1、HTTPS加密
1.1 创建mydevweb.local泛域名证书
参考文章:泛域名证书
1.2 创建ssl证书secret
kubectl -n devops create secret tls mydevweb-secret --key mydevweb.local.key --cert mydevweb.local.crt
1.3 Ingress-rule指定该secret
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-ingress
namespace: devops
spec:
ingressClassName: nginx
###新增tls的secret
tls:
- hosts:
- mydevweb.local
secretName: mydevweb-secret
###以上是tls配置
rules:
- host: mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dev-demo
port:
number: 8080
- host: jenkins.mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins-master
port:
number: 8080
1.4 验证https
分别访问https://mydevweb.local和https://jenkins.mydevweb.local
如果觉得不安全证书“显眼”,可以将其加入信任列表
参考文章:信任证书
再次访问就是“安全”的证书了
2、Basic Auth访问
2.1 httpd工具生成auth文件
yum install httpd-tools -y
#auth是认证文件,test是用户名
htpasswd -c auth test
kubectl -n devops create secret generic basic-auth --from-file=auth=auth
2.2 Ingress-rule指定basic-auth
cat > ingress-rule << EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dev-ingress
namespace: devops
annotations:
###添加basic注解
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
###以上为basic注解
spec:
ingressClassName: nginx
tls:
- hosts:
- mydevweb.local
secretName: mydevweb-secret
rules:
- host: mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dev-demo
port:
number: 8080
- host: jenkins.mydevweb.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: jenkins-master
port:
number: 8080
EOF
2.3 验证basic-auth
评论区