小贝子编程

为什么 Traefik 2.2 & Let's Encrypt 不支持新的注释?



我在自己管理的kubernetes集群中安装了traefik 2.2,并支持Let's Encrypt。

到目前为止一切正常。但在我看来,入口路由的配置仍然很笨拙。只有当我定义了两个IntgresRoutes时,它才有效——一个用于HTTP,带有重定向到https的中间件,另一个用于https。所以我的对象看起来是这样的:

# Middleware for Redirect http -> https
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https-redirect
spec:
redirectScheme:
scheme: https

# IngressRoute http for a simple whoami service
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: whoami-notls
namespace: default
spec:
entryPoints: 
- web
routes:
- match: Host(`mydomain.foo.com`) 
kind: Rule
services:
- name: whoami
port: 8080
# redirect http to https
middlewares: 
- name: https-redirect
# IngresRoute https
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: whoami-tls
namespace: default
spec:
entryPoints: 
- websecure
routes:
- match: Host(`mydomain.foo.com`) 
kind: Rule
services:
- name: whoami
port: 8080
tls:
certResolver: default

有没有一种更简单的方法可以简单地告诉traefik,在任何情况下,我的服务(正在8080端口上侦听(都应该重定向到HTTPS。为什么我的设置中需要两个独立的ingresRoutes?

在traefik 2.2。有这样的东西:

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: foo
namespace: bar
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.ingress.kubernetes.io/router.middlewares: redirect-http@kuberntes-crd
spec:
rules:
- host: foo.com
http:
paths:
- path: ""
backend:
serviceName: service1
servicePort: 80

它看起来很简单。但这对我来说不起作用——traefik没有认识到这种Ingress配置。

在Traefik.io团队的帮助下,我现在解决了这个问题:

要在Ingress中使用traefik注释,请确保在部署对象中添加了"kubernetesingress"提供程序:

...
spec:
containers:
- args:
- --api
....
- --providers.kubernetescrd=true
- --providers.kubernetesingress=true
....

对于从HTTP到HTTPS的全局重定向,您也可以在traefik deplyment对象中配置它:

# permanent redirecting of all requests on http (80) to https (443)
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.websecure.http.tls.certResolver=default

现在,您可以用一种简单的方式配置入口:

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
spec:
rules:
- host: example.foo.com
http:
paths:
- path: /
backend:
serviceName: whoami
servicePort: 80

另请参阅我最近的博客文章。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium