【创建证书】
kubectl create secret generic traefik-cert --from-file=1592339__gogen.cn.pem --from-file=1592339__gogen.cn.key -n kube-system
【创建配置文件】
traefik.toml
defaultEntryPoints = ["http","https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/home/yuyan/manifests/traefik/1592339__gogen.cn.pem" keyFile = "/home/yuyan/manifests/traefik/1592339__gogen.cn.key"
kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system
【编辑traefix主配置文件】
traefik-deployment.yaml
--- apiVersion: v1 kind: ServiceAccount metadata: name: traefik-ingress-controller namespace: kube-system --- kind: Deployment apiVersion: extensions/v1beta1 metadata: name: traefik-ingress-controller namespace: kube-system labels: k8s-app: traefik-ingress-lb spec: replicas: 1 selector: matchLabels: k8s-app: traefik-ingress-lb template: metadata: labels: k8s-app: traefik-ingress-lb name: traefik-ingress-lb spec: serviceAccountName: traefik-ingress-controller terminationGracePeriodSeconds: 60 ## 增加 volumes: - name: cert secret: secretName: traefik-cert - name: config configMap: name: traefik-conf containers: - image: traefik name: traefik-ingress-lb ## 增加 volumeMounts: - mountPath: "/cert" name: "cert" - mountPath: "/config" name: "config" ports: - name: http containerPort: 80 - name: admin containerPort: 8080 ## 增加 - name: https containerPort: 443 args: - --api - --kubernetes - --logLevel=INFO ## 增加 - --configfile=/config/traefik.toml --- kind: Service apiVersion: v1 metadata: name: traefik-ingress-service namespace: kube-system spec: selector: k8s-app: traefik-ingress-lb ports: - protocol: TCP port: 80 name: web - protocol: TCP port: 8080 name: admin ## 增加 - protocol: TCP port: 443 name: https type: NodePort