为所有服务配置域名
kubectl edit configmap config-domain -n knative-serving
apiVersion: v1
data:
yht.com: "" # 写你要配置的域名查看域名
在创建完应用之后会自动创建域名
[root@ip-172-17-11-227 ~]# kn service list
NAME URL LATEST AGE CONDITIONS READY REASON
demoapp http://demoapp.default.yht.com demoapp-00001 20h 3 OK / 3 True
[root@ip-172-17-11-227 ~]# kubectl get vs
NAME GATEWAYS HOSTS AGE
demoapp-ingress ["knative-serving/knative-ingress-gateway","knative-serving/knative-local-gateway"] ["demoapp.default","demoapp.default.yht.com","demoapp.default.svc","demoapp.default.svc.cluster.local"] 20h
demoapp-mesh ["mesh"] ["demoapp.default","demoapp.default.svc","demoapp.default.svc.cluster.local"] 20h
[root@ip-172-17-11-227 ~]# kn route list
NAME URL READY
demoapp http://demoapp.default.yht.com True
[root@ip-172-17-11-227 ~]# kubectl get route
NAME URL READY REASON
demoapp http://demoapp.default.yht.com True为所有服务配置域名格式
kubectl edit cm config-network -n knative-serving
apiVersion: v1
data:
_example: # 删除此行注释
domain-template: '{{.Name}}.{{.Namespace}}.{{.Domain}}' # 将此行改成domain-template: '{{.Name}}.{{.Domain}}'创建服务验证
[root@ip-172-17-11-227 ~]# kn service create demoapptest --image=ikubernetes/demoapp:v1.0
Warning: Kubernetes default value is insecure, Knative may default this to secure in a future release: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation, spec.template.spec.containers[0].securityContext.capabilities, spec.template.spec.containers[0].securityContext.runAsNonRoot, spec.template.spec.containers[0].securityContext.seccompProfile
Creating service 'demoapptest' in namespace 'default':
0.062s The Route is still working to reflect the latest desired specification.
0.080s ...
0.121s Configuration "demoapptest" is waiting for a Revision to become ready.
2.405s ...
2.471s Ingress has not yet been reconciled.
2.570s Waiting for load balancer to be ready
2.747s Ready to serve.
Service 'demoapptest' created to latest revision 'demoapptest-00001' is available at URL:
http://demoapptest.yht.com # 可以看到域名格式已经更新配置单个域名
配置自动创建 ClusterDomainClaims
kubectl edit cm config-network -n knative-serving
apiVersion: v1
data:
autocreate-cluster-domain-claims: "true" # 将false改成true创建ssl secret
kubectl create secret tls yht-domain-sll --cert=/root/yht.pem --key=path/root/yht.keyyaml创建
apiVersion: serving.knative.dev/v1alpha1
kind: DomainMapping
metadata:
name: hello.yht.com # 设置服务域名。实际业务中需替换成您自己的服务域名。
namespace: default # 设置命名空间,与服务所在的命名空间一致。
spec:
ref:
name: demoapp # 目标服务名称
kind: Service
apiVersion: serving.knative.dev/v1
tls:
secretName: yht-domain-ssl命令行创建
kn domain create hello.yht.com --ref demoapp --tls yht-domain-ssl --namespace default验证DomainMapping状态
[root@ip-172-17-11-227 ~]# kubectl get domainmapping
NAME URL READY REASON
hello.yht.com https://hello.yht.com True
[root@ip-172-17-11-227 ~]#配置重定向
Redirected:通过重定向响应 HTTP 请求,302要求客户端使用 HTTPS。
kubectl edit cm config-network -n knative-serving
apiVersion: v1
data:
http-protocol: Redirected发布域名
将域名解析至cname至alfjljaslfjj312978wr-12345678.us-west-2.elb.amazonaws.com
测试访问: curl https://hello.yht.com
[root@ip-172-17-11-227 ~]# kubectl get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.100.187.5 alfjljaslfjj312978wr-12345678.us-west-2.elb.amazonaws.com 15021:31018/TCP,80:32413/TCP,443:32187/TCP 22h
istiod ClusterIP 10.100.122.84 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 22h
knative-local-gateway ClusterIP 10.100.184.87 <none> 80/TCP 22h
