You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
4.1 KiB
92 lines
4.1 KiB
REGISTRY_NAME=heigoo
|
|
CONTROLLER_REGISTRY=k8s.gcr.io
|
|
CONTROLLER_IMAGE=ingress-nginx/controller
|
|
CONTROLLER_TAG=v0.48.1
|
|
PATCH_REGISTRY=docker.io
|
|
PATCH_IMAGE=jettech/kube-webhook-certgen
|
|
PATCH_TAG=v1.5.1
|
|
DEFAULTBACKEND_REGISTRY=k8s.gcr.io
|
|
DEFAULTBACKEND_IMAGE=defaultbackend-amd64
|
|
DEFAULTBACKEND_TAG=1.5
|
|
CERT_MANAGER_REGISTRY=quay.io
|
|
CERT_MANAGER_TAG=v1.3.1
|
|
CERT_MANAGER_IMAGE_CONTROLLER=jetstack/cert-manager-controller
|
|
CERT_MANAGER_IMAGE_WEBHOOK=jetstack/cert-manager-webhook
|
|
CERT_MANAGER_IMAGE_CAINJECTOR=jetstack/cert-manager-cainjector
|
|
|
|
az acr import --name $REGISTRY_NAME --source $CONTROLLER_REGISTRY/$CONTROLLER_IMAGE:$CONTROLLER_TAG --image $CONTROLLER_IMAGE:$CONTROLLER_TAG
|
|
az acr import --name $REGISTRY_NAME --source $PATCH_REGISTRY/$PATCH_IMAGE:$PATCH_TAG --image $PATCH_IMAGE:$PATCH_TAG
|
|
az acr import --name $REGISTRY_NAME --source $DEFAULTBACKEND_REGISTRY/$DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG --image $DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG
|
|
az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG
|
|
az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG
|
|
az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG
|
|
|
|
|
|
--------
|
|
# Create a namespace for your ingress resources
|
|
kubectl create namespace ingress-basic
|
|
|
|
# Add the ingress-nginx repository
|
|
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
|
|
|
# Set variable for ACR location to use for pulling images
|
|
ACR_URL=heigoo.azurecr.io
|
|
|
|
# Use Helm to deploy an NGINX ingress controller
|
|
helm install nginx-ingress ingress-nginx/ingress-nginx \
|
|
--namespace ingress-basic \
|
|
--set controller.replicaCount=2 \
|
|
--set controller.nodeSelector."kubernetes\.io/os"=linux \
|
|
--set controller.image.registry=$ACR_URL \
|
|
--set controller.image.image=$CONTROLLER_IMAGE \
|
|
--set controller.image.tag=$CONTROLLER_TAG \
|
|
--set controller.image.digest="" \
|
|
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \
|
|
--set controller.admissionWebhooks.patch.image.registry=$ACR_URL \
|
|
--set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \
|
|
--set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \
|
|
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \
|
|
--set defaultBackend.image.registry=$ACR_URL \
|
|
--set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \
|
|
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG
|
|
|
|
# -----
|
|
kubectl --namespace ingress-basic get services -o wide
|
|
|
|
# ---- add a A reacord(and eshop.* subdomain cname) in Azure or DNS register(eg. GoDaddy) with load balancer ip
|
|
az network dns record-set a add-record \
|
|
--resource-group myResourceGroup \
|
|
--zone-name MY_CUSTOM_DOMAIN \
|
|
--record-set-name "*" \
|
|
--ipv4-address MY_EXTERNAL_IP
|
|
|
|
# ----
|
|
# install cert manager
|
|
# ------
|
|
# Label the ingress-basic namespace to disable resource validation
|
|
kubectl label namespace ingress-basic cert-manager.io/disable-validation=true
|
|
|
|
# Add the Jetstack Helm repository
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
|
|
# Update your local Helm chart repository cache
|
|
helm repo update
|
|
|
|
# Install the cert-manager Helm chart
|
|
helm install cert-manager jetstack/cert-manager \
|
|
--namespace ingress-basic \
|
|
--version $CERT_MANAGER_TAG \
|
|
--set installCRDs=true \
|
|
--set nodeSelector."kubernetes\.io/os"=linux \
|
|
--set image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CONTROLLER \
|
|
--set image.tag=$CERT_MANAGER_TAG \
|
|
--set webhook.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_WEBHOOK \
|
|
--set webhook.image.tag=$CERT_MANAGER_TAG \
|
|
--set cainjector.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CAINJECTOR \
|
|
--set cainjector.image.tag=$CERT_MANAGER_TAG
|
|
|
|
# ----
|
|
# create ca issuer
|
|
# run demo https://docs.microsoft.com/en-us/azure/aks/ingress-tls
|
|
# https://docs.microsoft.com/en-us/azure/aks/static-ip
|
|
|