Traefik 使用https 认证

1.创建一个secret,保存https证书

# ll
total 12
ingageapp.com.crt  ingageapp.com.key
kubectl create secret generic traefik-cert --from-file=ingageapp.com.key --from-file=ingageapp.com.crt -n kube-system
secret "traefik-cert" created

2.创建一个configmap,保存traefix的配置。
这里的traefix中配置了把所有http请求全部rewrite为https的规则,并配置相应的证书位置

[root@node2 traefik]# cat traefik.toml 
defaultEntryPoints = ["http","https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      CertFile = "/ssl/ingageapp.com.crt"
      KeyFile = "/ssl/ingageapp.com.key"
      [[entryPoints.https.tls.certificates]]
      CertFile = "/ssl/xiaoshouyi.com.crt"
      KeyFile = "/ssl/xiaoshouyi.com.key"
# kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system

3.重新部署Traefix,这里主要是要关联创建的secret和configMap,并挂载相对应的主机目录。

kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      volumes:
      - name: ssl
        secret:
          secretName: traefik-cert
      - name: config
        configMap:
          name: traefik-conf
      imagePullSecrets:
        - name: aws
      containers:
      - image: 279437341690.dkr.ecr.cn-north-1.amazonaws.com.cn/traefik
        name: traefik-ingress-lb
        volumeMounts:
        - mountPath: "/ssl"
          name: "ssl"
        - mountPath: "/config"
          name: "config"
        ports:
        - containerPort: 80
        - containerPort: 443
        - containerPort: 8080
        args:
        - --configfile=/config/traefik.toml
        - --web
        - --kubernetes
---
kind: Service
apiVersion: v1
metadata:
  name: traefik
  namespace: kube-system
spec:
  type: NodePort
  ports:
  - protocol: TCP
    port: 80
    name: http
    nodePort: 80
  - protocol: TCP
    port: 443
    name: https
    nodePort: 443
  - protocol: TCP
    port: 8080
    name: admin
  selector:
    k8s-app: traefik-ingress-lb
未经允许不得转载:99ya » Traefik 使用https 认证