k8s配置apisix https路由
时间: 2023-11-01 21:17:27 浏览: 80
要在Kubernetes中配置API Gateway,可以使用Apache APISIX。以下是在Kubernetes中配置Apache APISIX的步骤。
1. 首先,需要创建一个Kubernetes Service和Deployment来托管Apache APISIX。使用以下YAML文件:
```
apiVersion: v1
kind: Service
metadata:
name: apisix
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
selector:
app: apisix
ports:
- protocol: TCP
port: 9080
targetPort: 9080
- protocol: TCP
port: 9443
targetPort: 9443
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apisix
spec:
replicas: 1
selector:
matchLabels:
app: apisix
template:
metadata:
labels:
app: apisix
spec:
containers:
- name: apisix
image: "apache/apisix:2.9-alpine"
imagePullPolicy: Always
ports:
- containerPort: 9080
- containerPort: 9443
name: https
volumeMounts:
- name: conf
mountPath: /usr/local/apisix/conf/
- name: logs
mountPath: /usr/local/apisix/logs/
volumes:
- name: conf
configMap:
name: apisix-config
- name: logs
emptyDir: {}
```
2. 接下来,需要创建一个ConfigMap来管理Apache APISIX的配置文件。您可以在ConfigMap中指定API Gateway的路由规则和其他配置。以下是示例YAML文件:
```
apiVersion: v1
kind: ConfigMap
metadata:
name: apisix-config
data:
config.yaml: |
node_listen:
- 0.0.0.0:9080
- 0.0.0.0:9443 ssl http2
log:
level: debug
plugins:
- "cors"
- "prometheus"
- "jwt-auth"
stream_log:
enable: true
log_dir: logs/stream_log/
http_log:
enable: true
log_dir: logs/http_log/
ssl:
cert: conf/apisix.crt
key: conf/apisix.key
admin:
enable_admin: true
https_cert: conf/apisix.crt
https_key: conf/apisix.key
listen_address: 0.0.0.0:9180
auth:
basic_auth_user_file: conf/admin
plugins_config:
prometheus:
enable: true
listen: 0.0.0.0:9145
jwt-auth:
enable: true
key: "apisix_secret"
cors:
enable: true
limit-count:
enable: true
count: 10
time_window: 60
limit-conn:
enable: true
conn: 100
error-log:
enable: true
level: error
```
3. 完成上述步骤后,您可以使用Kubernetes Ingress对象配置Apache APISIX的路由规则。以下是示例YAML文件:
```
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: apisix-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: apisix.example.com
http:
paths:
- path: /hello
backend:
serviceName: helloworld
servicePort: 80
```
在上面的示例中,我们使用Ingress对象将/apisix/hello路径映射到名为helloworld的Kubernetes Service。
4. 最后,您需要在Kubernetes中创建一个Secret对象,其中包含Apache APISIX的SSL证书和密钥。以下是示例YAML文件:
```
apiVersion: v1
kind: Secret
metadata:
name: apisix-secret
type: kubernetes.io/tls
data:
tls.crt: <base64-encoded-certificate>
tls.key: <base64-encoded-private-key>
```
在上面的示例中,我们将证书和密钥存储为Secret对象的数据字段。
完成上述步骤后,您现在可以通过访问Ingress对象的公共IP地址或域名来测试API Gateway。请确保将SSL证书和密钥正确配置,并使用有效的路由规则。
相关推荐
![doc](https://img-home.csdnimg.cn/images/20210720083327.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)