Deployment4
https://域名 访问ipquery
目标: 通过apply创建了 ipquery 对应的deployment,它具有4个副本。通过get pods 可以查询4个副本的状态。 并且通过ingress实现https域名访问ipquery
(1) 前置条件
DNS域名服务指向其中一台节点服务器 queryip.michaelapp.com 指向节点服务器
并且安装了Nginx Ingress Controller 和 cert-manager
(2) 创建deployment声明文件
ipquery-ingress-https.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ipquery-v1
labels:
app: ipquery-v1
spec:
replicas: 4
selector:
matchLabels:
app: ipquery-v1
template:
metadata:
labels:
app: ipquery-v1
spec:
containers:
- name: ipquery-k8s
image: lorahz/ipquery:1.10
---
apiVersion: v1
kind: Service
metadata:
name: ipquery-v1
labels:
app: ipquery-v1
spec:
selector:
app: ipquery-v1
ports:
- name: ipquery-v1
protocol: TCP
port: 9999
targetPort: 8888
type: LoadBalancer
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: queryip-ssl-cert
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: panyingyun@gmail.com
privateKeySecretRef:
name: queryip-ssl-cert
http01: {}
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ipquery-v1
annotations:
certmanager.k8s.io/cluster-issuer: queryip-ssl-cert
spec:
tls:
- hosts:
- queryip.michaelapp.com
secretName: queryip-ssl-cert
rules:
- host: queryip.michaelapp.com
http:
paths:
- path: /
backend:
serviceName: ipquery-v1
servicePort: 9999
(3) 使用kubctl apply 或者 kubctl create创建deployment
//创建deployment
[root@t1 ipquery]# kubectl apply -f ipquery-ingress-https.yaml
deployment.apps/ipquery-v1 created
service/ipquery-v1 created
clusterissuer.certmanager.k8s.io/queryip-ssl-cert created
ingress.networking.k8s.io/ipquery-v1 created
//查询deployment对应的pods列表
[root@t1 ipquery]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cm-acme-http-solver-s9z7h NodePort 10.96.252.225 <none> 8089:31029/TCP 14s
ipquery-v1 LoadBalancer 10.96.101.245 <pending> 9999:32541/TCP 36s
(4) 如何访问Pod
浏览器或者curl https://queryip.michaelapp.com/
实现自动获取免费的Let’s Encrypt SSL证书
(5) 证书服务请参考