ssl - Kubernetes Ingress 不适用于 Traefik 和 TLS
问题描述
我正在尝试在 K8s 上运行一些东西(裸机上的 Ubuntu 20.04 上的 1.21.0)并且可能缺少一些简单的东西。我已经使用他们的舵图(9.19.1)和以下值文件安装了 Traefik(2.4.8):
deployment:
kind: DaemonSet
dashboard:
enabled: true
hostNetwork: true
ports:
web:
port: 80
websecure:
port: 443
securityContext:
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
additionalArguments:
- "--log.level=DEBUG"
我可以通过 ssh 隧道进入并查看 Traefik 仪表板。我安装了 httpbin 来测试一些东西:
kind: Service
metadata:
name: httpbin
namespace: default
spec:
selector:
app: httpbin
ports:
- port: 8080
protocol: TCP
targetPort: 80
---
apiVersion: v1
kind: Pod
metadata:
name: httpbin
namespace: default
labels:
app: httpbin
spec:
containers:
- image: kennethreitz/httpbin:latest
name: httpbin
ports:
- containerPort: 80
protocol: TCP
我用我的证书(一个真正的 *.brandseye.com 证书)和一个 Ingress 创建了一个秘密:
kind: Ingress
metadata:
name: test-ingress
namespace: default
spec:
tls:
- hosts:
- aragorn.brandseye.com
secretName: brandseye-com-cert
rules:
- host: aragorn.brandseye.com
http:
paths:
- path: /get
pathType: Exact
backend:
service:
name: httpbin
port:
number: 8080
现在我可以访问:http: //aragorn.brandseye.com/get 并且可以正常工作。但是https://aragorn.brandseye.com/get给出了 404。使用了正确的证书。
Traefik 看起来不错:
time="2021-05-18T13:35:38Z" level=debug msg="Configuration received from provider kubernetes: {\"http\":{\"routers\":{\"test-ingress-default-aragorn-brandseye-com-get\":{\"service\":\"default-httpbin-8080\",\"rule\":\"Host(`aragorn.brandseye.com`) \\u0026\\u0026 Path(`/get`)\"}},\"services\":{\"default-httpbin-8080\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.20.1.9:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"tls\":{}}" providerName=kubernetes
time="2021-05-18T13:35:38Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=test-ingress-default-aragorn-brandseye-com-get
time="2021-05-18T13:35:38Z" level=debug msg="No store is defined to add the certificate MIIGkDCCBXigAwIBAgIQCYfAPbF1vuf5b72JgcBPEDANBgkqhk, it will be added to the default store."
time="2021-05-18T13:35:38Z" level=debug msg="Adding certificate for domain(s) *.brandseye.com,brandseye.com"
time="2021-05-18T13:35:38Z" level=debug msg="No default certificate, generating one"
time="2021-05-18T13:35:38Z" level=debug msg="Added outgoing tracing middleware ping@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=ping@internal middlewareName=tracing
time="2021-05-18T13:35:38Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=kube-system-traefik-dashboard-d012b7f875133eeab4e5@kubernetescrd entryPointName=traefik middlewareName=tracing middlewareType=TracingForwarder
time="2021-05-18T13:35:38Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=traefik-traefik-dashboard-d012b7f875133eeab4e5@kubernetescrd middlewareName=tracing
time="2021-05-18T13:35:38Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-05-18T13:35:38Z" level=debug msg="Creating middleware" serviceName=default-httpbin-8080 middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=test-ingress-default-aragorn-brandseye-com-get@kubernetes
time="2021-05-18T13:35:38Z" level=debug msg="Creating load-balancer" routerName=test-ingress-default-aragorn-brandseye-com-get@kubernetes serviceName=default-httpbin-8080 entryPointName=web
time="2021-05-18T13:35:38Z" level=debug msg="Creating server 0 http://172.20.1.9:80" serviceName=default-httpbin-8080 serverName=0 entryPointName=web routerName=test-ingress-default-aragorn-brandseye-com-get@kubernetes
time="2021-05-18T13:35:38Z" level=debug msg="Added outgoing tracing middleware default-httpbin-8080" middlewareType=TracingForwarder entryPointName=web routerName=test-ingress-default-aragorn-brandseye-com-get@kubernetes middlewareName=tracing
time="2021-05-18T13:35:38Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-05-18T13:35:38Z" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-05-18T13:35:38Z" level=debug msg="No default certificate, generating one"
有任何想法吗?德克萨斯州。
如果我查看 Traefik Dashboard 上的路由器详细信息,则 TLS 块中没有任何内容,这似乎不正确:
解决方案
我不知道这是否会帮助你。但是我的配置像这样工作得很好。
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: laznp-www-ingress-route
namespace: wordpress
spec:
entryPoints:
- websecure
routes:
- match: Host(`laznp.id`)
kind: Rule
services:
- name: laznp-www-svc
port: 80
tls: {}
我使用IngressRoute来自 Traefik CRD 的 kind,希望对您有所帮助。
推荐阅读
- ibm-cloud - 如何自动授予/撤销对 Cloud Object Storage 资源的访问权限?
- c++ - 在构造函数中初始化值
- python - 使用 Scikit-Learn 的回归模型中的负准确度得分
- c - 连接一个常量数组是否独立于实现?
- c++ - C++中static_cast的理解
- azure-eventhub - 确保消息从 APIM 成功发送到事件中心的能力
- r - R:批量替换变量名
- google-cloud-platform - 有没有办法使用谷歌脚本在另一个谷歌文档顶部添加模板文档?
- excel - 在 Excel 文件中搜索特定列标题 - 运行时错误 91
- php - 如何在 Mac 上安装 GMP PHP 包