原文链接
为非http的application实现https
1
| kubectl create cm hello-sidecar-nginx-conf --from-file=nginx.conf=./nginx.conf
|
We are using the “ — from-file=key=filename” format, so the configMap and secret have the key fields specified as what we have defined.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| ---
apiVersion: v1
kind: Service
metadata:
name: hello
labels:
app: hello
spec:
type: NodePort
ports:
- port: 443
targetPort: 443
protocol: TCP
name: https
selector:
app: hello
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
labels:
app: hello
spec:
replicas: 1
selector:
matchLabels:
app: hello
template:
metadata:
labels:
app: hello
spec:
containers:
- name: hello
image: zhiminwen/hello:v1
imagePullPolicy: IfNotPresent
env:
- name: LISTENING_PORT
value: "8080"
- name: tls-sidecar
image: nginx
imagePullPolicy: IfNotPresent
volumeMounts:
- name: secret-volume
mountPath: /app/cert
- name: config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: secret-volume
secret:
secretName: hello-sidecar-nginx-certs
items:
- key: hello-server-cert
path: hello-server.pem
- key: hello-server-key
path: hello-server-key.pem
- name: config-volume
configMap:
name: hello-sidecar-nginx-conf
|