create secret tls yangxingzhen-secret --key ./www.yangxingzhen.com.key --cert ./www.yangxingzhen.com.pem
4、Ingress中引用secret,配置https
[root@XiaoQiBoKe_120 ~]# vim ingress-grafana-secret.yaml
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: ingress-grafana
- namespace: monitor
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: / # 重写路径
- nginx.ingress.kubernetes.io/ssl-redirect: 'true' # 访问http跳转https
- nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" # 修改代理超时时间,默认是60s
- nginx.ingress.kubernetes.io/proxy-read-timeout: "600" # 接收代理数据超时时间,默认60s
- nginx.ingress.kubernetes.io/proxy-send-timeout: "600" # 发送数据至代理超时时间,默认60s
- spec:
- ingressClassName: nginx
- tls:
- - hosts:
- - 'grafana.yangxingzhen.com'
- secretName: yangxingzhen-secret
- rules:
- - host: grafana.yangxingzhen.com
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: grafana
- port:
- number: 3000
[root@XiaoQiBoKe_120 ~]# kubectl get ingress -n monitor
[root@XiaoQiBoKe_120 ~]# kubectl apply -f ingress-grafana-secret.yaml
5、创建成功后,通过https://grafana.yangxingzhen.com访问服务