我正在将Traefik与Kubernetes结合使用,并希望使用letencrypt通配符证书来部署多个站点。日志显示请求证书的部分似乎工作正常,调试消息也显示应使用证书
time="2018-11-14T10:16:08Z" level=info msg="legolog: [INFO] [*.my-domain.com] Server responded with a certificate."
time="2018-11-14T10:16:08Z" level=debug msg="Certificates obtained for domains [*.my-domain.com]"
time="2018-11-14T10:16:08Z" level=debug msg="Configuration received from provider ACME: {}"
time="2018-11-14T10:16:08Z" level=debug msg="Wiring frontend dashboard.my-domain.com/ to entryPoint http"
time="2018-11-14T10:16:08Z" level=debug msg="Creating backend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Adding TLSClientHeaders middleware for frontend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Creating load-balancer wrr"
time="2018-11-14T10:16:08Z" level=debug msg="Creating server traefik-ingress-controller-84fbb59c4b-8h2p5 at http://MY-IP:8080 with weight 1"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route / PathPrefix:/"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route dashboard.my-domain.com Host:dashboard.my-domain.com"
time="2018-11-14T10:16:08Z" level=debug msg="Wiring frontend dashboard.my-domain.com/ to entryPoint https"
time="2018-11-14T10:16:08Z" level=debug msg="Creating backend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Adding TLSClientHeaders middleware for frontend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Creating load-balancer wrr"
time="2018-11-14T10:16:08Z" level=debug msg="Creating server traefik-ingress-controller-84fbb59c4b-8h2p5 at http://MY-IP:8080 with weight 1"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route dashboard.my-domain.com Host:dashboard.my-domain.com"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route / PathPrefix:/"
time="2018-11-14T10:16:08Z" level=debug msg="Add certificate for domains *.my-domain.com"
time="2018-11-14T10:16:08Z" level=info msg="Server configuration reloaded on :8080"
time="2018-11-14T10:16:08Z" level=info msg="Server configuration reloaded on :80"
time="2018-11-14T10:16:08Z" level=info msg="Server configuration reloaded on :443"
但是当我打开网站并将其从http://dashboard.my-domain.com更改为https://dashboard.my-domain.com时,我得到一个错误,即没有证书,并且在Chrome中是“ ERR_SSL_PROTOCOL_ERROR”。
在这里提供一些上下文信息是我的Yaml代码段:
apiVersion: v1
kind: Service
metadata:
name: traefik-ingress-service
namespace: traefik
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
name: traefik-webui
namespace: traefik
spec:
selector:
k8s-app: traefik-ingress-lb
type: LoadBalancer
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080
- name: https
protocol: TCP
port: 443
targetPort: 8080
loadBalancerIP: MYEXTERNALIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-webui
namespace: traefik
spec:
rules:
- host: dashboard.my-domain.com
http:
paths:
- path: /
backend:
serviceName: traefik-webui
servicePort: web
我的Configmap也是这样:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: traefik
name: traefik-conf
data:
traefik.toml: |
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[kubernetes]
[web]
[acme]
email = "my-email@ddr.es"
storage = "/config/acme.json"
onDemand = true
entryPoint = "https"
acmeLogging = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[acme.dnsChallenge]
provider = "MYPROVIDER"
[[acme.domains]]
main = "*.my-domain.com"
logLevel = "DEBUG"