如何从 Traefik 配置中创建 Traefik IngressRoute?
[英]How to create Traefik IngressRoute out of Traefik configuration?
问题描述
I want to deploy Zitadel in my Kube.netes Cluster, but I'm struggling to get the Traefik IngressRoute right to work with Zitadel.
我想在我的 Kube.netes 集群中部署 Zitadel,但我正在努力让 Traefik IngressRoute 正确地与 Zitadel 一起工作。 It's a problem with http2 and Grpc forwarding, but I can't figure out which options are needed.是http2和grpc转发的问题,但我想不通需要哪些选项。
I created a zitadel helm deployment with these options:我使用这些选项创建了一个 zitadel helm 部署:
replicaCount: 1
zitadel:
masterkey: "changeM3"
configmapConfig:
ExternalPort: 443
ExternalDomain: 'id.example.com'
ExternalSecure: true
TLS:
Enabled: false
secretConfig:
Database:
cockroach:
User:
Password: "cockroach-password"
cockroachdb:
singel-node: true
statefulset:
replicas: 1
For Reverse Proxy configuration, the zitadel docs have configurations for traefik, but only for a static configuration file and not for kube.netes configuration:对于反向代理配置, zitadel 文档有针对 traefik 的配置,但仅针对 static 配置文件,而不针对 kube.netes 配置:
entrypoints:
web:
address: ":80"
websecure:
address: ":443"
tls:
stores:
default:
defaultCertificate:
providers:
file:
filename: /etc/traefik/traefik.yaml
http:
middlewares:
zitadel:
headers:
isDevelopment: false
allowedHosts:
- 'localhost'
redirect-to-https:
redirectScheme:
scheme: https
port: 443
permanent: true
routers:
router0:
entryPoints:
- web
middlewares:
- redirect-to-https
rule: 'HostRegexp(`localhost`, `{subdomain:[a-z]+}.localhost`)'
service: zitadel
router1:
entryPoints:
- websecure
service: zitadel
middlewares:
- zitadel
rule: 'HostRegexp(`localhost`, `{subdomain:[a-z]+}.localhost`)'
tls:
domains:
- main: "localhost"
sans:
- "*.localhost"
- "localhost"
services:
zitadel:
loadBalancer:
servers:
- url: h2c://localhost:8080
passHostHeader: true
I tried to convert this configuration to IngressRoute, but the dashboard is only loading the site's skeleton and giving an Unknown Content-type received Error like described in this github issue .我尝试将此配置转换为 IngressRoute,但仪表板仅加载站点的框架并给出一个Unknown Content-type received错误,如github 问题中所述。
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: zitadel
namespace: apps
spec:
entryPoints:
- websecure
routes:
- match: Host(`id.example.com`)
kind: Rule
services:
- name: zitadel
namespace: apps
port: 8080
scheme: h2c
passHostHeader: true
- match: Host(`id.example.com`)
kind: Rule
services:
- name: zitadel
namespace: apps
port: 8080
scheme: http
passHostHeader: true
tls:
certResolver: letsencrypt-prod
domains:
- main: id.example.com
Am I missing something in my IngressRoute that causes that error?我是否在 IngressRoute 中遗漏了导致该错误的内容?
1 个解决方案
解决方案1
0 已采纳 2023-01-16 18:17:00
the problem were the two rules of the Ingressroute overlapping.问题是 Ingressroute 的两条规则重叠。 Removing the second route solves the problem:删除第二条路线解决了问题:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: zitadel
namespace: apps
spec:
entryPoints:
- websecure
routes:
- match: Host(`id.example.com`)
kind: Rule
services:
- name: zitadel
namespace: apps
port: 8080
scheme: h2c
passHostHeader: true
tls:
certResolver: letsencrypt-prod
domains:
- main: id.example.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.