Jerrylou's Notes

labor for reward

0%

Kubernetes Ingress开启HTTPS

发表于 更新于 分类于 阅读次数:

为你的Ingress开启HTTPS支持, 使应用更加安全。Ingress支持HTTPS配置比较简单,这里使用私用证书进行配置,浏览器中会提示not secure,需要到服务商买权威的CA证书。

创建证书

1
2
3
4
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout dex.key -out dex.crt -subj "/CN=dex.sso/O=dex.sso"

$ cat dex.key | base64
$ cat dex.crt | base64

配置Secret

1
2
3
4
5
6
7
8
9
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN4RENDQWF3Q0NRRENzeHpHVTI5UFl6QU5CZ2txaGtpRzl3MEJBUXNGQURBa01SQXdEZ1lEVlFRRERBZGsKWlhndWMzTnZNUkF3RGdZRFZRUUtEQWRrWlhndWMzTnZNQjRYRFRFNE1EZ3dNakEzTkRFek5sb1hEVEU1TURndwpNakEzTkRFek5sb3dKREVRTUE0R0ExVUVBd3dIWkdWNExuTnpiekVRTUE0R0ExVUVDZ3dIWkdWNExuTnpiekNDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDJIeDBIQytDY3Q4TjhJNDVnRk1yNXYKV1d2SUZIY1hSTDRLeUc5dW91MlRZYVhNNHRSSjU2VGtXSzhLSUFnd1RnUkFSUnJhTjFuMzZuaGFpM0xOYWxRZgpYTWhLMUo5cXI3bklLLzlvYjdYU1UxTzlOR2NSeU1ldkVTcGJ2bmh4dFkzNnVuR3hwT3hidjFsM25Oa1NkRXYyCmN6bGFWd1U1VGwwTlZsTlNkcjZ1YmRYYS85MXhOUnJDZkFwNjcydDMyaVZNMXhyNkNESW9qOHVjL3AxQmpjYkcKTDROckcwNTZBWDRBREVYWGRrMEJISzM4d29yOENpcTFMSUhNVnpwQXJhRW1FRUxSUU9SbU1wY1htRWZiNjUzcQo3RmNPejVpRjVkVVZVVzN3TXJZSjUzUzB6ZjJZc2FlQ01pRzZzMUM5Znl0QnpwNHBzRXQreWpZcEhZUGlBUlVDCkF3RUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbmdSR0JrWjlhRGV5YjJ0YityMjJJK1N0ZlNHMzdEWFoKS3EzSnlyTTdjeUlacGRmRjBKdTlJWHA0Z1IwUFVhQzR1K2V6NG8vc0ZDaGtNcW5QUE93cTJrOTlPRXFSOTVrSgoydllDQ0ZnNVk4VklFTnNwdHpJQlZDdFBjRnlabnNiTENDMUFuRGVvZCt3aUJ3THhLWU1MN0oyeTNXd2RPZFp3ClJiWlBKT1NsL0FCZmdMV2kxMExQWTBUSmdjRXp3QU9VTUh2SnpXUXNzY2pTU0Z4clFHWXcyVDRFN1lvV3puWXEKYy9BTVA1NGhYbkhpWUp6QmZCR0hGMDErVm1KbExRK2VvcDJpSVBqdUc1OGdBdWlXMk5DTGtTdHNSRzREZ0VpdApWRUo0MVZETHp3UkZHbkNIb1FnZWt5YmJVZ0twb1VHMDYwTDBBcnZzZVlWTmFjWk5lNDVRQ0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQzloOGRCd3ZnbkxmRGYKQ09PWUJUSytiMWxyeUJSM0YwUytDc2h2YnFMdGsyR2x6T0xVU2VlazVGaXZDaUFJTUU0RVFFVWEyamRaOStwNApXb3R5eldwVUgxeklTdFNmYXErNXlDdi9hRysxMGxOVHZUUm5FY2pIcnhFcVc3NTRjYldOK3JweHNhVHNXNzlaCmQ1elpFblJMOW5NNVdsY0ZPVTVkRFZaVFVuYStybTNWMnYvZGNUVWF3bndLZXU5cmQ5b2xUTmNhK2dneUtJL0wKblA2ZFFZM0d4aStEYXh0T2VnRitBQXhGMTNaTkFSeXQvTUtLL0FvcXRTeUJ6RmM2UUsyaEpoQkMwVURrWmpLWApGNWhIMit1ZDZ1eFhEcytZaGVYVkZWRnQ4REsyQ2VkMHRNMzltTEduZ2pJaHVyTlF2WDhyUWM2ZUtiQkxmc28yCktSMkQ0Z0VWQWdNQkFBRUNnZ0VBZWZ1ZG54R2hMWFpBQlF4dmp6UXBTSy9aMmFqWW94MXl2TzJydXl4MTZIcG0KNnBOSG1tSkdtTFh1N2htU0xETUt3Mm1xRUhKS0ZibWVTdi9icUhQVTczZVArOGxOdDV5dXBOL1VrWG5pREIvbQpTWXNJNHgxcklEbm96bDVsNUpjcXhzcU1uUWc4b1hNYllMVy9XV2FyT3dqUGVDWlF3NmZ5YTZsZDJockZHa3VGCldESTM3dGtqdjJJNHJRdW1IZFk0VUoyUzNOL3JlL2NnUkZVVDBhbXpabVN5T0V6WmloMHU5U28xK2w0R0ZtQTgKeGNHTjVCZUIxMzBzdlp3UExRRXJxdXJiTFFwN3Yzd2Fkb2phOGJzVGFHd1hyNFlMWWpXVnhFVWhZcHZXZFhBRwpLK05jNU9xMlFaanRSa29kVEltNXFjQUpSSU5mU1JIYkhQUWdTNHFGQVFLQmdRRHNwM3ZqZWRuOHJDOHI2cWJ2CldiYzlPeDREOVJRVUVvSll4MlpBSFZObEhtdU5YNk9WaG1XaDFibkdDbDN6T2ZJQU11bm1GZ2Uwc24zTVF2aVYKbU5aWEg3YVRpLytyYXNPUVdSajZiSHNDWEEyR0ZCV3A2QlJCbjdRbHdxaGFEblpYYnR6bHZ0aXJqZnJsTUhoTgp2RGtLT3pxcFN1bjdSaTcraWpsZDk4SU1oUUtCZ1FETkJoK0JMaWFWaDl3cTZZc0JNNHMzQ0JyWkd2VHVKdmNPClBBcm1MUVB6K2VaTGNOMDlQNXBCR2t2S1dBQUEyY2FUdDRKUmp3VHpxZjFzOHhwR3FWb1JmRjdlZWxXMzQwb1AKVFdQcVNndHpGSkV4and2cmZ2WXhpWlFlSmY0MVBTNFFMbUJqSWhUYU5JZUdvUTFhc0NCTkdqWDdYeEZkSElOMApxNkFpL05OUFVRS0JnRTRrWDN3VldDMWVqWlRxdm9SNkUwOWNuZVNnb0NpZ2svbk1uYTYrQURON2YvZ0doSFZ6CkUwd0V6bnJlSVhlV3dwbmVOZTJMaUsvWjRELzZQU3JvZEo0QUVzRlZrTzZCS21JWGlXL25NaGJ0WG1uUFovZmEKY2hYWkxocnAwNzBvMlZxMWVLdEVBVGRrZ2x2N1RUNGQwSmZZUnQ1dnBpTWFZWm9hK2laVkVQWWhBb0dBSHVGUQpOM1hMQy9TbG5iVUZZYzN3cHY1S2hPN0JlMmxWQnNqV1gycmlVSW9RUE1hb0hBU0xhRWpjcDRKdnBiRW5ickpTCko1U2lDMDFNUlcrc1FuNVplWTdBLzBOdnk3MnBOdnJTRk1USVNySUxXR3FTUWdzaWE3MnNHSXBpYW9SbmZycHQKZkNEekFSYXVYd0c4OEM3Yy9wLzNCNEIvTGdZUWFxODY5R29lTGJFQ2dZQVB5NU1heXVTRUFEaTdyZHVJcVArZgp4amw5elhwMGpZa2RtOCtmNVhhdGlIaFl6STBzaHdsZHBXcU85R1NoR2VMVi9Md2d1bVFhQlRCa3Bta0JSOFlGCkQzbmhCQ0hjaDVIeEd0UkVzWnlRUjJtNXhhRGhVL2NYc3ZFVjBBcmRUeVl3S0VlTStlSnVXYTl1THdQM2VKeEMKbFFXSXNUbm9EQUpzWUE4NFJST2dMdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
  name: sso-secret
  namespace: sso
type: Opaque

配置Ingress

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dex
  namespace: sso
spec:
  tls:
  - secretName: sso-secret
  rules:
  - host: dex.sso
    http:
      paths:
      - backend:
          serviceName: dex
          servicePort: 80
        path: /

Okay,配置完成。