我在具有Let's Encrypt支持的自我管理的kubernetes集群中安装了traefik 2.2。
到目前为止,一切正常。但是我眼中的入口路由配置仍然很笨拙。仅当我定义两个IntgresRoutes时才有效-一个用于HTTP(带有将中间件重定向到https的HTTP)和一个用于https的。所以我的对象看起来像这样:
# Middleware for Redirect http -> https
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https-redirect
spec:
redirectScheme:
scheme: https
# IngressRoute http for a simple whoami service
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: whoami-notls
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`mydomain.foo.com`)
kind: Rule
services:
- name: whoami
port: 8080
# redirect http to https
middlewares:
- name: https-redirect
# IngresRoute https
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: whoami-tls
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`mydomain.foo.com`)
kind: Rule
services:
- name: whoami
port: 8080
tls:
certResolver: default
有没有更简单的方法来简单地告诉traefik我的服务(正在侦听8080端口)在任何情况下都应重定向到HTTPS。为什么在设置中需要两个单独的ingresRoutes?
在traefik 2.2的announcements中。就像这样:
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: foo
namespace: bar
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.middlewares: redirect-http@kuberntes-crd
spec:
rules:
- host: foo.com
http:
paths:
- path: ""
backend:
serviceName: service1
servicePort: 80
看起来很简单。但这对我不起作用-traefik无法识别此Ingress配置。