hongming 請問我要先去安裝配置 ingress 對吧?

    有沒有ingress教學? 我cert manager 那些都搞成功了

    hongming 做出來了但我的都會導像nginx

    ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
NAME                                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                        AGE
coredns                                              ClusterIP   10.233.0.3      <none>        53/UDP,53/TCP,9153/TCP         3d5h
kubelet                                              ClusterIP   None            <none>        10250/TCP,10255/TCP,4194/TCP   54m
nginx-ingress-ingress-nginx-controller               NodePort    10.233.19.212   <none>        80:31652/TCP,443:30443/TCP     35m
nginx-ingress-ingress-nginx-controller-admission     ClusterIP   10.233.1.84     <none>        443/TCP                        35m
whizard-monitoring-agent-k-coredns                   ClusterIP   None            <none>        9153/TCP                       54m
whizard-monitoring-agent-k-kube-controller-manager   ClusterIP   None            <none>        10257/TCP                      54m
whizard-monitoring-agent-k-kube-scheduler            ClusterIP   None            <none>        10259/TCP                      54m

        cici

        ingress 得关联域名来使用,通常不会直接用 ip

        • cici 回复了此帖

            • Ccici

              • 发布 #10

              hongming 所以我沒辦法做成是https://192.168.1.3:30880去訪問嗎

                  cici

                  需要额外的配置

                    • Ccici

                      • 发布 #12

                      @hongming Hi,您是用 lb,但我的是nodeport

                      • Ccici

                        • 发布 #13

                        請問您是怎麼做到的
                        我剛剛是

                        1. helm install ingress
                        2. helm install cert-manager 用 letsEncrypt
                          接著就開始亂掉了

                        • Ccici

                          • 发布 #14

                          有人可以協助嗎?卡在這個地方一直沒辦法接續

                          • Ccici

                            • 发布 #15

                            @hongming 請問能夠分享詳細步驟嗎 謝謝

                            • hongmingK零SK壹S

                            • 发布 #16
                            • 已编辑

                            @cici 我前面回复中涉及的截图就已经包含所有的步骤了

                            获取到 ingress controller 的访问地址

                            nginx-ingress-ingress-nginx-controller               NodePort    10.233.19.212   <none>        80:31652/TCP,443:30443/TCP     35m

                            把域名解析到 node ip,通过 nginx svc 443 关联的 node port 访问,比如 192.168.1.3.nip.io:30443

                            ks-core 配置启用 ingress,配置好域名和端口(ingress controller 的访问入口)

                            helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
  --set portal.hostname=192.168.1.3.nip.io \
  --set ingress.enabled=true \
  --set portal.https.port=30443

                            重点是--set portal.hostname=192.168.1.3.nip.ioportal.https.port=30443 这俩配置

                            最后通过 https://192.168.1.3.nip.io:30443 来访问

                              • Ccici

                                • 发布 #17
                                • 已编辑

                                hongming
                                Hi,
                                我重新做了一次,現在卡在 ingress 要怎麼加上 tls?
                                我的作法:

                                ##安装 ingress-nginx controller
helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace

##安装 cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
kubectl create namespace cert-manager
helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false --set crds.enabled=true

##創建 ClusterIssuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: abc@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx


kubectl apply -f cluster-issuer.yaml
                                ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   111m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kubesphere-system get svc
NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
extensions-museum       ClusterIP   10.233.21.70    <none>        443/TCP        52m
ks-apiserver            ClusterIP   10.233.44.157   <none>        80/TCP         52m
ks-console              NodePort    10.233.45.63    <none>        80:30880/TCP   52m
ks-controller-manager   ClusterIP   10.233.48.223   <none>        443/TCP        52m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n ingress-nginx get svc
NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.233.46.50   <none>        80:30301/TCP,443:30441/TCP   96m
ingress-nginx-controller-admission   ClusterIP   10.233.27.26   <none>        443/TCP                      96m
                                kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: ks-console-ingress
  namespace: kubesphere-system
  creationTimestamp: '2025-02-17T06:38:52Z'
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/ssl-redirect":"true"},"name":"ks-console-ingress","namespace":"kubesphere-system"},"spec":{"ingressClassName":"nginx","rules":[{"host":"ks.local","http":{"paths":[{"backend":{"service":{"name":"ks-console","port":{"number":30880}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["ks.local"],"secretName":"kubesphere-tls"}]}}
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  defaultBackend:
    service:
      name: ks-console
      port:
        number: 80
  ingressClassName: nginx
  rules:
  - host: ks.local
    http:
      paths:
      - backend:
          service:
            name: ks-console
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - ks.local
    secretName: kubesphere-tls
status:
  loadBalancer:
    ingress:
    - ip: 10.233.46.50

                                請問我下一步該怎麼辦

                                  cici portal.hostname 配置为 192.168.1.3.nip.io 就可以了

                                  也可以直接修改

                                  kubectl -n kubesphere-system edit ingress ks-console
                                      15 天 后

                                      • Ccici

                                        • 发布 #21

                                        @hongming 您好,請問像是插件DevOps 原本開30180 nodeport,也能夠用nginx-ingress反向代理讓他https可訪問嗎