堆栈内存溢出
  简体   繁体   English

每个 Kubernetes Traefik 入口路由的 mTLS (clientAuth)

[英]mTLS (clientAuth) per Kubernetes Traefik Ingress Route

 原文  2022-06-29 19:11:18       kubernetes/ kubernetes-ingress/ traefik/ mtls

问题描述

I have multiple services with working ingress routes using traefik 2.6我有多个使用 traefik 2.6 的工作入口路由服务

All ingress routes work as expected using annotations and I get no errors showing when applying the configuration with args regarding file provider to "dynamic.yml" After checking in the pod itself, traefik is running with the correct arguments and that the dynamic.conf file and cert.pem are mounted correctly.所有入口路由都使用注释按预期工作,并且在将有关文件提供程序的 args 配置应用到“dynamic.yml”时,我没有显示任何错误检查 pod 本身后,traefik 正在使用正确的参数运行,并且 dynamic.conf 文件和 cert.pem 安装正确。

#dynamic.yml
tls:
  options:
    default:
      clientAuth:
        caFiles:
          - /opt/traefik/cert.pem
        clientAuthType: RequireAndVerifyClientCert

The configurations above applies the tls options to all ingress routes.上面的配置将 tls 选项应用于所有入口路由。

When applying the following ingress annotations for the service, clients do not get prompted for certs:为服务应用以下入口注释时,不会提示客户端输入证书:

Changing the configuration to the following:将配置更改为以下内容:

#dynamic.yml
tls:
  options:
    mtls:
      clientAuth:
        caFiles:
          - /opt/traefik/cert.pem
        clientAuthType: RequireAndVerifyClientCert

...
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/tls.options: mtls
...

The ingress routes function, however, clients are able to view the site without certificate authentication on the specific ingress route with tls.option "mtls".入口路由功能,但是,客户端可以使用 tls.option "mtls" 在特定入口路由上查看无需证书身份验证的站点。

1 个解决方案

解决方案1
 0  2022-06-29 20:07:05

在这里找到答案: https ://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/#annotations

traefik.ingress.kubernetes.io/router.tls.options: foobar@file

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Traefik在Kubernetes Ingress上为每个规则添加自定义标头 - Add a custom header per rule on Kubernetes Ingress with Traefik "Kubernetes Ingress 不适用于 Traefik 和 TLS" - Kubernetes Ingress not working with Traefik and TLS 如何为 kube.netes 中的特定 traefik 入口禁用 tls? - How to disable tls for specific traefik ingress in kubernetes? 用于Kubernetes(AWS EKS)的Traefik入口控制器 - Traefik Ingress Controller for Kubernetes (AWS EKS) Traefik Ingress(Kubernetes)没有收到letsencrypt证书 - Traefik Ingress (Kubernetes) not receiving letsencrypt certificates 在GCP上将Traefik设置为Kubernetes入口 - Setting up Traefik as Kubernetes Ingress on GCP 本地主机的 Kube.netes Traefik 入口规则 - Kubernetes Traefik ingress rule for local host Kubernetes Traefik Ingress收到错误的网关错误 - Kubernetes Traefik Ingress getting a bad gateway error 使用 Kubernetes / Traefik Ingress 在本地域上启用 https - enable https on local domain with Kubernetes / Traefik Ingress 如何删除 nodePort Kubernetes - Traefik 入口 controller - How to remove nodePort Kubernetes - Traefik ingress controller
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM