search

zking2000 / NotePad

1 stars 0 forks source link

部署GKE Internal Gateway #16

Open zking2000 opened 1 month ago

zking2000 commented 1 month ago
  1. 创建GKE Cluster
  2. 创建Gateway 2.1. 给现有的cluster启用gateway gcloud container clusters update private-cluster --zone=asia-east1 --gateway-api=standard 2.2 创建代理专用子网 
    gcloud compute networks subnets create proxy-only-subnet \
    --purpose=REGIONAL_MANAGED_PROXY \
    --role=ACTIVE \
    --region=asia-east1 \
    --network=gke-network \
    --range=192.168.1.0/24

    2.3 创建gateway

    apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
spec:
gatewayClassName: gke-l7-rilb
listeners:
- name: https
protocol: HTTPS
port: 443
tls:
  mode: Terminate
  certificateRefs:
  - kind: Secret
    name: secret-ingress
    namespace: default
allowedRoutes:
  kinds:
  - kind: HTTPRoute
  3. 创建负载 3.1 创建tls secret kubectl create secret tls secret-ingress --cert=fullchain.pem --key=privkey.pem 3.2 创建secret kubectl create secret generic secret-ssl --from-file=fullchain.pem=fullchain.pem --from-file=privkey.pem=privkey.pem 3.3 创建configmap ubectl create cm ssl-config --from-file=default.conf 
    
# default.conf

HTTP server

server { listen 80; server_name nginx.stephende.top;

location /health {
    return 301 https://$host$request_uri;
}

}

HTTPS server

server { listen 443 ssl; server_name nginx.stephende.top;

ssl_certificate     /opt/nginx/ssl/fullchain.pem;
ssl_certificate_key /opt/nginx/ssl/privkey.pem;

location /health {
    root   /usr/share/nginx/html;
    try_files /index.html =404;
}

error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}

}

3.4 创建deployment
`kubectl create deploy nginx --image=nginx --replicas=1`
3.5 创建service

apiVersion: v1 kind: Service metadata: annotations: cloud.google.com/load-balancer-type: Internal labels: app: nginx name: nginx namespace: default spec: clusterIP: 10.62.120.159 clusterIPs: