vim myapp.yaml #实际被访问的容器

apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  selector:
    app: myapp
  ports:
    - name: http
      port: 80
      targetPort: 80
#创建一个service,
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
#创建一个控制器
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
        - name: myapp
          image: ikubernetes/myapp:v2
#创建3个容器

2.下载ingress得所需得文件

for i in configmap.yaml namespace.yaml rbac.yaml tcp-services-configmap.yaml with-rbac.yaml;do wget https://github.com/kubernetes/ingress-nginx/tree/master/deploy/static/$i ;done

#有个文件无法下载，4个文件能正常完成实验

3.创建前端容器

vim service-nodeport.yaml #前端反代容器，里面有规则自动动态调度后端容器

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  #放在新的名称空间里
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080   
      #固定宿主的端口
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

kubectl apply -f namespace.yaml #先应用名称空间资源
kubectl apply -f . #在应用所有资源

#运行查看命令能看到 ingress的容器和service资源已正常运行了
ngress Controller 部署部署好了，现在要写ingress的规则，注入到ingress-nginx pod的配置文件中

4.创建前端容器规则

vim ingress-myapp.yaml #前段反代容器的规则资源

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  annotations:
    kubernetes.io/ingress.class: "nginx"
    #这里是说明ingress的类型使用的nginx，一定要说明这点，否则ingress Controller 不知道是配置成那种类型的配置文件
spec:
  rules:
  - host: www.yang.com
    #使用虚拟主机来访问
    http:
      paths:
      - path:
        backend:
          serviceName: myapp
          #代理的后端的pod的service，通过这个service来生成nginx的upstrm 
          servicePort: 80

kubectl apply -f ingress-myapp.yaml #应用一下规则资源

5.访问

#修改主机的host 文件，把虚拟主机域名绑定到集群的任何一个node节点上

#分配到了112主机上了，正常访问

6.https 访问

生成证书

[ ingress]# openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
......................................+++
...................+++
e is 65537 (0x10001)
[ ingress]# openssl req -new -x509 -key tls.key -out tls.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:nj
Locality Name (eg, city) [Default City]:nj
Organization Name (eg, company) [Default Company Ltd]:cs
Organizational Unit Name (eg, section) []:cs
Common Name (eg, your name or your server‘s hostname) []:www.yang.com
Email Address []:
[ ingress]# ls
configmap.yaml  ingress-myapp.yaml  myapp.yaml  namespace.yaml  rbac.yaml  service-nodeport.yaml  tls.crt  tls.key  with-rbac.yaml

kubectl create secret tls myapp-ingress-secret --cert=tls.crt --key=tls.key
kubectl get secrets

cp ingress-myapp.yaml ingress-myapp-https.yaml #备份一下容器文件
vim ingress-myapp-https.yaml #修改一下前段规则，加入证书

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  annotations:
    kubernetes.io/ingress.class: "nginx"
    #这里是说明ingress的类型使用的nginx，一定要说明这点，否则ingress Controller 不知道是配置成那种类型的配置文件
spec:
  tls:
    #加入证书字段
  - hosts:
    - www.yang.com
    #认证的域名
    secretName: myapp-ingress-secret
        #证书name
  rules:
  - host: www.yang.com
    http:
      paths:
      - path:
        backend:
          serviceName: myapp

kubectl apply -f ingress-myapp-https.yaml #应用一下修改过后的规则

#输入https://www.yang.com:30443 访问