我正在运行Traefik( v2.0 )作为我的EKS集群的入口网关。 Traefik入口工作正常。
现在,我需要使用自签名证书为我的入口添加https支持。为此,我有:
kubectl create secret tls tlssecret --key="eks.tls.key" --cert="eks.tls.crt"
/auth)
... 在部署之后,当我浏览入口URL时,它仍然显示TRAEFIK DEFAULT CERT,而不是我的自签名证书。
请让我知道我在这里做错了什么?还有其他方法吗?
答案 0 :(得分:3)
尝试将机密安装在容器上,以便traefik服务识别。另外,使用下面的配置配置IngressRoute。
Client ID, Client Secret, Tenant ID希望这会有所帮助。
答案 1 :(得分:2)
最后,结果如下:
traefik-conf.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-conf
namespace: pulse
data:
traefik.yml: |
api:
dashboard: true
insecure: true
global:
checkNewVersion: false
sendAnonymousUsage: false
ping: {}
entryPoints:
websecure:
address: ":443"
web:
address: ":80"
providers:
kubernetesCRD: {}
file:
filename: /etc/traefik/traefik.yml
watch: true
tls:
stores:
default:
defaultCertificate:
certFile: /ssl/tls.pem
keyFile: /ssl/tls.key
options:
default:
minVersion: VersionTLS12
sniStrict: false
certificates:
- certFile: /ssl/tls.pem
keyFile: /ssl/tls.key
我如下更改了入口控制器:
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.0
volumeMounts:
- name: config
mountPath: /etc/traefik/traefik.yml
subPath: traefik.yml
- name: ssl
mountPath: /ssl
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
volumes:
- name: ssl
secret:
secretName: traefik-cert
- name: config
configMap:
name: traefik-conf
进入路线:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pulseingressroutetls
namespace: pulse
spec:
entryPoints:
- websecure
tls:
secretname: traefik-cert
routes:
...
答案 2 :(得分:0)
从NumeroUno接受的解决方案实际上是有效的,但我有几点要点:
certFile: /ssl/tls.pem应该是certFile: /ssl/tls.crt tlssecret,而不是traefik-cert。