1. 创建 secret
$unzip unzip 3937326_app.*****.com_nginx.zip #该文件就是阿里云上下载下来的证书 $mv 3937326_app.*****.com.pem tls.crt $mv 3937326_app.*****.com.key tls.key $kubectl -n prod create secret tls app-*****-com-secret --key ./tls.key --cert ./tls.crt
2. 在Ingress中引用secret,配置https
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: 'true' nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive" nginx.ingress.kubernetes.io/proxy-http-version: "1.1" nginx.ingress.kubernetes.io/proxy-body-size: 80m name: phpldapadmin namespace: public-service spec: tls: - hosts: - 'xxxxxxxx123.com' secretName: xxx-com-secret rules: - host: xxxxxxxx123.com http: paths: - backend: serviceName: phpldapadmin-service servicePort: 8080 path: /
3. 通过https://app.*****.com访问服务