Num*_*Uno 3 https kubernetes tls1.2 traefik traefik-ingress
我正在运行 Traefik ( v2.0 ) 作为我的 EKS 集群的入口网关。Traefik ingress 工作正常。
现在,我需要使用自签名证书为我的入口添加 https 支持。为此,我有:
Run Code Online (Sandbox Code Playgroud)kubectl create secret tls tlssecret --key="eks.tls.key" --cert="eks.tls.crt"
/auth) ...部署完成后,当我浏览入口 URL 时,它仍然向我显示 TRAEFIK DEFAULT CERT,而不是我的自签名证书。
请让我知道我在这里做错了什么?还有其他方法吗?
最后结果如下:
traefik-conf.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-conf
namespace: pulse
data:
traefik.yml: |
api:
dashboard: true
insecure: true
global:
checkNewVersion: false
sendAnonymousUsage: false
ping: {}
entryPoints:
websecure:
address: ":443"
web:
address: ":80"
providers:
kubernetesCRD: {}
file:
filename: /etc/traefik/traefik.yml
watch: true
tls:
stores:
default:
defaultCertificate:
certFile: /ssl/tls.pem
keyFile: /ssl/tls.key
options:
default:
minVersion: VersionTLS12
sniStrict: false
certificates:
- certFile: /ssl/tls.pem
keyFile: /ssl/tls.key
我更改了入口控制器,如下所示:
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.0
volumeMounts:
- name: config
mountPath: /etc/traefik/traefik.yml
subPath: traefik.yml
- name: ssl
mountPath: /ssl
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
volumes:
- name: ssl
secret:
secretName: traefik-cert
- name: config
configMap:
name: traefik-conf
入口路线:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pulseingressroutetls
namespace: pulse
spec:
entryPoints:
- websecure
tls:
secretname: traefik-cert
routes:
...
| 归档时间: |
|
| 查看次数: |
5640 次 |
| 最近记录: |