AWS EKS使用NLB安装Nginx Ingress Controller, 部署ACM免费使用SSL
参考视频: https://youtu.be/gvKi7wZHbLU?si=H3C11xlhe4UoCdpF&t=1385
(直接跳到Nginx controller使用ACM的教程)
【普通Nginx Controller】
文档:https://kubernetes.github.io/ingress-nginx/deploy/#network-load-balancer-nlb
执行以下这个命令即可
【在Nginx controller 使用ACM】
- 创建ACM, 由于在Nginx Controller 当中只能添加一个ACM的ARN地址,所以如果你有多个domain的话,如下图,必须在创建的时候添加多个domain,然后使用cname进行验证
2. 根据文档 执行以下的步骤就能创建完成了
参考文档: https://kubernetes.github.io/ingress-nginx/deploy/#tls-termination-in-aws-load-balancer-nlb
【IPv6部署方法】
参考AWS Load Balancer Annotation文档:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/annotations/#load-balancer-attributes
1. CIDR 改成IPv6的版本
2. ipFamilies改成IPv6 和添加dualstack语句
service.beta.kubernetes.io/aws-load-balancer-ip-address-type: 'dualstack'
3. 根据annotation文档写着,cross zone的写法将会淘汰,所以我们改成以下写法,NLB使用CrossZone是需要为跨AZ的流量付费的详情参考这里
service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
【部署Phpmyadmin】
以下的yaml文件是创建phpmymind, 无需在ingress做任何配置,就能直接使用https了
注意:旧版需要在ingress annotation指定使用NGINX,但是新版本使用了ingressClassName
参考文档:https://stackoverflow.com/questions/73915526/kubernetes-ingress-kubernetes-io-ingress-class-vs-ingressclassname
apiVersion: v1
kind: Namespace
metadata:
name: phpmyadmin2
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: phpmyadmin2
name: phpmyadmin-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: '0'
nginx.ingress.kubernetes.io/proxy-read-timeout: '600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '600'
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
rules:
- host: rds.pangzai.win
http:
paths:
- backend:
service:
name: phpmyadmin-service
port:
number: 80
path: /database(/|$)(.*)
pathType: ImplementationSpecific
---
apiVersion: v1
kind: Service
metadata:
namespace: phpmyadmin2
name: phpmyadmin-service
spec:
selector:
app: phpmyadmin_app
ports:
- name: "phpmyadmin80"
protocol: TCP
port: 80
targetPort: 80
clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: phpmyadmin2
name: phpmyadmin-deployment
labels:
app: phpmyadmin
spec:
replicas: 1
selector:
matchLabels:
app: phpmyadmin_app
template:
metadata:
labels:
app: phpmyadmin_app
spec:
containers:
- name: phpmyadmin
image: phpmyadmin:latest
imagePullPolicy: Always
ports:
- containerPort: 80
env:
- name: PMA_HOST
value: database-1.c10866eoyd4v.ap-southeast-1.rds.amazonaws.com
- name: PMA_PORT
value: "3306"
- name: UPLOAD_LIMIT
value: 500M
- name: PMA_ABSOLUTE_URI
value: https://rds.pangzai.win/database/