主页 / server / 问题 / 1168604
Accepted
Malkavian
Asked: 2024-12-07 00:48:01 +0800 CST

在 kubernetes 中使用 Traefik SSL Letsencrypt 保护应用程序

  • 772

我刚刚开始学习 kubernetes。我在 digital-ocean 上创建了一个帐户并启动了一个 kubernetes 集群。然后我尝试按照这篇文章https://www.digitalocean.com/community/tutorials/how-to-secure-your-site-in-kubernetes-with-cert-manager-traefik-and-let-s-encrypt进行操作。但我对它的工作原理有一些疑问。现在我的情况是这样的:

kubectl get pods,services,deployments
NAME                                   
pod/app-frontend      
pod/app-backend       
pod/cm-acme-http-solver-qh8ms          
pod/company-service    
pod/edge-service      
pod/location-service  
pod/traefik           
pod/traefik-deployment 
pod/user-service      

NAME                                TYPE           EXTERNAL-IP       PORT(S)                   
service/app-frontend                LoadBalancer   app-ext-ip        3000:32459/TCP            
service/app-backend                 ClusterIP      <none>            5432/TCP                  
service/cm-acme-http-solver-fcgpr   NodePort       <none>            8089:30577/TCP            
service/company-service             ClusterIP      <none>            9003/TCP                  
service/edge-service                ClusterIP      <none>            9000/TCP                  
service/kubernetes                  ClusterIP      <none>            443/TCP                   
service/location-service            ClusterIP      <none>            9002/TCP                  
service/traefik                     LoadBalancer   traefik-ext-ip    80:32591/TCP,443:30716/TCP
service/traefik-dashboard-service   LoadBalancer   tr-dash-ext-ip    8080:31431/TCP            
service/traefik-web-service         LoadBalancer   tr-ws-ext-ip      80:31211/TCP              
service/user-service                ClusterIP      <none>            9001/TCP                  

NAME                              
deployment.apps/app-frontend     
deployment.apps/app-backend     
deployment.apps/company-service   
deployment.apps/edge-service      
deployment.apps/location-service  
deployment.apps/traefik           
deployment.apps/traefik-deployment
deployment.apps/user-service

因此,我让 Traefik 工作,但没有充当代理;应用程序前端工作,但没有在 https 中工作;由 letsencrypt 颁发的证书没有在任何地方使用。例如

kubectl get issuer -o wide
NAME             READY   STATUS 
challenge-http   True    The ACME account was registered with the ACME server
kubectl get certificateRequest -o wide
NAME                          APPROVED   DENIED   READY   ISSUER           REQUESTOR                                         STATUS                                                                                                 AGE
    tls-app-ingress   True                False   challenge-http   system:serviceaccount:cert-manager:cert-manager   Waiting on certificate issuance from order default/tls-app-ingress-http: "pending"
kubectl get certificates
NAME                    READY   SECRET                  AGE
tls-app-ingress-http   False   tls-area-ingress-http   166m

当然,由于我从头开始学习,所以一切都在默认环境中。我该如何告诉 kubernetes 使用 Traefik 作为代理并通过 https 到达应用程序前端?如果你回答我一些文档供我阅读,我不会生气,只要给我指明正确的方向就行了。

kubernetes

1 个回答

  1. Best Answer

    首先我建议阅读这三篇文章:

    https://medium.com/@faturrahmanmakruf/configure-https-in-traefik-with-cert-manager-and-lets-encrypt-db60960e2283

    https://traefik.io/blog/secure-web-applications-with-traefik-proxy-cert-manager-and-lets-encrypt/

    https://doc.traefik.io/traefik/user-guides/cert-manager/

    步骤如下:

    1. 安装 traefik
    2. 安装证书管理器
    3. 通过 http 质询发出证书请求,不要忘记编辑公共 DNS 记录
    4. 使用 traefik 中间件配置并将 http 重定向到 https,然后配置入口路由以使用该中间件。
    • 0

相关问题