OKE 安装 Nginx Ingress 配置应用 TLS 证书

OKE 安装 Nginx Ingress && 配置应用 TLS 证书

1 安装 Nginx Ingress controller

示例：

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v<vnum>/deploy/static/provider/cloud/deploy.yaml

• 其中 是ingress的版本，大家可以参考 nginx ingress 官方找寻自己的示例

nginx ingress 官方地址：https://github.com/kubernetes/ingress-nginx?tab=readme-ov-file#supported-versions-table

2 安装后查看 ingress

2.1 查看svc创建状态

kubectl get svc -n ingress-nginx

2.2 结果展示

当前状态表示正在创建中，EXTERNAL-IP 的pending状态表示 OKE 正在为当前svc分配负载均衡 IP

NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                       AGE
ingress-nginx-controller   LoadBalancer   10.96.229.38   <pending>      80:30756/TCP,443:30118/TCP    1h

2.3 持续展示

如下结果中 EXTERNAL-IP 列已经显示出 IP， 表示当前 ingress 已经完成了映射

NAME                       TYPE           CLUSTER-IP     EXTERNAL-IP       PORT(S)                       AGE
ingress-nginx-controller   LoadBalancer   10.96.229.38   129.146.214.219   80:30756/TCP,443:30118/TCP    1h

3 创建 TLS Secret

3.1 自签名方式创建KEY

示例采用自签名方式进行配置

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"

3.2 TLS 添加 Secret 中

kubectl create secret tls tls-secret --key tls.key --cert tls.crt

4 创建示例后端集

4.1 创建 Deployment hello-world 示例

### vim hello-world-ingress.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: docker-hello-world
  labels:
    app: docker-hello-world
spec:
  selector:
    matchLabels:
      app: docker-hello-world
  replicas: 3
  template:
    metadata:
      labels:
        app: docker-hello-world
    spec:
      containers:
      - name: docker-hello-world
        image: scottsbaldwin/docker-hello-world:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: docker-hello-world-svc
spec:
  selector:
    app: docker-hello-world
  ports:
    - port: 8088
      targetPort: 80
  type: ClusterIP

4.2 部署示例

kubectl create -f hello-world-ingress.yaml

5 配置 Ingress 分发

5.1 配置 ingress .yaml

### vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world-ing
spec:
  ingressClassName: nginx
  tls:
  - secretName: tls-secret
  rules:
  - http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: docker-hello-world-svc
              port:
                number: 8088

5.2 应用 ingress 配置

kubectl create -f ingress.yaml

6 测试结果

$ curl -k https://129.146.214.219

<h1>Hello webhook world from: docker-hello-world-1732906117-6115l</h1>

$ curl -k https://129.146.214.219

<h1>Hello webhook world from: docker-hello-world-1732906117-7r89v</h1>

$ curl -k https://129.146.214.219

<h1>Hello webhook world from: docker-hello-world-1732906117-0ztkm</h1>

7 参考资料

https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengsettingupingresscontroller.htm#Example_Setting_Up_an_Ingress_Controller_on_a_Cluster