以下範例主要是針對多種情境的結合做說明,使用時需要依需求做調整
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-example-ingress
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # 強制使用 https
spec:
defaultBackend: # 設定當沒有符合下面 rule 時 預設會訪問的路徑
service:
name: test
port:
number: 80
tls:
- hosts:
- https-example.foo.com # 設定訪問 https-example.foo.com 時 tls的配置
secretName: testsecret-tls # 參考下方 secrets
rules:
- host: https-example.foo.com # 如果沒有寫 host 所有請求進來會自動導向該處
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service1
port:
number: 80
- host: foo.bar.com # 可以使用多個 host
http:
paths:
- path: /foo # 單個 host 可以有多個 path
pathType: Prefix
backend:
service:
name: service1
port:
number: 4200
- path: /bar
pathType: Prefix
backend:
service:
name: service2
port:
number: 8080
- host: "*.foo.com" # 除了完整 host 外也可以使用 *
http:
paths:
- pathType: Prefix
path: "/foo"
backend:
service:
name: service2
port:
number: 80
---
apiVersion: v1
kind: Secret
metadata:
name: testsecret-tls
namespace: default
data:
tls.crt: base64 encoded cert # cat cert.crt | base64 -w 0 => 使用 -w 0 確保沒有換行
tls.key: base64 encoded key
type: kubernetes.io/tls