3

1) 我在 AWS 上生成了 SSL 证书

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...fa5298fc
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
  labels:
    k8s-addon: ingress-nginx.addons.k8s.io
  name: ingress-nginx-lb-svc
  # namespace: ingress-nginx
spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: http
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  selector:
    app: nginx-ingress-control-pod
  type: LoadBalancer

2) 然后我有 nginx 控制器 pod

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-ingress-control-pod
  labels:
    app: nginx-ingress-control-pod
spec:
  replicas: 1
  selector:
    app: nginx-ingress-control-pod
  template:
    metadata:
      labels:
        app: nginx-ingress-control-pod
    spec:
      containers:
      - image: nginxdemos/nginx-ingress:1.0.0
        imagePullPolicy: Always
        name: nginx-ingress-control-pod
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        #- name: https
        #  containerPort: 443
        #  hostPort: 443
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        # Uncomment the lines below to enable extensive logging and/or customization of
        # NGINX configuration with configmaps
        args:
         #- -v=3
         #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
         #- -default-server-tls-secret=$(POD_NAMESPACE)/web-secret

3)最后我正在使用 helm 部署grafanaprometheus(此设置在通过NodePort访问时有效)

我只是无法弄清楚 ELB 和入口的设置。顺便说一句,入口是正确创建的grafana部署的一部分

3)

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  creationTimestamp: 2018-04-06T09:28:10Z
  generation: 1
  labels:
    app: graf-helmf-default-ns-grafana
    chart: grafana-0.8.5
    component: grafana
    heritage: Tiller
    release: graf-helmf-default-ns
  name: graf-helmf-default-ns-grafana
  namespace: default
  resourceVersion: "995865"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/graf-helmf-default-ns-grafana
  uid: d2991870-397c-11e8-9d...5a37f5a
spec:
  rules:
  - host: grafana.my.valid.domain.com
    http:
      paths:
      - backend:
          serviceName: graf-helmf-default-ns-grafana
          servicePort: 80
status:
  loadBalancer: {}
4

0 回答 0