Task weight: 4%
Use context: kubectl config use-context workload-prod
In Namespace team-pink there is an existing Nginx Ingress resources named secure which accepts two paths /app and /api which point to different ClusterIP Services.
From your main terminal you can connect to it using for example:
- HTTP: curl -v http://secure-ingress.test:31080/app
- HTTPS: curl -kv https://secure-ingress.test:31443/app
Right now it uses a default generated TLS certificate by the Nginx Ingress Controller.
You're asked to instead use the key and certificate provided at /opt/course/15/tls.key and /opt/course/15/tls.crt. As it's a self-signed certificate you need to use curl -k when connecting to it.
译文
任务权重:4%。
使用环境: kubectl config use-context workload-prod
在命名空间 team-pink 中,有一个名为 secure 的 Nginx Ingress 资源,它接受两个路径 /app 和 /api ,指向不同的ClusterIP服务。
从你的主终端,你可以使用比如说,连接到它。
- HTTP: curl -v http://secure-ingress.test:31080/app
- HTTPS: curl -kv https://secure-ingress.test:31443/app
现在,它使用由 Nginx Ingress Controller 默认生成的TLS证书。
要求你使用 /opt/course/15/tls.key 和 /opt/course/15/tls.crt 提供的密钥和证书。由于这是一个自签的证书,你需要在连接它时使用 curl -k 。
解答:
检查域名与地址
k -n team-pink get ing secure
ping secure-ingress.test
访问测试,并检查证书
curl http://secure-ingress.test:31080/app
curl http://secure-ingress.test:31080/api
curl https://secure-ingress.test:31443/api
curl -k https://secure-ingress.test:31443/api
curl -kv https://secure-ingress.test:31443/api
使用证书创建 secret
k -n team-pink create secret tls tls-secret --key /opt/course/15/tls.crt --cert /opt/course/15/tls.crt
k -n team-pink get ing secure -oyaml > 15_ing_bak.yaml
k -n team-pink edit ing secure
# kubectl -n team-pink edit ing secure
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
...
generation: 1
name: secure
namespace: team-pink
...
spec:
tls: # 添加
- hosts: # 添加
- secure-ingress.test # 添加
secretName: tls-secret # 添加
rules:
- host: secure-ingress.test
http:
paths:
- backend:
service:
name: secure-app
port: 80
path: /app
pathType: ImplementationSpecific
- backend:
service:
name: secure-api
port: 80
path: /api
pathType: ImplementationSpecific
...
再次检查证书
curl -k https://secure-ingress.test:31443/api
curl -kv https://secure-ingress.test:31443/api