traefik 配置https
程序员文章站
2022-07-14 10:27:38
...
创建secrets
自签证书,查看自动生成脚本
# 私钥
openssl genrsa -out rsa_private_key.pem 2048
# 生成公钥
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
openssl req -new -out ca-req.csr -key rsa_private_key.pem
openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey rsa_private_key.pem -days 3650
kubectl create secret tls traefik-cert --key tls.key --cert tls.crt -n kube-system
traefik.toml
apiVersion: v1
data:
traefik.toml: |
insecureSkipVerify = true
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https.redirect]
entryPoint = "http"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/ssl/tls.crt"
keyFile = "/ssl/tls.key"
kind: ConfigMap
metadata:
name: traefik-conf
namespace: kube-system
deploymemt for traefik
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-controller
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
containers:
- args:
- --configfile=/config/traefik.toml
- --api
- --kubernetes
- --logLevel=INFO
image: traefik:v1.7.20
name: traefik-ingress-lb
ports:
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
volumeMounts:
- mountPath: /ssl
name: ssl
- mountPath: /config
name: config
volumes:
- name: ssl
secret:
defaultMode: 420
secretName: traefik-cert
- configMap:
defaultMode: 420
name: traefik-conf
name: config
traefik service
apiVersion: v1
kind: Service
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
ports:
- name: web
nodePort: 80
port: 80
protocol: TCP
targetPort: 80
- name: admin
nodePort: 8080
port: 8080
protocol: TCP
targetPort: 8080
- name: https
nodePort: 443
port: 443
protocol: TCP
targetPort: 443
selector:
k8s-app: traefik-ingress-lb
type: NodePort
推荐阅读