nginx-k8s.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
  namespace: default
  labels:
    app: my-nginx
spec:
  selector:
    matchLabels:
      app: my-nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: my-nginx
    spec:
      containers:
        - image: nginx # 使用 nginx 的 docker image
          name: my-nginx
          ports:
            - containerPort: 80 # 暴露 nginx 的监听端口
              name: 'my-nginx'
              protocol: 'TCP'
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  namespace: default
  labels:
    app: my-nginx
spec:
  ports:
    - name: http
      port: 80 # service 的监听端口
      protocol: TCP
      targetPort: 80 # Pod 的监听端口
  selector:
    app: my-nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-nginx-ingress
  annotations:
    kubernetes.io/ingress.class: 'traefik' # 注意：在创建 Issuer 资源的时候有配置 ingress.class，需要保持一直
    cert-manager.io/cluster-issuer: letsencrypt-prod # 指定 cert-manager 的 Issuer 的名字
    kubernetes.io/tls-acme: 'true' # 可选
    ingress.kubernetes.io/ssl-redirect: "true" # 强制的从 HTTP 重定向刀 HTTPS
spec:
  tls:
    - hosts:
        # Change this to your own hostname
        - nginx.example.com # 要生成证书的域名
      secretName: my-nginx-tls
  rules:
    - host: nginx.example.com # 此 Ingress 资源识别的 域名
      http:
        paths:
          - path: /
            backend:
              serviceName: my-nginx
              servicePort: http