基于k8s的Ingress部署hexo博客(http和https)
< 返回列表时间: 2019-10-20来源:OSCHINA
注:kuberntes版本为1.15
什么是 Ingress
Ingress 是一个提供对外服务的路由和负载均衡器,其本质是个nginx控制器服务。
k8s文档上Ingress经典数据链路图: internet | [ Ingress ] --|-----|-- [ Services ]
对博客进行改造
构建Dockefile
先容器化整个Hexo项目,构建 Dockefile ,这里采用nginx + 静态资源的形式部署(主要为了节约内存CPU): FROM nginx:1.13.0-alpine LABEL maintainer="hexo-shikanon-blog <shikanon@tensorbytes.com>" # 装载编译后的文件对外访问 COPY ./public /usr/share/nginx/html
构建Deployment
构建一个 Deployment 服务将其部署上kubernetes: apiVersion: apps/v1 kind: Deployment metadata: name: nginx-hexo-blog-delopyment labels: webtype: staticblog spec: replicas: 2 selector: matchLabels: webtype: staticblog template: metadata: labels: webtype: staticblog function: blog spec: containers: - name: hexo-blog image: nginx-hexo-blog:0.0.1 ports: - containerPort: 80
构建Service暴露服务端口
构建一个 Service 暴露统一的服务端口: apiVersion: v1 kind: Service metadata: name: static-blog spec: selector: webtype: staticblog ports: - protocol: TCP port: 80 targetPort: 80 # deployment的端口,
这里创建一个名称为 "static-blog" 的 Service 对象,它会将请求代理到使用 TCP 端口 targetPort,并且具有标签 "webtype: staticblog" 的 Pod 上。
查看端口信息: $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.13.0.1 <none> 443/TCP 10d static-blog ClusterIP 10.13.83.44 <none> 80/TCP 8h
测试端口是否可以访问: $ curl -I 10.13.83.44 HTTP/1.1 200 OK Server: nginx/1.13.0 Date: Wed, 16 Oct 2019 16:51:13 GMT Content-Type: text/html Content-Length: 71636 Last-Modified: Mon, 29 Jul 2019 19:25:29 GMT Connection: keep-alive ETag: "5d3f4829-117d4" Accept-Ranges: bytes
构建Ingress服务
最后一步,构建 Ingress 服务对外部提供服务和反向代理: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: reverse-proxy annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: www.shikanon.com http: paths: - backend: serviceName: static-blog servicePort: 80
完成!
构建HTTPS网站
用secret类型对象保存密钥数据
Secret 对象类型用来保存敏感信息,例如密码、OAuth 令牌和 ssh key,其中 ssh key 就是一个经典的应用。
Secret 参数用例: kubectl create secret -h Create a secret using specified subcommand. Available Commands: docker-registry Create a secret for use with a Docker registry generic Create a secret from a local file, directory or literal value tls Create a TLS secret Usage: kubectl create secret [flags] [options]
创建 Secret 加密对象: kubectl create secret tls shikanon-ssh-key-secret --cert=/home/shikanon/web/www/ssl/cert.pem --key=/home/shikanon/web/www/ssl/private.key
修改Ingress: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: reverse-proxy annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: www.shikanon.com http: paths: - backend: serviceName: static-blog servicePort: 80 tls: - hosts: - www.shikanon.com secretName: shikanon-ssh-key-secret
注:一个Ingress只能支持一个tls
热门排行