基于kubernetes1.11安装Harbor私有镜像库(三)
简介上一篇说明了如何配置运行traefik服务,本篇将会说明如何让traefik支持https请求的转发。配置traefik-HTTPS用ssl证书创建secret这里忽略关于如何创建ssl证书的过程,你可以创建新的或使用已有的ssl证书。假设现在已经有ssl.crt,ssl.key文件,并保存在host目录/etc/k8s/ssl/下。k8s中创建一个secret资源,[root...
·
简介
上一篇说明了如何配置运行traefik服务,本篇将会说明如何让traefik支持https请求的转发。
配置traefik-HTTPS
- 用ssl证书创建secret
这里忽略关于如何创建ssl证书的过程,你可以创建新的或使用已有的ssl证书。假设现在已经有ssl.crt,ssl.key文件,并保存在host目录/etc/k8s/ssl/下。
k8s中创建一个secret资源,
[root@kubemaster ssl]kubectl create secret generic traefik-cert --from-file=ssl.crt --from-file=ssl.key -n kube-system
secret "traefik-cert" created
- 创建configmap用于保存traefik的配置
参考traefik/traefik.toml, 创建一个配置文件,放在/etc/k8s/conf/目录下,其内容如下:
[root@kubemaster ssl]cat /etc/k8s/conf/traefik.toml
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/k8s/ssl/ssl.crt"
keyFile = "/etc/k8s/ssl/ssl.key"
创建configmap:
[root@kubemaster conf]# kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system
configmap "traefik-conf" created
- 更新traefik服务
我们现在来更新traefik-deployment.yaml文件(建议把原来的文件重命名备份一下),用以支持https转发, 修改后内容如下:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
hostNetwork: true
volumes:
- name: ssl
secret:
secretName: traefik-cert
- name: config
configMap:
name: traefik-conf
containers:
- image: traefik
name: traefik-ingress-lb
volumeMounts:
- mountPath: "/etc/k8s/ssl/"
name: "ssl"
- mountPath: "/etc/k8s/conf/"
name: "config"
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: admin
containerPort: 8080
args:
- --configFile=/etc/k8s/conf/traefik.toml
- --api
- --kubernetes
- --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 443
name: https
- protocol: TCP
port: 8080
name: admin
type: NodePort
更新service相关:
[root@kubemaster k8s]# kubectl apply -f traefik-deployment.yaml
serviceaccount "traefik-ingress-controller" unchanged
daemonset.extensions "traefik-ingress-controller" configured
service "traefik-ingress-service" configured
- 查看ui变化
可以看到此时entry points已支持http/https协议访问。
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献1条内容
所有评论(0)