部署 Nginx Ingress Controller
helm install stable/nginx-ingress --name nginx-ingress --set rbac.create=true --namespace=kube-system
$ kubectl -n kube-system get service nginx-ingress-controller
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.0.216.124 6.6.6.6 80:31935/TCP,443:31797/TCP 4d
# Install cert-manager
helm install --namespace=kube-system --name cert-manager stable/cert-manager --set ingressShim.defaultIssuerName=letsencrypt --set ingressShim.defaultIssuerKind=ClusterIssuer
# create cluster issuer
kubectl apply -f https://raw.githubusercontent.com/feiskyer/kubernetes-handbook/master/manifests/ingress-nginx/cert-manager/cluster-issuer.yaml
$ htpasswd -c auth foo
$ kubectl -n kube-system create secret generic basic-auth --from-file=auth
cat <<EOF | kubectl create -f-
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web
namespace: default
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "true"
certmanager.k8s.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- echo-tls.example.com
secretName: web-tls
rules:
- host: echo-tls.example.com
http:
paths:
- path: /
backend:
serviceName: nginx
servicePort: 80
EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/auth-realm: Authentication Required
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/secure-backends: "true"
certmanager.k8s.io/cluster-issuer: letsencrypt
name: dashboard
namespace: kube-system
spec:
tls:
- hosts:
- dashboard.example.com
secretName: dashboard-ingress-tls
rules:
- host: dashboard.example.com
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
