第二节Igress部署安装（nginx） _部署

盛年不重来，一日难再晨，及时当勉励，岁月不待人。这篇文章主要讲述第二节Igress部署安装（nginx）相关的知识，希望能为你提供帮助。
一、背景K8S能保证在任意副本（Pod）挂掉时自动从其他机器启动一个新的，还可以动态扩容等，通俗地说，这个 Pod 可能在任何时刻出现在任何节点上，也可能在任何时刻死在任何节点上；那么自然随着 Pod 的创建和销毁，Pod IP 肯定会动态变化；那么如何把这个动态的 Pod IP 暴露出去？这里借助于 Kubernetes 的 Service 机制，Service 可以以标签的形式选定一组带有指定标签的 Pod，并监控和自动负载他们的 Pod IP，那么我们向外暴露只暴露 Service IP 就行了；这就是 NodePort 模式：即在每个节点上开起一个端口，然后转发到内部 Pod IP 上，如下图所示：

?采用 NodePort 方式暴露服务面临问题是，服务一旦多起来，NodePort 在每个节点上开启的端口会及其庞大，而且难以维护
二、Ingress原理?为了解决端口管理问题，并且能够兼容pod的动态伸缩后的动态路由问题，这就是ingress，它基于service实现了对pod的负载均衡
??
??如上图所示，ingress Controller通过识别ingress对象动态对controller中的转发规则进行修改，而ingress对象通过识别service来获取service对应的pod节点，并且实现负载均衡
?Ingress 简单的理解就是你原来需要改 nginx（不一定是nginx，还可能是haproxy，envoy等，nginx是官方的默认实现）配置，然后配置各种域名对应哪个 Service，现在把这个动作抽象出来，变成一个 Ingress 对象，你可以用 yaml 创建，每次不要去改 Nginx 了，直接改 yaml 然后创建/更新就行了；那么问题来了：”Nginx 该怎么处理？”
ingress Controller 这东西就是解决 “Nginx 的处理方式” 的；Ingress Controller 通过与 Kubernetes API 交互，动态的去感知集群中 Ingress 规则变化，然后读取他，按照他自己模板生成一段 Nginx 配置，再写到 Nginx Pod 里，最后 reload 一下
实际上Ingress也是Kubernetes API的标准资源类型之一，它其实就是一组基于DNS名称（host）或URL路径把请求转发到指定的Service资源的规则。用于将集群外部的请求流量转发到集群内部完成的服务发布。我们需要明白的是，Ingress资源自身不能进行“流量穿透”，仅仅是一组规则的集合，这些集合规则还需要其他功能的辅助，比如监听某套接字，然后根据这些规则的匹配进行路由转发，这些能够为Ingress资源监听套接字并将流量转发的组件就是Ingress Controller
关于headless service在这里有必要进行补充说明下在K8S中，Service可以起到对pod负载均衡的作用，主要有3种service type（ClusterIP，NodePort，LoadBalance），其中type为ClusterIP时有2种情况，clusterIP设置为None时，我们把它称为headless service，这个headless service与普通的service有什么区别呢？
headless service设置clusterIP为None，那么在k8s集群中，kube-proxy就不对其进行代理，则集群内部对象在访问该服务时将返回服务的全部pod的ip，开发者可以根据这些ip列表自己做负载均衡。我们对以上说法进行下证明
如下图所示，我建了2个service，其中nacos-headless为clusterIP设置为None的，这2个service都代理了资源类型为StatefulSet类型的nacos服务（2个pod实例）

?么我登录一个pod容器根据dns查找下对应的服务名，发现查找nacos-headless时，返回了2个ip，正常service返回1个ip，因此也证明了以上说法，headless service在集群内部使用时，service不对其进行负载均衡
??
headless service主要使用场景1、k8s集群内部自己做负载均衡的情况
2、与ingress配合使用，使用ingress来做负载、路由，并配置一些流量规则的情况
三、安装ingress-nginx1.部署文件介绍?

1.namespace.yaml
创建一个独立的命名空间 ingress-nginx

2.configmap.yaml
ConfigMap是存储通用的配置变量的，类似于配置文件，使用户可以将分布式系统中用于不同模块的环境变量统一到一个对象中管理；而它与配置文件的区别在于它是存在集群的“环境”中的，并且支持K8S集群中所有通用的操作调用方式。
从数据角度来看，ConfigMap的类型只是键值组，用于存储被Pod或者其他资源对象（如RC）访问的信息。这与secret的设计理念有异曲同工之妙，主要区别在于ConfigMap通常不用于存储敏感信息，而只存储简单的文本信息。
ConfigMap可以保存环境变量的属性，也可以保存配置文件。
创建pod时，对configmap进行绑定，pod内的应用可以直接引用ConfigMap的配置。相当于configmap为应用/运行环境封装配置。
pod使用ConfigMap，通常用于：设置环境变量的值、设置命令行参数、创建配置文件。

3.default-backend.yaml
如果外界访问的域名不存在的话，则默认转发到default-http-backend这个Service，其会直接返回404：

4.rbac.yaml
负责Ingress的RBAC授权的控制，其创建了Ingress用到的ServiceAccount、ClusterRole、Role、RoleBinding、ClusterRoleBinding

5.with-rbac.yaml
是Ingress的核心，用于创建ingress-controller。前面提到过，ingress-controller的作用是将新加入的Ingress进行转化为Nginx的配置

2.? 部署文件介绍

1.namespace.yaml
创建一个独立的命名空间 ingress-nginx

2.configmap.yaml
ConfigMap是存储通用的配置变量的，类似于配置文件，使用户可以将分布式系统中用于不同模块的环境变量统一到一个对象中管理；而它与配置文件的区别在于它是存在集群的“环境”中的，并且支持K8S集群中所有通用的操作调用方式。
从数据角度来看，ConfigMap的类型只是键值组，用于存储被Pod或者其他资源对象（如RC）访问的信息。这与secret的设计理念有异曲同工之妙，主要区别在于ConfigMap通常不用于存储敏感信息，而只存储简单的文本信息。
ConfigMap可以保存环境变量的属性，也可以保存配置文件。
创建pod时，对configmap进行绑定，pod内的应用可以直接引用ConfigMap的配置。相当于configmap为应用/运行环境封装配置。
pod使用ConfigMap，通常用于：设置环境变量的值、设置命令行参数、创建配置文件。

3.default-backend.yaml
如果外界访问的域名不存在的话，则默认转发到default-http-backend这个Service，其会直接返回404：

4.rbac.yaml
负责Ingress的RBAC授权的控制，其创建了Ingress用到的ServiceAccount、ClusterRole、Role、RoleBinding、ClusterRoleBinding

5.with-rbac.yaml
是Ingress的核心，用于创建ingress-controller。前面提到过，ingress-controller的作用是将新加入的Ingress进行转化为Nginx的配置

3. ?部署ingress
?1）准备镜像，从这里mandatory.yaml查看需要哪些镜像??镜像名称版本下载地址

镜像名称	版本	下载地址
k8s.gcr.io/defaultbackend-amd64	1.5	registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64
quay.io/kubernetes-ingress-controller/nginx-ingress-controller	0.20.0	registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller

?2）在每一个节点(???Node??)上下载镜像:

[root@k8s-node1 ~]# docker pull registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64:1.5#注意版本号

[root@k8s-node1 ~]#docker pull registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller:0.20.0 #注意版本号

[root@k8s-node1 ~]# docker images#检查镜像是否下载成功
REPOSITORYTAGIMAGE IDCREATEDSIZE
registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd641.5d8f37b8cdaf42 weeks ago5.13 MB
registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller0.20.03cc332ecde4f3 weeks ago513 MB

3）?下载yaml文件并更新mandatory.yaml中的镜像地址（master上）

[root@k8s-master ~]# mkdir /home/ingress-nginx
[root@k8s-master ~]# cd /home/ingress-nginx
[root@k8s-master ingress-nginx]# sed -i s#k8s.gcr.io/defaultbackend-amd64#registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64#g mandatory.yaml#替换defaultbackend-amd64镜像地址
sed -i s#quay.io/kubernetes-ingress-controller/nginx-ingress-controller#registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller#g mandatory.yaml#替换nginx-ingress-controller镜像地址
[root@k8s-master ingress-nginx]# grep image mandatory.yaml#检查替换结果
# Any image is permissible as long as:
image: registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64:1.5
image: registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller:0.20.0

cat ?mandatory.yaml?

apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx

---

apiVersion: apps/v1
kind: Deployment
metadata:
name: default-http-backend
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissible as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64:1.5
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi

---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: ingress-nginx
labels:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx
spec:
ports:
- port: 80
targetPort: 8080
selector:
app.kubernetes.io/name: default-http-backend
app.kubernetes.io/part-of: ingress-nginx

---

kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

---

kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

---

kind: ConfigMap
apiVersion: v1
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

---

apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "< election-id> -< ingress-class> "
# Here: "< ingress-controller-leader> -< nginx> "
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx

---

apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
hostNetwork: true
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller:0.20.0
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1

---

【第二节Igress部署安装（nginx）】修改镜像

[root@k8s-master ~]# mkdir /home/ingress-nginx
[root@k8s-master ~]# cd /home/ingress-nginx
[root@k8s-master ingress-nginx]# sed -i s#k8s.gcr.io/defaultbackend-amd64#registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64#g mandatory.yaml#替换defaultbackend-amd64镜像地址
sed -i s#quay.io/kubernetes-ingress-controller/nginx-ingress-controller#registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller#g mandatory.yaml#替换nginx-ingress-controller镜像地址
[root@k8s-master ingress-nginx]# grep image mandatory.yaml#检查替换结果
# Any image is permissible as long as:
image: registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/defaultbackend-amd64:1.5
image: registry.cn-qingdao.aliyuncs.com/kubernetes_xingej/nginx-ingress-controller:0.20.0

修改mandatory.yaml ，在??serviceAccountName??上方添加??hostNetwork: true??
4）?修改service-nodeport.yaml文件，添加NodePort端口，默认为随机端口??[root@k8s-master ingress-nginx]# cat service-nodeport.yaml?

apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 32080#http
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 32443#https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx

5）部署??nginx??-ingress-controller

[root@k8s-master ingress-nginx]# kubectl apply -f mandatory.yaml

[root@k8s-master ingress-nginx]# kubectl apply -f service-nodeport.yaml

6）?查看ingress-nginx组件状态

[root@k8s-master ingress-nginx]#kubectl get pods -n ingress-nginx#pod状态
NAMEREADYSTATUSRESTARTSAGE
default-http-backend-66c4fbf5b4-x2n8w1/1Running058s
nginx-ingress-controller-64bcff8657-5gdrd1/1Running058s
[root@k8s-master ingress-nginx]#kubectl get svc -n ingress-nginx#service状态及暴露端口
NAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGE
default-http-backendClusterIP10.96.87.65< none> 80/TCP1m
ingress-nginxNodePort10.100.48.237< none> 80:32080/TCP,443:32443/TCP1m

7）?访问ingress-nginx服务，查看是否配置成功
?以看到，提示404，这个因为当前ingress-nginx服务现在还没有后端服务，这是正常的
?四、?创建ingress-nginx后端服务1.创建一个Service及后端Deployment(以nginx为例)

[root@k8s-master01 ingress]# cat deploy-demon.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
spec:
replicas: 5
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: httpd
containerPort: 80

2.?创建相关服务及检查状态是否就绪

[root@k8s-master ingress-nginx]# kubectl apply -f deploy-demon.yaml
service "myapp" created
deployment.apps "myapp-deploy" created
[root@k8s-master ingress-nginx]# kubectl get pods
NAMEREADYSTATUSRESTARTSAGE
myapp-deploy-5cfd895984-ffzm51/1Running01m
myapp-deploy-5cfd895984-ftg9t1/1Running01m
myapp-deploy-5cfd895984-jg8871/1Running01m
myapp-deploy-5cfd895984-mk4jq1/1Running01m
myapp-deploy-5cfd895984-nqz6s1/1Running01m
myweb-hrfqm1/1Running08d
myweb-pb5tb1/1Running08d
myweb-xrk221/1Running08d
[root@k8s-master ingress-nginx]# kubectl get svc
NAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGE
kubernetesClusterIP10.96.0.1< none> 443/TCP9d
myappClusterIP10.102.30.215< none> 80/TCP1m
mywebNodePort10.106.138.244< none> 8080:31888/TCP8d

3. 将myapp添加至ingress-nginx中

[root@k8s-master ingress-nginx]# cat ingress-myapp.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myapp.magedu.com #生产中该域名应当可以被公网解析
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80

?[root@k8s-master ingress-nginx]# kubectl apply -f ingress-myapp.yaml

3.配置域名解析，当前测试环境我们使用hosts文件进行解析
??172.33.16.241 myapp.magedu.com
五 ?创建tomcat1.?创建一个Service及后端Deployment?

[root@k8s-master ingress-nginx]# cat tomcat-deploy.yaml
apiVersion: v1
kind: Service
metadata:
name: tomcat
namespace: default
spec:
selector:
app: tomcat
release: canary
ports:
- name: http
port: 8080
targetPort: 8080
- name: ajp
port: 8009
targetPort: 8009

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-deploy
spec:
replicas: 3
selector:
matchLabels:
app: tomcat
release: canary
template:
metadata:
labels:
app: tomcat
release: canary
spec:
containers:
- name: tomcat
image: tomcat:7-alpine
ports:
- name: httpd
containerPort: 8080
- name: ajp
containerPort: 8009
[root@k8s-master ingress-nginx]# kubectl apply -f tomcat-deploy.yaml
service "tomcat" created
deployment.apps "tomcat-deploy" created
[root@k8s-master ingress-nginx]# kubectl get pod #等待pod状态就绪

2.将tomcat添加至ingress-nginx中

[root@k8s-master ingress-nginx]# cat ingress-tomcat.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
rules:
- host: tomcat.magedu.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080
[root@k8s-master ingress-nginx]# kubectl apply -f ingress-tomcat.yaml
ingress.extensions "ingress-tomcat" created

3. ?下面我们对tomcat服务添加httpds服务
1) 创建私有证书及secret

[root@k8s-master ingress-nginx]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
.......+++
..............................+++
e is 65537 (0x10001)
[root@k8s-master ingress-nginx]# openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=Beijing/L=Beijing/O=DevOps/CN=tomcat.magedu.com #注意域名要和服务的域名一致
[root@k8s-master ingress-nginx]# kubectl create secret tls tomcat-ingress-secret --cert=tls.crt --key=tls.key #创建secret
secret "tomcat-ingress-secret" created
[root@k8s-master ingress-nginx]# kubectl get secret
NAMETYPEDATAAGE
default-token-bf52lkubernetes.io/service-account-token39d
tomcat-ingress-secretkubernetes.io/tls27s
[root@k8s-master ingress-nginx]# kubectl describe secret tomcat-ingress-secret
Name:tomcat-ingress-secret
Namespace:default
Labels:< none>
Annotations:< none>

Type:kubernetes.io/tls

Data
====
tls.crt:1294 bytes#base64加密
tls.key:1679 bytes

2) 将证书应用至tomcat服务中

[root@k8s-master01 ingress]# cat ingress-tomcat-tls.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-tomcat-tls
namespace: default
annotations:
kubernets.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- tomcat.magedu.com#与secret证书的域名需要保持一致
secretName: tomcat-ingress-secret#secret证书的名称
rules:
- host: tomcat.magedu.com
http:
paths:
- path:
backend:
serviceName: tomcat
servicePort: 8080