我一直在执行本教程中的步骤: Create an ingress controller with a static public IP address in Azure Kubernetes Service (AKS)
完成本教程后,我可以浏览到静态 ip 的 DNS 名称标签: https://demo-aks-ingress.eastus.cloudapp.azure.com
我不明白的是,假设我有一个子域 hello.john.com。如何将子域的 DNS 配置为指向 https://demo-aks-ingress.eastus.cloudapp.azure.com,以便它可以与我在上面的 AKS 教程中设置的 https 和 letencrypt 一起使用?
【问题讨论】:
标签: kubernetes kubernetes-ingress azure-aks
基于 k8s github repo 上的this issue comment,如果您执行以下操作,它看起来应该可以工作:
hello.john.com 域创建一个CNAME 记录并将其指向demo-aks-ingress.eastus.cloudapp.azure.com
入口部分:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/server-alias: "hello.john.com" #?
spec:
tls:
- hosts:
- demo-aks-ingress.eastus.cloudapp.azure.com
- hello.john.com #?
secretName: tls-secret
rules:
- host: demo-aks-ingress.eastus.cloudapp.azure.com
http:
paths:
- backend:
serviceName: aks-helloworld
servicePort: 80
path: /hello-world-one(/|$)(.*)
- backend:
serviceName: ingress-demo
servicePort: 80
path: /hello-world-two(/|$)(.*)
- backend:
serviceName: aks-helloworld
servicePort: 80
path: /(.*)
文档:
证书部分:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tls-secret
namespace: ingress-basic
spec:
secretName: tls-secret
dnsNames:
- demo-aks-ingress.eastus.cloudapp.azure.com
- hello.john.com #?
acme:
config:
- http01:
ingressClass: nginx
domains:
- demo-aks-ingress.eastus.cloudapp.azure.com
- hello.john.com #?
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
文档:
【讨论】: