前端之家

  1. 首页
  2. 问答

为什么Traefik 2.2和“让我们加密”不支持新的注释?

问答

我在具有Let's Encrypt支持的自我管理的kubernetes集群中安装了traefik 2.2。

到目前为止,一切正常。但是我眼中的入口路由配置仍然很笨拙。仅当我定义两个IntgresRoutes时才有效-一个用于HTTP(带有将中间件重定向到https的HTTP)和一个用于https的。所以我的对象看起来像这样:

# Middleware for Redirect http -> https
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https-redirect
spec:
  redirectScheme:
    scheme: https


# IngressRoute http for a simple whoami service
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: whoami-notls
  namespace: default

spec:
  entryPoints: 
    - web
  routes:
  - match: Host(`mydomain.foo.com`) 
    kind: Rule
    services:
    - name: whoami
      port: 8080
    # redirect http to https
    middlewares: 
    - name: https-redirect

# IngresRoute https
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: whoami-tls
  namespace: default
spec:
  entryPoints: 
    - websecure
  routes:
  - match: Host(`mydomain.foo.com`) 
    kind: Rule
    services:
    - name: whoami
      port: 8080
  tls:
    certResolver: default

有没有更简单的方法来简单地告诉traefik我的服务(正在侦听8080端口)在任何情况下都应重定向到HTTPS。为什么在设置中需要两个单独的ingresRoutes?

在traefik 2.2的announcements中。就像这样:

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: foo
  namespace: bar
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    traefik.ingress.kubernetes.io/router.middlewares: redirect-http@kuberntes-crd
spec:
  rules:
  - host: foo.com
    http:
      paths:
      - path: ""
        backend:
          serviceName: service1
          servicePort: 80

看起来很简单。但这对我不起作用-traefik无法识别此Ingress配置。

dgdfy6777 回答:为什么Traefik 2.2和“让我们加密”不支持新的注释?

this discussion中的Traefik.io团队的帮助下,我现在解决了这个问题:

要在Ingress中使用traefik批注,请确保在部署对象中添加了“ kubernetesingress”提供程序:

...
spec:
  containers:
  - args:
    - --api
    ....
    - --providers.kubernetescrd=true
    - --providers.kubernetesingress=true
....

对于从HTTP到HTTPS的全局重定向,您还可以在traefik部署对象中进行配置:

# permanent redirecting of all requests on http (80) to https (443)
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.websecure.http.tls.certResolver=default

现在,您可以轻松地配置入口:

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: myingress
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
spec:
  rules:
  - host: example.foo.com
    http:
      paths:
      - path: /
        backend:
          serviceName: whoami
          servicePort: 80

另请参阅我的最新Blog post

traefiktraefik-ingress
本文链接:https://www.f2er.com/2514574.html

大家都在问