我已经使用 let'sencrypt ACME 配置了 Traefik(helm chart),但我没有收到任何证书。 Traefik Ingress 在端口 80 和 443 上暴露给互联网。
traefik.toml
logLevel = "INFO"
InsecureSkipVerify = true
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
[kubernetes]
[acme]
email = "email@email.com"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[web]
address = ":8080"
Ingress 使用 Traefik 作为 IngressClass
{
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "domain",
"namespace": "reverse-proxy",
"selfLink": "/apis/extensions/v1beta1/namespaces/reverse-proxy/ingresses/domain",
"uid": "550cdedc-ba77-11e8-8657-00155d00021a",
"resourceVersion": "6393921",
"generation": 5,
"creationTimestamp": "2018-09-17T12:43:52Z",
"annotations": {
"ingress.kubernetes.io/ssl-redirect": "true",
"kubernetes.io/ingress.class": "traefik"
}
},
"spec": {
"tls": [
{
"hosts": [
"domain.com"
],
"secretName": "cert" // without is also not working
}
],
"rules": [
{
"host": "domain.com",
"http": {
"paths": [
{
"backend": {
"serviceName": "domain",
"servicePort": 443
}
}
]
}
},
{
"host": "www.domain.com",
"http": {
"paths": [
{
"backend": {
"serviceName": "www-domain",
"servicePort": 443
}
}
]
}
}
]
},
"status": {
"loadBalancer": {}
}
}
我尝试同时使用 http-01 和 tls-sni-01 质询。 dns-01 不是选项,因为我的 DNS 提供商没有 API。
最佳答案
您如何将 letsencrypt 配置注入(inject)您的 traefik Ingress 服务/守护进程?
Traefik 没有在 Kubernetes Ingress 文档中正式提供 letsencrypt。但这是一个 good guide .寻找“外部 Traefik 入口 Controller ”,您需要一个 kv 后端来存储您的证书。
你也可以试试cert-manager与 Traefik 配合使用。
关于kubernetes - Traefik Ingress (Kubernetes) 没有收到 letsencrypt 证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52373805/