site.dev我有一个带有 CN=site.dev 和 ext3 DNS 域的自签名证书,包括site.dev,作为defaultns 中 k8s 中的秘密,带有type: kubernetes.io/tls和 密钥:tls.crt和tls.key. 由于它是自签名的,它不包含中间证书(它不能)。
Traefik 使用 args 运行:
- --configfile=/config/traefik.toml
- --defaultentrypoints=https,http
- --entrypoints=Name:https Address::443 TLS
- --entrypoints=Name:http Address::80
当入口开始时,Traefik 会记录:
{"level":"error","msg":"Error configuring TLS for ingress default/site-dev: secret default/site-dev-tls does not exist","time":"2019-04-20T21:09:02Z"}
入口有
tls:
- secretName: site-dev-tls`
这是 curl 的输出:
curl https://site.dev:443/ -v
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to site.dev (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
$ curl http://site.dev:443/
404 page not found
$ kubectl auth can-i get secrets/site-dev-tls --namespace default --as system:serviceaccount:kube-system:traefik-ingress-controller
yes
我不确定我做错了什么......任何帮助表示赞赏。