我正在尝试使用 Helm 在我的 DigitalOcean Kubernetes 集群上安装 Traefik。
$ helm install -f traefik.values.yaml stable/traefik
我拥有假设域example.org
,DNS 记录通过 Digital Ocean 管理
traefik.values.yaml
值文件包含(您可以在此处查看完整的选项列表):
---
accessLogs:
enabled: true
dashboard:
enabled: true
domain: traefik.example.org
debug:
enabled: true
ssl:
enabled: true
enforced: true
acme:
enabled: true
logging: true
staging: true
email: <redacted>
challengeType: "dns-01"
dnsProvider:
name: digitalocean
digitalocean:
DO_AUTH_TOKEN: "<redacted>"
domains:
enabled: true
domainsList:
- main: "traefik.example.org"
rbac:
enabled: true
但该服务从不创建外部 IP 地址。当我检查日志时,我看到:
$ k logs messy-koala-traefik-584cc9f68b-d9p6h -f
{"level":"info","msg":"Using TOML configuration file /config/traefik.toml","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"No tls.defaultCertificate given for https: using the first item in tls.certificates as a fallback.","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Traefik version v1.7.6 built on 2018-12-14_06:43:37AM","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Global configuration loaded {\"LifeCycle\":{\"RequestAcceptGraceTimeout\":0,\"GraceTimeOut\":10000000000},\"GraceTimeOut\":0,\"Debug\":true,\"CheckNewVersion\":true,\"SendAnonymousUsage\":false,\"AccessLogsFile\":\"\",\"AccessLog\":{\"format\":\"common\",\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"keep\"}}},\"TraefikLogsFile\":\"\",\"TraefikLog\":{\"format\":\"json\"},\"Tracing\":null,\"LogLevel\":\"\",\"EntryPoints\":{\"http\":{\"Address\":\":80\",\"TLS\":null,\"Redirect\":{\"regex\":\"^http://(.*)\",\"replacement\":\"https://$1\"},\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":true,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}},\"https\":{\"Address\":\":443\",\"TLS\":{\"MinVersion\":\"\",\"CipherSuites\":null,\"Certificates\":[{\"CertFile\":\"/ssl/tls.crt\",\"KeyFile\":\"/ssl/tls.key\"}],\"ClientCAFiles\":null,\"ClientCA\":{\"Files\":null,\"Optional\":false},\"DefaultCertificate\":{\"CertFile\":\"/ssl/tls.crt\",\"KeyFile\":\"/ssl/tls.key\"},\"SniStrict\":false},\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":true,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}},\"traefik\":{\"Address\":\":8080\",\"TLS\":null,\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}}},\"Cluster\":null,\"Constraints\":[],\"ACME\":{\"Email\":\"jeff.n.may@gmail.com\",\"Domains\":[{\"Main\":\"traefik.example.org\",\"SANs\":null}],\"Storage\":\"/acme/acme.json\",\"StorageFile\":\"\",\"OnDemand\":false,\"OnHostRule\":true,\"CAServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"DNSChallenge\":{\"Provider\":\"digitalocean\",\"DelayBeforeCheck\":0,\"Resolvers\":null,\"DisablePropagationCheck\":false},\"HTTPChallenge\":null,\"TLSChallenge\":null,\"DNSProvider\":\"\",\"DelayDontCheckDNS\":0,\"ACMELogging\":true,\"OverrideCertificates\":false,\"TLSConfig\":null},\"DefaultEntryPoints\":[\"http\",\"https\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"IdleTimeout\":0,\"InsecureSkipVerify\":false,\"RootCAs\":null,\"Retry\":null,\"HealthCheck\":{\"Interval\":30000000000},\"RespondingTimeouts\":null,\"ForwardingTimeouts\":null,\"AllowMinWeightZero\":false,\"KeepTrailingSlash\":false,\"Web\":null,\"Docker\":null,\"File\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":{\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null},\"Mesos\":null,\"Eureka\":null,\"ECS\":null,\"Rancher\":null,\"DynamoDB\":null,\"ServiceFabric\":null,\"Rest\":null,\"API\":{\"EntryPoint\":\"traefik\",\"Dashboard\":true,\"Debug\":true,\"CurrentConfigurations\":null,\"Statistics\":null},\"Metrics\":null,\"Ping\":null,\"HostResolver\":null}","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Setting Acme Certificate store from Entrypoint: https","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Preparing server traefik \u0026{Address::8080 TLS:\u003cnil\u003e Redirect:\u003cnil\u003e Auth:\u003cnil\u003e WhitelistSourceRange:[] WhiteList:\u003cnil\u003e Compress:false ProxyProtocol:\u003cnil\u003e ForwardedHeaders:0xc0002c3120} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Creating regex redirect http -\u003e ^http://(.*) -\u003e https://$1","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Preparing server http \u0026{Address::80 TLS:\u003cnil\u003e Redirect:0xc00019fdc0 Auth:\u003cnil\u003e WhitelistSourceRange:[] WhiteList:\u003cnil\u003e Compress:true ProxyProtocol:\u003cnil\u003e ForwardedHeaders:0xc0002c30c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Preparing server https \u0026{Address::443 TLS:0xc000221170 Redirect:\u003cnil\u003e Auth:\u003cnil\u003e WhitelistSourceRange:[] WhiteList:\u003cnil\u003e Compress:true ProxyProtocol:\u003cnil\u003e ForwardedHeaders:0xc0002c30e0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Starting provider configuration.ProviderAggregator {}","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Starting server on :8080","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Starting server on :80","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Starting server on :443","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Starting provider *acme.Provider {\"Email\":\"jeff.n.may@gmail.com\",\"ACMELogging\":true,\"CAServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"Storage\":\"/acme/acme.json\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"OnHostRule\":true,\"OnDemand\":false,\"DNSChallenge\":{\"Provider\":\"digitalocean\",\"DelayBeforeCheck\":0,\"Resolvers\":null,\"DisablePropagationCheck\":false},\"HTTPChallenge\":null,\"TLSChallenge\":null,\"Domains\":[{\"Main\":\"traefik.example.org\",\"SANs\":null}],\"Store\":{}}","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Testing certificate renew...","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Using Ingress label selector: \"\"","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"ingress label selector is: \"\"","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Creating in-cluster Provider client","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Configuration received from provider ACME: {}","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"traefik.example.org\"]...","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Domains [\"traefik.example.org\"] need ACME certificates generation for domains \"traefik.example.org\".","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Loading ACME certificates [traefik.example.org]...","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"The key type is empty. Use default key type 4096.","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-01-15T16:25:20Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-01-15T16:25:20Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1beta1.Ingress","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Configuration received from provider kubernetes: {\"backends\":{\"traefik.example.org\":{\"loadBalancer\":{\"method\":\"wrr\"}}},\"frontends\":{\"traefik.example.org\":{\"entryPoints\":[\"http\",\"https\"],\"backend\":\"traefik.example.org\",\"routes\":{\"traefik.example.org\":{\"rule\":\"Host:traefik.example.org\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null}}}","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint http","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint https","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-01-15T16:25:21Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-01-15T16:25:21Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-01-15T16:25:21Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Try to challenge certificate for domain [traefik.example.org] founded in Host rule","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"traefik.example.org\"]...","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"traefik.example.org\"].","time":"2019-01-15T16:25:21Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-01-15T16:25:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:23Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:23Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:23Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:23Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:25Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:25Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:25Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:25Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:27Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:27Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:27Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:27Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:29Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:29Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:29Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:29Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:31Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:31Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:31Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:31Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:33Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:33Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:33Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:33Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Configuration received from provider kubernetes: {\"backends\":{\"traefik.example.org\":{\"servers\":{\"messy-koala-traefik-584cc9f68b-d9p6h\":{\"url\":\"http://10.244.94.3:8080\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}}},\"frontends\":{\"traefik.example.org\":{\"entryPoints\":[\"http\",\"https\"],\"backend\":\"traefik.example.org\",\"routes\":{\"traefik.example.org\":{\"rule\":\"Host:traefik.example.org\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":null}}}","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint http","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating server messy-koala-traefik-584cc9f68b-d9p6h at http://10.244.94.3:8080 with weight 1","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint https","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating server messy-koala-traefik-584cc9f68b-d9p6h at http://10.244.94.3:8080 with weight 1","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-01-15T16:25:35Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-01-15T16:25:35Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-01-15T16:25:35Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Try to challenge certificate for domain [traefik.example.org] founded in Host rule","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"traefik.example.org\"]...","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"traefik.example.org\"].","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:35Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:37Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:37Z"}
之后,将永远重复以下日志:
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:37Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-01-15T16:25:37Z"}
我错过了一些配置吗?在 LoadBalancer 具有外部 IP 地址之前,我无法将 A 记录分配给它。
更新
我取消并重试,第二次成功了。我只是没有等待足够长的时间。我能够在 Digital Ocean 出现后手动设置 A 记录。
然而,当我访问 Traefik 仪表板时,我收到了有关我的证书的警告。自动化 DNS 可能会及时启动应用程序以与 Let's Encrypt CA 协调...尚未尝试过。