文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Traefik Kubernetes (k3s):使用https公开非Kubernetes服务

Traefik Kubernetes (k3s):使用https公开非Kubernetes服务
EN

Stack Overflow用户
提问于 2022-02-21 17:46:05
回答 1查看 226关注 0票数 0

我有两组与这个问题有关的问题。

  • k3s-0 10.12.9.113
  • k3s-2 10.12.9.115

这两个集群都在运行traefik 2.4.8。

我的内部域k3s.lan指向k3s-0。(我的DNS服务器是pihole)

k3s-0中,我有以下功能非常好地工作。

代码语言:javascript
复制
---      
kind: Service
apiVersion: v1
metadata:
  name: k2-service
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    name: http
---
kind: Endpoints
apiVersion: v1
metadata:
  name: k2-service
subsets:
  - addresses:
    - ip: 10.12.9.115
    ports:
    - protocol: TCP
      port: 80
      name: http
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nginx2
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`k2.k3s.lan`)
      kind: Rule
      services:
        - name: k2-service
          port: 80

当我输入http://k2.k3s.lan时,我看到了我的nginx登陆页面。

现在我想使用https而不是http访问同一个登陆页面。我试过以下几种方法,但不起作用。

代码语言:javascript
复制
kind: Service
apiVersion: v1
metadata:
  name: k2-service-sec
spec:
  ports:
  - protocol: TCP
    port: 443
    targetPort: 80
    name: https
---
kind: Endpoints
apiVersion: v1
metadata:
  name: k2-service-sec
subsets:
  - addresses:
    - ip: 10.12.9.115
    ports:
    - protocol: TCP
      port: 80
      name: https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nginx2-sec
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`k2sec.k3s.lan`)
      kind: Rule
      services:
        - name: k2-service-sec
          port: 443

当我输入https://k2sec.k3s.lan时,我会得到一个Internal Server Error

作为参考,以下是k3s-2中ingressroute/service的设置。我在这里所做的唯一改变就是在路由中托管k2sec.k3s.lan

代码语言:javascript
复制
apiVersion: v1
kind: Service
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nginx
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`k2.k3s.lan`,`k2sec.k3s.lan`)
      kind: Rule
      services:
        - name: nginx
          port: 80
kubernetes
traefik
traefik-ingress
EN

回答 1

Stack Overflow用户

发布于 2022-02-21 19:15:43

我想我解决了我自己的问题,多亏了

至少现在起作用了。作为一个真正的初学者,这一切都让人觉得很神奇。

以下是k3s-0中更新的清单。

主要变化:

  • 添加了一个middleware,以将http重定向到https
  • middleware引用到web IngressRoute
  • 添加了一个ServersTransport以将insecureSkipVerify标志设置为true
  • 引用了ServersTransport中的websecure IngressRoute
  • scheme添加到httpswebsecure IngressRoute中。没有它我就没试过。可能没必要
代码语言:javascript
复制
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirectscheme
spec:
  redirectScheme:
    scheme: https
    permanent: true   
---
kind: Service
apiVersion: v1
metadata:
  name: k2-service
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    name: http
---
kind: Endpoints
apiVersion: v1
metadata:
  name: k2-service
subsets:
  - addresses:
    - ip: 10.12.9.115
    ports:
    - protocol: TCP
      port: 80
      name: http
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: k2-service
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`k2.k3s.lan`)
      kind: Rule
      services:
        - name: k2-service
          port: 80
      middlewares:
        - name: redirectscheme      
---
kind: Service
apiVersion: v1
metadata:
  name: k2-service-sec
spec:
  ports:
  - protocol: TCP
    port: 443
    targetPort: 443
    name: https
---
kind: Endpoints
apiVersion: v1
metadata:
  name: k2-service-sec
subsets:
  - addresses:
    - ip: 10.12.9.115
    ports:
    - protocol: TCP
      port: 443
      name: https
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: traefik-servers-transport
spec:
  serverName: "test"
  insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: k2-service-sec
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`k2.k3s.lan`)
      kind: Rule
      services:
        - name: k2-service-sec
          port: 443                
          scheme: https
          serversTransport: traefik-servers-transport

我还在k3s-2中更改了IngressRoute。

  • 添加了一个middleware,以将http重定向到https
  • middleware引用到web IngressRoute
  • 创建一个新的websecure IngressRoute

下面是:

代码语言:javascript
复制
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
 name: redirectscheme
spec:
 redirectScheme:
   scheme: https
   permanent: true  
--- 
apiVersion: v1
kind: Service
metadata:
 labels:
   run: nginx
 name: nginx
spec:
 ports:
 - port: 80
   protocol: TCP
   targetPort: 80
 selector:
   run: nginx
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
 name: nginx
spec:
 entryPoints:
   - web
 routes:
   - match: Host(`k2.k3s.lan`)
     kind: Rule
     services:
       - name: nginx
         port: 80
     middlewares:
       - name: redirectscheme
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
 name: nginx-sec
spec:
 entryPoints:
   - websecure
 routes:
   - match: Host(`k2.k3s.lan`)
     kind: Rule
     services:
       - name: nginx
         port: 80
票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/71210782

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档