0

我已经将 Kubernetes 设置为使用 Traefik Ingress 来提供基于名称的路由。在如何配置自动 LetsEncrypt SSL 证书方面,我有点迷茫。如何引用 TOML 文件并为 HTTPs 进行配置。我在下面使用带有 NGINX 图像的简单容器来测试它。

以下是我用于部署/服务/入口的 YAML。

apiVersion: v1
kind: Service
metadata:
  name: web
  labels:
    app: hmweb
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: hmweb

---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: web
          servicePort: http

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hmweb-deployment
  labels:
    app: hmweb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hmweb
  template:
    metadata:
      labels:
        app: hmweb
    spec:
      containers:
      - name: hmweb
        image: nginx:latest

        envFrom:
          - configMapRef:
              name: config
        ports:
        - containerPort: 80

我还包括了我的 ingress.yaml

--
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller

---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: LoadBalancer
4

1 回答 1

0

您可以构建自定义图像并以这种方式包含 toml 文件,但这不是最佳实践。我是这样做的:

1) 将您的 toml 配置作为 ConfigMap 部署到 kubernetes,如下所示:

apiVersion: v1
kind: ConfigMap
metadata:
  name: cfg-traefik
  labels:
    app: traefik
data:
  traefik.toml: |
    defaultEntryPoints = ["http", "https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
        [entryPoints.http.redirect]
        entryPoint = "https"
      [entryPoints.https]
      address = ":443"
        [entryPoints.https.tls]
    [acme]
    email = "you@email.com"
    storage = "/storage/acme.json"
    entryPoint = "https"
    acmeLogging = true
    onHostRule = true
    [acme.tlsChallenge]

2) 将配置连接到您的 Traefik 部署。这是我的配置:

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: dpl-traefik
  labels:
    k8s-app: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik
  template:
    metadata:
      labels:
        k8s-app: traefik
        name: traefik
    spec:
      serviceAccountName: svc-traefik
      terminationGracePeriodSeconds: 60
      volumes:
      - name: config
        configMap:
          name: cfg-traefik
      - name: cert-storage
        persistentVolumeClaim:
          claimName: pvc-traefik
      containers:
      - image: traefik:alpine
        name: traefik
        volumeMounts:
        - mountPath: "/config"
          name: "config"
        - mountPath: "/storage"
          name: cert-storage
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
        - --configFile=/config/traefik.toml
于 2019-09-23T14:48:45.267 回答