让我们用头盔加密Traefik
我正在尝试将Traefik作为自我安装的Kubernetes集群的入口控制器安装.为了方便起见,我尝试安装 Traefik头盔图,此方法可以正常工作出色,没有顶峰部分;现在是我的变量yml:
I am trying to install Traefik as an Ingress Controller for my self-installed Kubernetes cluster. For convenience I try to install the helm chart of Traefik and this works excellent without the acme part; this is my variables yml now:
externalIP: xxx.xxx.xx.xxx
dashboard:
enabled: true
domain: traefik-ui.example.com
ssl:
enabled: true
enforced: true
acme:
enabled: true
challengeType: http-01
email: example@gmail.com
staging: true
persistence.enabled: true
logging: true
已安装:
helm install --name traefik --namespace kube-traefik --values traefik-variables.yml stable/traefik
但是使用helm status traefik,我可以看到名为traefik-acme的v1/PersistentVolumeClaim保持待处理状态,并且从未分配证书.
But with helm status traefik I can see the v1/PersistentVolumeClaim named traefik-acme stays pending and the certificate is never assigned.
强烈建议您使用 cert-manager ,而不是至少在当前时间,而不是Traefik中的内置ACME支持.处理您可能想要的多个Traefik副本要好得多. Ingress-shim(这是cert-manager的默认部分)将很好地处理Traefik支持的Ingress.
It is highly recommended you use cert-manager instead of the built-in ACME support in Traefik, at least at this time. It is much better at dealing with multiple copies of Traefik, which you probably want. Ingress-shim (which is a default part of cert-manager) will handle Traefik-backed Ingresses just fine.