請問 v4.1.2 KubeSphere console 如何使用 https 訪問
請問您是怎麼做到的
我剛剛是
- helm install ingress
- helm install cert-manager 用 letsEncrypt
接著就開始亂掉了
有人可以協助嗎?卡在這個地方一直沒辦法接續
hongmingK零SK壹S- 已编辑
@cici 我前面回复中涉及的截图就已经包含所有的步骤了
获取到 ingress controller 的访问地址
nginx-ingress-ingress-nginx-controller NodePort 10.233.19.212 <none> 80:31652/TCP,443:30443/TCP 35m把域名解析到 node ip,通过 nginx svc 443 关联的 node port 访问,比如 192.168.1.3.nip.io:30443
ks-core 配置启用 ingress,配置好域名和端口(ingress controller 的访问入口)
helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
--set portal.hostname=192.168.1.3.nip.io \
--set ingress.enabled=true \
--set portal.https.port=30443重点是--set portal.hostname=192.168.1.3.nip.io 和 portal.https.port=30443 这俩配置
最后通过 https://192.168.1.3.nip.io:30443 来访问
- 已编辑
hongming
Hi,
我重新做了一次,現在卡在 ingress 要怎麼加上 tls?
我的作法:
##安装 ingress-nginx controller
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
##安装 cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
kubectl create namespace cert-manager
helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false --set crds.enabled=true
##創建 ClusterIssuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: abc@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
kubectl apply -f cluster-issuer.yamlets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 111m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kubesphere-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
extensions-museum ClusterIP 10.233.21.70 <none> 443/TCP 52m
ks-apiserver ClusterIP 10.233.44.157 <none> 80/TCP 52m
ks-console NodePort 10.233.45.63 <none> 80:30880/TCP 52m
ks-controller-manager ClusterIP 10.233.48.223 <none> 443/TCP 52m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n ingress-nginx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.233.46.50 <none> 80:30301/TCP,443:30441/TCP 96m
ingress-nginx-controller-admission ClusterIP 10.233.27.26 <none> 443/TCP 96mkind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: ks-console-ingress
namespace: kubesphere-system
creationTimestamp: '2025-02-17T06:38:52Z'
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/ssl-redirect":"true"},"name":"ks-console-ingress","namespace":"kubesphere-system"},"spec":{"ingressClassName":"nginx","rules":[{"host":"ks.local","http":{"paths":[{"backend":{"service":{"name":"ks-console","port":{"number":30880}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["ks.local"],"secretName":"kubesphere-tls"}]}}
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
defaultBackend:
service:
name: ks-console
port:
number: 80
ingressClassName: nginx
rules:
- host: ks.local
http:
paths:
- backend:
service:
name: ks-console
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- ks.local
secretName: kubesphere-tls
status:
loadBalancer:
ingress:
- ip: 10.233.46.50請問我下一步該怎麼辦
訪問
