[英]How to set up https on kubernetes bare metal using traefik ingress controller
I'm running a kubernetes cluster which consists of three nodes and brilliantly works, but it's time to make my web application secure, so I deployed an ingress controller(traefik). 我正在运行一个由三个节点组成的kubernetes集群,并且运行良好,但是现在是时候确保我的Web应用程序安全了,所以我部署了一个入口控制器(traefik)。 But I was unable to find instructions for setting up https on it.
但是我找不到在其上设置https的说明。 I know most of things I will have to do, like setting up a "secret"(container with certs) etc. but I was wondering how to configure my ingress controller and all files related to it so I would be able to use secure connection
我知道我将要做的大多数事情,例如设置“秘密”(带有证书的容器)等,但是我想知道如何配置我的入口控制器和与其相关的所有文件,以便能够使用安全连接
I have already configured ingress controller and created some frontends and backends. 我已经配置了入口控制器并创建了一些前端和后端。 Also I configured nginx server(It's actually a web application I'm running) to work on 443 port
我还配置了nginx服务器(实际上是我正在运行的Web应用程序)以在443端口上工作
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: nginx
replicas: 3 # tells deployment to run 3 pods matching the template
template: # create pods using pod definition in this template
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: ilchub/my-nginx
ports:
- containerPort: 443
tolerations:
- key: "primary"
operator: Equal
value: "true"
effect: "NoSchedule"
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress
terminationGracePeriodSeconds: 60
containers:
- image: traefik
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
- name: https
containerPort: secure
- name: admin
containerPort: 8080
args:
- --api
- --kubernetes
- --logLevel=INFO
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
rules:
- host: cluster.aws.ctrlok.dev
http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
nodePort: 30036
name: web
- protocol: TCP
port: 443
nodePort: 30035
name: secure
- protocol: TCP
port: 8080
nodePort: 30034
name: admin
type: NodePort
What I want to do is securing my application which is already running. 我要做的是保护已经运行的应用程序。 Final result has to be a webpage running over https
最终结果必须是在https上运行的网页
Actually you have 3 ways to configure Traefik to use https to communicate with backend pods: 实际上,您可以通过3种方式将Traefik配置为使用https与后端Pod通信:
If either of those configuration options exist, then the backend communication protocol is assumed to be TLS, and will connect via TLS automatically. 如果存在任何一个配置选项,则假定后端通信协议为TLS,并将自动通过TLS连接。
Also additional authentication annotations should be added to the Ingress object, like: 另外,还应将其他身份验证注释添加到Ingress对象,例如:
ingress.kubernetes.io/auth-tls-secret: secret
And of course, add a TLS Certificate to the Ingress 当然, 向入口添加TLS证书
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.