Open zking2000 opened 1 month ago
gcloud container clusters update private-cluster --zone=asia-east1 --gateway-api=standard
gcloud compute networks subnets create proxy-only-subnet \ --purpose=REGIONAL_MANAGED_PROXY \ --role=ACTIVE \ --region=asia-east1 \ --network=gke-network \ --range=192.168.1.0/24
2.3 创建gateway
apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: name: my-gateway spec: gatewayClassName: gke-l7-rilb listeners: - name: https protocol: HTTPS port: 443 tls: mode: Terminate certificateRefs: - kind: Secret name: secret-ingress namespace: default allowedRoutes: kinds: - kind: HTTPRoute
kubectl create secret tls secret-ingress --cert=fullchain.pem --key=privkey.pem
kubectl create secret generic secret-ssl --from-file=fullchain.pem=fullchain.pem --from-file=privkey.pem=privkey.pem
ubectl create cm ssl-config --from-file=default.conf
# default.conf
server { listen 80; server_name nginx.stephende.top;
location /health { return 301 https://$host$request_uri; }
}
server { listen 443 ssl; server_name nginx.stephende.top;
ssl_certificate /opt/nginx/ssl/fullchain.pem; ssl_certificate_key /opt/nginx/ssl/privkey.pem; location /health { root /usr/share/nginx/html; try_files /index.html =404; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; }
3.4 创建deployment `kubectl create deploy nginx --image=nginx --replicas=1` 3.5 创建service
apiVersion: v1 kind: Service metadata: annotations: cloud.google.com/load-balancer-type: Internal labels: app: nginx name: nginx namespace: default spec: clusterIP: 10.62.120.159 clusterIPs:
4. 创建httproute
apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: my-route labels: gateway: my-gateway namespace: default spec: parentRefs:
5. 创建healthcheckpolicy
apiVersion: networking.gke.io/v1 kind: HealthCheckPolicy metadata: name: my-hc namespace: default spec: default: logConfig: enabled: true config: type: HTTPS httpsHealthCheck: port: 8443 requestPath: /health targetRef: group: "" kind: Service name: nginx
gcloud container clusters update private-cluster --zone=asia-east1 --gateway-api=standard
2.2 创建代理专用子网2.3 创建gateway
kubectl create secret tls secret-ingress --cert=fullchain.pem --key=privkey.pem
3.2 创建secretkubectl create secret generic secret-ssl --from-file=fullchain.pem=fullchain.pem --from-file=privkey.pem=privkey.pem
3.3 创建configmapubectl create cm ssl-config --from-file=default.conf
HTTP server
server { listen 80; server_name nginx.stephende.top;
}
HTTPS server
server { listen 443 ssl; server_name nginx.stephende.top;
}
apiVersion: v1 kind: Service metadata: annotations: cloud.google.com/load-balancer-type: Internal labels: app: nginx name: nginx namespace: default spec: clusterIP: 10.62.120.159 clusterIPs:
apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: my-route labels: gateway: my-gateway namespace: default spec: parentRefs:
apiVersion: networking.gke.io/v1 kind: HealthCheckPolicy metadata: name: my-hc namespace: default spec: default: logConfig: enabled: true config: type: HTTPS httpsHealthCheck: port: 8443 requestPath: /health targetRef: group: "" kind: Service name: nginx