kubernetes配置traefik ingress https访问接口

原创

蓝色_风暴 2019-01-22 11:40:42 博主文章分类：Docker ©著作权

文章标签 traefik ingress kubernetes https k8s 文章分类 运维

©著作权归作者所有：来自51CTO博客作者蓝色_风暴的原创作品，请联系作者获取转载授权，否则将追究法律责任

【创建配置文件】

traefik.toml

defaultEntryPoints = ["http","https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "/home/yuyan/manifests/traefik/1592339__gogen.cn.pem"    ##证书所在路径
      keyFile = "/home/yuyan/manifests/traefik/1592339__gogen.cn.key"    ##证书key所在路径

kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system

【编辑traefix主配置文件】

traefik-deployment.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      volumes:    ##增加
      - name: config
        configMap:
          name: traefik-conf
      containers:
      - image: traefik
        name: traefik-ingress-lb
        volumeMounts:    ##增加
        - mountPath: "/config"
          name: "config"
        ports:
        - name: http
          containerPort: 80
        - name: admin
          containerPort: 8080
        - name: https    ##增加
          containerPort: 443
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
        - --configfile=/config/traefik.toml    ##增加
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    # - protocol: TCP
    #   port: 8080
    #   name: admin
    - protocol: TCP    ##增加
      port: 443
      name: https
  type: LoadBalancer    ##默认为NodePort，我这里使用阿里云所以更改为LoadBalancer

【创建证书】

kubectl create secret generic gogen.cn --from-file=1592339__gogen.cn.pem --from-file=1592339__gogen.cn.key -n kube-system

【创建traefik ui ingress】

---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  tls:    ##增加
   - hosts:
     - traefik.gogen.cn
     secretName: gogen.cn
  rules:
  - host: traefik.gogen.cn    ##更改为自己指定域名
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui
          servicePort: web