{"id":287652,"date":"2018-08-16T14:14:00","date_gmt":"2018-08-16T10:14:00","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=287652"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=287652","title":{"rendered":"\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 Kubernetes \u043d\u0430 Hetzner Cloud"},"content":{"rendered":"\n
\u0412 \u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u044f \u0445\u043e\u0442\u0435\u043b \u0431\u044b \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043e\u0431 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 Kubernetes \u043d\u0430 Hetzner Cloud. <\/p>\n

\u041d\u0430 \u043c\u043e\u0435\u043c \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d Ubuntu Linux 18.04 \u0438 \u0432\u0441\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u0431\u0443\u0434\u0443\u0442 \u043f\u043e\u0434\u0440\u0430\u0437\u0443\u043c\u0435\u0432\u0430\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. <\/p>\n

\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 Hetzner Cloud \u0438 \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u0442\u0438\u043b\u0438\u0442\u0443 hetzner-kube<\/a>. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043c \u0435\u0435 \u043d\u0430 \u0441\u0432\u043e\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440. <\/a><\/p>\n

$ wget https:\/\/github.com\/xetys\/hetzner-kube\/releases\/download\/0.3.1\/hetzner-kube-linux-amd64 $ chmod a+x .\/hetzner-kube-linux-amd64  $ sudo mv .\/hetzner-kube-linux-amd64 \/usr\/local\/bin\/hetzner-kube <\/code><\/pre>\n
  \u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0443\u0442\u0438\u043b\u0438\u0442\u044b hetzner-kube \u0438 \u0435\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 Hetzner Cloud \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c API Token \u0447\u0435\u0440\u0435\u0437 Hetzner Cloud Console https:\/\/console.hetzner.cloud<\/a>. \u0412\u0432\u0435\u0440\u0445\u0443 \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c Select a project -> Default, \u0432 \u043b\u0435\u0432\u043e\u043c \u043c\u0435\u043d\u044e \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0443\u043d\u043a\u0442 Access, \u0434\u0430\u043b\u0435\u0435 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u0440\u0430\u0437\u0434\u0435\u043b API tokens, \u043d\u0430\u0436\u0438\u043c\u0430\u0435\u043c \u043d\u0430 \u043a\u043d\u043e\u043f\u043a\u0443 Generate API Token. <\/p>\n
  \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0431\u0443\u0434\u0435\u0442 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d API Token \u0438 \u0435\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0431\u0443\u0434\u0435\u0442 \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u044b hetzner-kube.<\/p>\n
$ hetzner-kube context add k8s Token: <PASTE TOKEN HERE> added context 'k8s' <\/code><\/pre>\n
  \u0414\u0430\u043b\u0435\u0435 \u043d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c SSH \u043a\u043b\u044e\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0432 Hetzner Cloud. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u0443\u0442\u0438\u043b\u0438\u0442\u043e\u0439 ssh-keygen: <\/p>\n
$ ssh-keygen -t rsa Generating public\/private rsa key pair. Enter file in which to save the key (~\/.ssh\/id_rsa):  Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in ~\/.ssh\/id_rsa. Your public key has been saved in ~\/.ssh\/id_rsa.pub. The key fingerprint is: SHA256:1bwptZ8lPiAhtA37\/2U1G7HsC+aE7qMVCtVIfN3OLzk lx4241@LX4241-LINUX The key's randomart image is: +---[RSA 2048]----+ |        +.  . .  | |       ..*o+ . . | |        +o=.+ o. | |        .+ o +.oo| |       .S +.= .*+| |        . .+o+E+*| |         . o.+==o| |          o.+..+.| |         .oo.... | +----[SHA256]-----+<\/code><\/pre>\n
  \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432 \u0432\u0430\u0448\u0435\u043c \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u043d\u043e \u0434\u0432\u0430 \u0444\u0430\u0439\u043b\u0430 ~\/.ssh\/id_rsa (\u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 \u043a\u043b\u044e\u0447) \u0438 ~\/.ssh\/id_rsa.pub (\u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u044e\u0447).<\/p>\n
  \u0414\u043e\u0431\u0430\u0432\u0438\u043c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 ssh \u043a\u043b\u044e\u0447 \u0432 Hetzner Cloud: <\/p>\n
$ hetzner-kube ssh-key add --name k8s sshKeyAdd called SSH key k8s(95430) created <\/code><\/pre>\n
  \u041d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u0435 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043e\u0447\u0435\u043d\u044c \u043b\u0435\u0433\u043a\u043e: <\/p>\n
$ hetzner-kube cluster create --name k8s --ssh-key k8s --master-count 1 --worker-count 1 2018\/08\/02 13:57:57 Creating new cluster  NAME:k8s MASTERS: 1 WORKERS: 1 ETCD NODES: 0 HA: false ISOLATED ETCD: false 2018\/08\/02 13:57:58 creating server 'k8s-master-01'...   --- [======================================] 100% 2018\/08\/02 13:58:18 Created node 'k8s-master-01' with IP 159.69.54.228 2018\/08\/02 13:58:18 creating server 'k8s-worker-01'...   --- [======================================] 100% 2018\/08\/02 13:58:37 Created node 'k8s-worker-01' with IP 159.69.51.140 2018\/08\/02 13:58:37 sleep for 10s... k8s-master-01        : complete!                         100.0% [==============] k8s-worker-01        : complete!                         100.0% [==============] 2018\/08\/02 14:02:50 Cluster successfully created!<\/code><\/pre>\n
  \u0414\u0430\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u0441\u0442 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0432 Hetzner Cloud \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442 \u043d\u0430 \u043d\u0438\u0445 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e master\/worker \u043d\u043e\u0434 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes. \u041f\u043e-\u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b CX11 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. <\/p>\n
  \u0412 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c, \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u044b hetzner-kube, \u0442\u0430\u043a\u0436\u0435 \u043b\u0435\u0433\u043a\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f worker \u043d\u043e\u0434\u044b. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0434\u043e\u0431\u0430\u0432\u0438\u043c 2 worker \u043d\u043e\u0434\u044b: <\/p>\n
$ hetzner-kube cluster add-worker --name k8s --nodes 2 <\/code><\/pre>\n
  \u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e master \u043d\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u044b hetzner-kube \u0431\u0435\u0437 \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c. <\/p>\n
  \u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 Kubernetes \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0443\u0442\u0438\u043b\u0438\u0442\u0430 kubectl. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044e \u043f\u043e \u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0434\u043b\u044f \u0440\u0430\u0437\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u043f\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0435<\/a>. <\/p>\n
  \u0414\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0441 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u043e\u043c Kubernetes \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b kubectl, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c: <\/p>\n
$ hetzner-kube cluster kubeconfig k8s create file kubeconfig configured<\/code><\/pre>\n
  \u0424\u0430\u0439\u043b \u0441 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0432 ~\/.kube\/config. <\/p>\n
  \u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043a \u0441\u0430\u043c\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u043c\u0443 \u2014 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 Kubernetes. <\/p>\n
  \u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0431\u0430\u0437\u043e\u0432\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0434\u043b\u044f \u0431\u0443\u0434\u0443\u0449\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439. \u0411\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0432\u044b \u0441\u043c\u043e\u0436\u0435\u0442\u0435 \u043d\u0430\u0439\u0442\u0438 \u043f\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0435<\/a>. <\/p>\n
$ curl https:\/\/raw.githubusercontent.com\/kubernetes\/ingress-nginx\/master\/deploy\/mandatory.yaml | kubectl apply -f -   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100  6170  100  6170    0     0  13987      0 --:--:-- --:--:-- --:--:-- 14022 namespace "ingress-nginx" created deployment "default-http-backend" created service "default-http-backend" created configmap "nginx-configuration" created configmap "tcp-services" created configmap "udp-services" created serviceaccount "nginx-ingress-serviceaccount" created clusterrole "nginx-ingress-clusterrole" created role "nginx-ingress-role" created rolebinding "nginx-ingress-role-nisa-binding" created clusterrolebinding "nginx-ingress-clusterrole-nisa-binding" created deployment "nginx-ingress-controller" created<\/code><\/pre>\n
  \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0435\u0440\u0432\u0438\u0441 ingress-nginx, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u043f\u043e\u0440\u0442\u0430\u0445 80 (http) \u0438 443 (https) \u0438 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0438\u0445 \u0434\u0430\u043b\u044c\u0448\u0435 \u043d\u0430 \u043d\u0430\u0448\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435. \u0412\u043c\u0435\u0441\u0442\u043e X.X.X.X \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u043f\u0438\u0441\u043e\u043a \u0432\u043d\u0435\u0448\u043d\u0438\u0445 IP \u043d\u0430\u0448\u0438\u0445 \u043d\u043e\u0434 \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435 Kubernetes, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 (\u044d\u0442\u043e \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043a\u0430\u043a master, \u0442\u0430\u043a \u0438 worker \u043d\u043e\u0434\u044b, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 LoadBalancer \u0432 Hetzner Cloud \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442). <\/p>\n
  \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0441 \u0438\u043c\u0435\u043d\u0435\u043c ingress-nginx.yaml \u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u044b\u043c: <\/p>\n
apiVersion: v1 kind: Service metadata:   name: ingress-nginx   namespace: ingress-nginx spec:   type:   ports:   - name: http     port: 80     targetPort: 80     protocol: TCP   - name: https     port: 443     targetPort: 443     protocol: TCP   selector:     app: ingress-nginx   externalIPs:   - X.X.X.X   - X.X.X.X<\/code><\/pre>\n
$ kubectl apply -f ingress-nginx.yaml  service "ingress-nginx" configured<\/code><\/pre>\n
  \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0447\u0442\u043e nginx-ingress-controller \u0438 default-http-backend \u043f\u043e\u0434\u044b \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u044b. <\/p>\n
$ kubectl get pods -n ingress-nginx  NAME                                        READY     STATUS    RESTARTS   AGE default-http-backend-55c6c69b88-hvl4x       1\/1       Running   0          51m nginx-ingress-controller-6658c97f58-d6jkg   1\/1       Running   0          51m<\/code><\/pre>\n
  \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0410 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0432\u0430\u0448 \u0434\u043e\u043c\u0435\u043d \u0438 \u0436\u0434\u0435\u043c \u043f\u043e\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u043d\u0438\u0445 \u043f\u043e\u044f\u0432\u0438\u0442\u0441\u044f \u0432 \u0414\u041d\u0421. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440: <\/p>\n
Type: A Name: echo.example.com Value: X.X.X.X  <\/code><\/pre>\n
  \u0415\u0441\u043b\u0438 \u0432 ingress-nginx.yaml \u0432\u044b \u0443\u043a\u0430\u0437\u0430\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u043d\u0435\u0448\u043d\u0438\u0445 IP \u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432\u044b\u0445 DNS \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0441 \u044d\u0442\u0438\u043c\u0438 IP \u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0432\u0430\u0448 \u0434\u043e\u043c\u0435\u043d \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0442\u044c\u0441\u044f \u043c\u0435\u0436\u0434\u0443 \u044d\u0442\u0438\u043c\u0438 IP \u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438 \u0438 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442\u044c \u0431\u0430\u043b\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u043a\u0430 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438. <\/p>\n
  \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b https \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u0441\u0430\u043c\u043e\u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442. <\/p>\n
$ openssl req -newkey rsa:2048 -nodes -keyout echo.example.com.key -x509 -days 365 -out echo.example.com.crt Generating a 2048 bit RSA private key ..+++ .............+++ writing new private key to 'echo.example.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:UA State or Province Name (full name) [Some-State]:Kyiv Locality Name (eg, city) []:Kyiv Organization Name (eg, company) [Internet Widgits Pty Ltd]:Super Company Ltd Organizational Unit Name (eg, section) []:echo.example.com Common Name (e.g. server FQDN or YOUR name) []:echo.example.com Email Address []:info@echo.example.com  $ cat echo.example.com.key | base64 | tr -d '\\n' <YOUR PRIVATE KEY> $ cat echo.example.com.crt | base64 | tr -d '\\n' <YOUR CERTIFICATE><\/code><\/pre>\n
  \u0422\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043d\u0430\u0448\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u0430 \u0432\u044b\u0431\u0440\u0430\u043d \u043f\u0440\u043e\u0441\u0442\u043e\u0439 echoserver. \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0441 \u0438\u043c\u0435\u043d\u0435\u043c app.yaml \u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u044b\u043c: <\/p>\n
apiVersion: v1 kind: Namespace metadata:   name: echoserver --- kind: Secret metadata:   name: echo.example.com-tls   namespace: echoserver type: kubernetes.io\/tls data:   tls.crt: <YOUR CERTIFICATE>   tls.key: <YOUR PRIVATE KEY> --- apiVersion: extensions\/v1beta1 kind: Deployment metadata:   name: echoserver   namespace: echoserver spec:   replicas: 1   template:     metadata:       labels:         app: echoserver     spec:       containers:       - image: gcr.io\/google_containers\/echoserver:1.0         imagePullPolicy: Always         name: echoserver         ports:         - containerPort: 8080 --- apiVersion: v1 kind: Service metadata:   name: echoserver   namespace: echoserver spec:   ports:   - name: http     port: 80     targetPort: 8080     protocol: TCP   selector:     app: echoserver --- apiVersion: extensions\/v1beta1 kind: Ingress metadata:   name: echoserver   namespace: echoserver   annotations:     kubernetes.io\/ingress.class: "nginx" spec:   tls:   - hosts:     - echo.example.com     secretName: echo.example.com-tls   rules:   - host: echo.example.com     http:       paths:       - path: \/         backend:           serviceName: echoserver           servicePort: 80<\/code><\/pre>\n
  <\/p>\n
$ kubectl apply -f app.yaml  namespace "echoserver" configured deployment "echoserver" unchanged service "echoserver" configured ingress "echoserver" unchanged<\/code><\/pre>\n
  \u041d\u0430 \u044d\u0442\u043e\u043c \u0432\u0441\u0435 )) \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442: <\/p>\n
$ curl https:\/\/echo.example.com\/ CLIENT VALUES: client_address=('10.244.3.2', 32860) (10.244.3.2) command=GET path=\/ real path=\/ query= request_version=HTTP\/1.1  SERVER VALUES: server_version=BaseHTTP\/0.6 sys_version=Python\/3.5.0 protocol_version=HTTP\/1.0  HEADERS RECEIVED: Accept=*\/* Connection=close Host=echo.example.com User-Agent=curl\/7.58.0 X-Forwarded-For=10.244.0.0 X-Forwarded-Host=echo.example.com X-Forwarded-Port=80 X-Forwarded-Proto=http X-Original-URI=\/ X-Real-IP=10.244.0.0 X-Request-ID=7a4f4aabf9a0043ea2b1ca91bd1a3adf X-Scheme=http<\/code><\/pre>\n<\/div>\n