我一直在做本教程中的步骤:在Azure Kubernetes服务(AKS(中创建具有静态公共IP地址的入口控制器
当我完成教程时,我可以浏览到静态ip的DNS名称标签:https://demo-aks-ingress.eastus.cloudapp.azure.com
我不知道的是,比方说我有一个子域hello.john.com。我如何配置子域的DNS以指向https://demo-aks-ingress.eastus.cloudapp.azure.com所以它将与我在上面的AKS教程中设置的https和letsencrypt一起工作?
基于k8s github repo上的这个问题评论,如果您执行以下操作,它看起来应该可以工作:
- 为
hello.john.com域创建CNAME记录并将其指向demo-aks-ingress.eastus.cloudapp.azure.com - 将第二个域添加到ingress(以便ingress知道如何路由它(
- 将第二个域添加到证书对象(这样证书管理器就可以为该域生成有效的证书(
入口部件:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/server-alias: "hello.john.com" #👈
spec:
tls:
- hosts:
- demo-aks-ingress.eastus.cloudapp.azure.com
- hello.john.com #👈
secretName: tls-secret
rules:
- host: demo-aks-ingress.eastus.cloudapp.azure.com
http:
paths:
- backend:
serviceName: aks-helloworld
servicePort: 80
path: /hello-world-one(/|$)(.*)
- backend:
serviceName: ingress-demo
servicePort: 80
path: /hello-world-two(/|$)(.*)
- backend:
serviceName: aks-helloworld
servicePort: 80
path: /(.*)
文件:
- 服务器别名注释
- tls.hosts字段描述
证书部分:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tls-secret
namespace: ingress-basic
spec:
secretName: tls-secret
dnsNames:
- demo-aks-ingress.eastus.cloudapp.azure.com
- hello.john.com #👈
acme:
config:
- http01:
ingressClass: nginx
domains:
- demo-aks-ingress.eastus.cloudapp.azure.com
- hello.john.com #👈
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
文件:
- dnsNames字段描述