1 导出证书
由于给的证书是pfx的,所以需要先导出证书。
openssl pkcs12 -in zs.pfx -nocerts -out ./zs.key -nodes
# 输入密码
openssl pkcs12 -in zs.pfx -clcerts -nokeys -out ./zs.crt
# 输入密码
2 制作镜像
-
Dockerfile
#使用官方nginx基础镜像 FROM nginx:1.27.2 #复制前端文件到容器 COPY dist /usr/share/nginx/html #复制证书到容器 COPY zs.crt /usr/share/nginx/crt/zs.crt COPY zs.key /usr/share/nginx/crt/zs.key #暴露80端口 EXPOSE 80 #设置时区 RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo 'Asia/Shanghai' >/etc/timezone #设置编码 ENV LANG C.UTF-8 #容器启动时自动运行Nginx CMD ["nginx","-g","daemon off;"] -
构建镜像并推送
# 上传镜像 docker build -t dockerhub地址/library/nginx:1.0 . docker push dockerhub地址/library/nginx:1.0
3 k8s部署
-
SVC
kind: Service apiVersion: v1 metadata: name: nginx namespace: evay-api-gateway labels: app: nginx annotations: kubesphere.io/creator: admin spec: ports: - name: http-0 protocol: TCP port: 80 targetPort: 80 nodePort: 30555 selector: app: nginx clusterIP: 10.96.75.195 clusterIPs: - 10.96.75.195 type: NodePort sessionAffinity: None externalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack internalTrafficPolicy: Cluster -
ConfigMap
kind: ConfigMap apiVersion: v1 metadata: name: nginx namespace: evay-api-gateway annotations: kubesphere.io/creator: admin data: default.conf: | client_max_body_size 1024m; server { listen 80 ssl; server_name localhost; access_log /var/log/nginx/host.access.log main; error_log /var/log/nginx/error.log error; gzip_static on; ssl_certificate /usr/share/nginx/crt/zs.crt; ssl_certificate_key /usr/share/nginx/crt/zs.key; ssl_stapling on; ssl_stapling_verify on; location / { proxy_set_header Host $http_host; proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://ip:port/; } } -
Deployment
kind: Deployment apiVersion: apps/v1 metadata: name: nginx namespace: evay-api-gateway labels: app: nginx annotations: deployment.kubernetes.io/revision: '2' kubesphere.io/creator: admin spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: creationTimestamp: null labels: app: nginx annotations: kubesphere.io/creator: admin kubesphere.io/imagepullsecrets: '{}' logging.kubesphere.io/logsidecar-config: '{}' spec: volumes: - name: host-time hostPath: path: /etc/localtime type: '' - name: volume-pbptas configMap: name: nginx defaultMode: 420 containers: - name: nginx image: 'dockerhub地址/library/nginx:1.0' ports: - name: http-0 containerPort: 80 protocol: TCP resources: limits: cpu: 500m memory: 512Mi volumeMounts: - name: host-time readOnly: true mountPath: /etc/localtime - name: volume-pbptas readOnly: true mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf terminationMessagePath: /dev/termination-log terminationMessagePolicy: File imagePullPolicy: IfNotPresent restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst serviceAccountName: default serviceAccount: default securityContext: {} schedulerName: default-scheduler strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 25% revisionHistoryLimit: 10 progressDeadlineSeconds: 600
