traefik使用https

时间:May 22, 2020 分类:

目录:

支持HTTPS

创建secret存放证书

kubectl create secret generic whysdomain-cert  --from-file=./server.key --from-file=./server.pem --namespace=kube-system

创建traefik配置的configmap

apiVersion: v1
data:
  traefik.toml: |
    graceTimeOut = 60
    debug = true
    checkNewVersion = false
    traefikLogsFile ="/var/log/traefik/traefik.log"
    accessLogsFile="/var/log/traefik/access.log"
    logLevel="DEBUG"
    ProvidersThrottleDuration="5"
    [web]
    address = ":8080"
    [entryPoints]
    [entryPoints.http]
    address = ":80"
    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    CertFile = "/etc/ssl/whysdomain/server.pem"
    KeyFile = "/etc/ssl/whysdomain/server.key"
    [kubernetes]
    endpoint=""
kind: ConfigMap
metadata:
  name: traefik-config
  namespace: kube-system

创建traefik的ds

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    app: traefik-ingress
  name: traefik-ingress
  namespace: kube-system
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: traefik-ingress
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: traefik-ingress
    spec:
      containers:
      - args:
        - --configfile=/etc/traefik/traefik.toml
        image: reg.hualala.com/ops/traefik:v1.7.9
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: traefik-ingress
        ports:
        - containerPort: 80
          hostPort: 80
          name: http
          protocol: TCP
        - containerPort: 8080
          hostPort: 8080
          name: admin
          protocol: TCP
        resources: {}
        volumeMounts:
        - mountPath: /var/log
          name: volume-image-0
        - mountPath: /etc/ssl/hualala/
          name: whysdomain-cert
        - mountPath: /etc/traefik/
          name: config
      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      nodeSelector:
        node-role.kubernetes.io/ingress: "true"
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: traefik-ingress-controller
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 30
      volumes:
      - hostPath:
          path: /disk1/logs
          type: ""
        name: volume-image-0
      - name: whysdomain-cert
        secret:
         secretName: whysdomain-cert
      - configMap:
          name: traefik-config
        name: config
  templateGeneration: 21
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: OnDelete

ingress使用https

kubecatl annotations ingress xxxx ingress.kubernetes.io/frontend-entry-points: http,https