内容纲要
HTTP访问
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`tfk.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikServiceHTTPS访问(自动申请证书)
需要修改一下traefik deployment的配置,方法有很多,我比较喜欢 kubectl edit deployment traefik -n kube-system修改deployment的配置。也可以用大佬写的命令,但是原理都是一样的。
大佬命令:
# 设置证书邮箱
MY_ACME_EMAIL=acme@example.org
# 修改部署参数
kubectl patch -n kube-system deployments traefik --type 'json' -p '[
{
"op" : "add",
"path" : "/spec/template/spec/containers/0/args/-",
"value" : "--certificatesresolvers.default.acme.tlschallenge"
},
{
"op" : "add",
"path" : "/spec/template/spec/containers/0/args/-",
"value" : "--certificatesresolvers.default.acme.email=$MY_ACME_EMAIL"
},
{
"op" : "add",
"path" : "/spec/template/spec/containers/0/args/-",
"value" : "--certificatesresolvers.default.acme.storage=/data/acme.json"
}
]'其中的default就是个名字,也可以是别的名字。
改造一下上一段的Ingress
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`tfk.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
tls:
certResolver: defaultHttp自动跳转Https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: http2https
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`tfk.example.com`)
kind: Rule
middlewares:
- name: http2https
services:
- name: api@internal
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-tls
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`tfk.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
tls:
certResolver: default简单的登录验证
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
name: basic-auth
namespace: default
stringData:
username: qianyang
password: "112358"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-basic-auth
namespace: default
spec:
basicAuth:
secret: basic-auth
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: http2https
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`tfk.example.com`)
kind: Rule
middlewares:
- name: http2https
services:
- name: api@internal
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-tls
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`tfk.example.com`)
kind: Rule
middlewares:
- name: traefik-basic-auth
services:
- name: api@internal
kind: TraefikService
tls:
certResolver: default
访问Kubernetes Dashboard
kind: ServersTransport
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: kubernetes-dashboard-transport
namespace: kubernetes-dashboard
spec:
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: board-tls
namespace: kubernetes-dashboard
spec:
entryPoints:
- websecure
routes:
- match: Host(`dashboard.example.com`)
kind: Rule
services:
- name: kubernetes-dashboard
port: 443
serversTransport: kubernetes-dashboard-transport
tls:
certResolver: default