前端之家

  1. 首页
  2. 问答

对于k3s中的Traefik Ingress Controller,请禁用TLS验证

问答

我使用的是k3s的默认安装(版本v1.17.0 + k3s.1),并验证了它在我的Raspberry Pi群集上可以正常工作。

使用推荐的说明(https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/安装kubernetes-dashboard之后,在使用基于k3s traefik的负载均衡器将它暴露在集群外部之后,我确认了此工作。

但是,当我尝试使用traefik入口控制器公开它时,我无法连接到kubernetes仪表板,浏览器显示了HTTP 500错误,即内部服务器错误。以下是我的入口Yaml和kubernetes-dashboard pod日志,显示TLS证书错误。我相信证书错误是由于traefik不了解(并信任)kubernetes仪表板使用的TLS证书。

a。 k8s-dashboard-Ingress 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  rules:
    - host: k8s-services
      http:
        paths:
          - path: /k8s-dashboard
            backend:
              serviceName: kubernetes-dashboard
              servicePort: 443

注意。域“ k8s-services”域是在我的pi群集计算机和浏览计算机主机文件中定义的。

b。 Kubernetes仪表板pod日志

...
2020/01/18 06:04:19 Auto-generating certificates
2020/01/18 06:04:19 Metric client health check failed: the server is currently unable to handle the request (get services dashboard-metrics-scraper). retrying in 30 seconds.
2020/01/18 06:04:19 Successfully created certificates
2020/01/18 06:04:19 Serving securely on HTTPS port: 8443
2020/01/18 06:04:49 Successful request to sidecar
2020/01/18 06:23:28 http: TLS handshake error from 10.42.0.113:52698: remote error: tls: bad certificate
2020/01/18 06:24:33 http: TLS handshake error from 10.42.0.113:52886: remote error: tls: bad certificate
2020/01/18 06:24:41 http: TLS handshake error from 10.42.0.113:52908: remote error: tls: bad certificate
2020/01/18 06:24:47 http: TLS handshake error from 10.42.0.113:52926: remote error: tls: bad certificate
2020/01/18 06:24:53 http: TLS handshake error from 10.42.0.113:52948: remote error: tls: bad certificate
2020/01/18 06:25:37 http: TLS handshake error from 10.42.0.113:53076: remote error: tls: bad certificate
2020/01/18 06:25:41 http: TLS handshake error from 10.42.0.113:53090: remote error: tls: bad certificate
2020/01/18 06:25:44 http: TLS handshake error from 10.42.0.113:53102: remote error: tls: bad certificate
2020/01/18 06:31:22 http: TLS handshake error from 10.42.0.113:54144: remote error: tls: bad certificate
2020/01/18 06:31:29 http: TLS handshake error from 10.42.0.113:54158: remote error: tls: bad certificate
...

我的问题似乎与以下堆栈溢出问题非常相似: Kubernetes dashboard through Ingress

我第一次尝试解决此问题的方法是将“ ssl.insecureSkipVerify:'true'”添加到k3s中的traefik.toml文件中。不幸的是,我找不到全局的traefik.toml文件(并且traefik似乎是使用Helm Chart安装的)。

请让我知道在traefik或其他替代解决方案中更新“ ssl.insecureSkipVerify”设置的方法。

sanfeng1274041 回答:对于k3s中的Traefik Ingress Controller,请禁用TLS验证
暂时没有好的解决方案,如果你有好的解决方案,请发邮件至:iooj@foxmail.com
k3skubernetes-dashboardtraefik-ingress
本文链接:https://www.f2er.com/2748746.html

大家都在问