treaffic ingress https

幕后煮屎
167 阅读2分钟

创建https的secret可以用下面三种方式:

  1. kubectl create secret generic
kubectl create secret generic ztzd-superset-secret --from-file=ztzd-superset.lenovo.com.csr --from-file=ztzd-superset.lenovo.com.key -n stage

该方法报错:

[root@master tmp]# kubectl logs -f pod/traefik-7cd4fcff68-gtfgd -n kube-system
time="2022-11-28T10:16:07Z" level=error msg="Error configuring TLS: secret stage/ztzd-secret-v4 is missing the following TLS data entries: tls.crt, tls.key" namespace=stage providerName=ku
bernetes ingress=client-h5-ingress
  1. kubectl create secret tls
    亲测好使
[root@master tmp]# kubectl create secret tls ztzd-secret-v3 --cert=/home/opsai/tmp/ztzd.lenovo.com.cer  --key=/home/opsai/tmp/ztzd.lenovo.com.key -n stage
secret/ztzd-secret-v3 created
[root@master tmp]# vim ingress.yaml 
[root@master tmp]# kubectl apply -f ingress.yaml 
ingress.networking.k8s.io/client-h5-ingress configured
  1. 声明式
    这种方式,不好用,原因未知:
apiVersion: v1
kind: Secret
metadata:
    name: ztzd-secret
type: kubernetes.io/tls
data:
  tls.crt: |
    MIIC2jCCAcICAQAwgZQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAw
    DgYDVQQHDAdCZWlqaW5nMQ8wDQYDVQQKDAZMZW5vdm8xETAPBgNVBAsMCElERy9Q
    Q1NEMRgwFgYDVQQDDA96dHpkLmxlbm92by5jb20xIzAhBgkqhkiG9w0BCQEWFHpo
    YW5neGg0M0BsZW5vdm8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
    AQEAn7kit9HhajFdm3N2xFgI04sFBn19PUPF+6V0RSZ0rtkOy+ieMlIbkPN/TadM
    D7SedCQMDN7Gg7zQkZNvh8M86EWPFmxSvl2ONEYiUaZ7IDAGQMgejo5hUrnsrp3K
    sfBy/gjPjPkuVhMdOigWT1FKMpcwB/q7sqpC62+KQKYpFQ6mkNNe5yRTCmPfUsfa
    9zcq/921QOdYncqT6IwaZZmYh2TymIzchyz5pl+Gv9Hg99TZW95UN2GKbre/a9zA
    2toMrXcmJQTN5OtutZgsrBTGyABFz8kcZg1U1mmQ/leON/IH+1hi+qgVZ8fitRxa
    /ACeznYuXIm3Oj/xXB54A3iCnCQwjfUYcRKKYE7HHhGtqebzL/Wx1mOHt4+WvhFo
    9UpaYQGi5+5SxfnvVuA93EWXkjCf56vfiGNvMqrjTCSy9qpeihih2l0Pbh+mydav
    kHj7PVxaUX0utzZ+CWA=
  tls.key: |
    MIIEowIBAAKCAQEAn7kit9HhajFdm3N2xFgI04sFBn19PUPF+6V0RSZ0rtkOy+ie
    MlIbkPN/TadMD7SedCQMDN7Gg7zQkZNvh8M86EWPFmxSvl2ONEYiUaZ7IDAGQMge
    jo5hUrnsrp3KwvWptR/0He/sLdt3xNRodtqPHN7oiG41SNvivkr/bqNk7mDLAD0o
    oGtn4y6SQWIf1/US7uH27Y/JprnjwS3JQ0IBg74H5AShC13bJ2782PTIqMjPtinK
    8l//Gvkc1teUMJ7JyMPqc4UJzSAB4D7ABz+Bh8kFhlhSepg+S2cUYgRP4A76AUFo
    j1UGorGsPanar5MyGGKFsGyX/aoGNPTgB1p/yQIDAQABAoIBAC6bo5noUNLgHOSj
    yOB6n/i69Hh0Xftmr3tDSK51Dk+HX135P1CHzSt7IobSbsuWdTaG3k1TJLKEgog4
    ca84NanBwoNUkMCkJD70yEbzQbKe0PROcTxAJ/4v6vT5bpV9gkwsStwBivXGuShi
    oykrld9i3JATONFN+Nh2ohry6xz0A8Shltvx9zKO+OFNuAixo7fqE5Dtfda7zasK
    TcShlj0iHZgSyGDHTnSkZpbQByCDI62Zc5qedq0CgYEAxT7CJKE3ZzlCJYfpXQ1b
    0SO2AOOO1sxlXyZiAqbfEG7/9Uck1pmEDBB/mpsgH+2hs8657gdo8riAarlfmchY
    +t8/juaNe4VWfcpIBiGrgs4aKhHzzSgIhyrphbS5LLL/Qf7Uj4/aZkuYnLPzSqyE
    WDAJXjlpx7PLYRE6NpG41DCLPlz+a9ILF058M+zMwEeA+8/WGMsg

报错如下:

[root@master tmp]# kubectl logs -f pod/traefik-7cd4fcff68-gtfgd -n kube-system
time="2022-11-28T09:52:05Z" level=error msg="Unable to append certificate 
0\x82\x06Y0\x82\x05A\xa0\x03\x02\x01\x02\x02\x13M\x00<\xe5\x01\xa7\x89~%3kP\xcb\x00\x00\x00<\xe
5\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\v\x05\x000H1\x130\x11\x06\n\t\x92&\x89\x93\xf2,d\x01\x19
\x16\x03com1\x160\x14\x06\n\t\x92&\x89\x93\xf2,d\x01\x19\x16\x06lenovo1\x190\x17\x06\x03U\x04\x
03\x13\x10lenovoSHA2SUBCA10\x1e\x17\r221128020509Z\x17\r251127020509Z0|1\v0\t\x06\x03U\x04\x06\
x13\x02CN1\x100\x0e\x06\x03U\x04\b\x13\aBeijing1\x100\x0e\x06\x03U\x04\a\x13\aBeijing1!0\x1f\x0
6\x03U\x04\n\x13\x18Lenovo (Beijing)
Limited1\f0\n\x06\x03U\x04\v\x13\x03MBG1\x180\x16\x06\x03U\x04\x03\x13\x0fztzd.lenovo.com0\x82\x01\"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xc4\xf3$\x97\x9eˌ\x1dP\xe2Vc*\xb4\xa6)\xd3C\xf9
J\xb1CS1\xae\xa3\x1f\xcdr\x89\xd7\xc0h\xcbb\xc8\xf5n\xbcG\xfbq\xee\xe8\x87\x10\"\xdd|m\xbdE\xc7\x1a3\xa0\xd4\xdes\u007f5\x19\xea\x01\x91\x91\x17\u007f\xb1F\f\x13~\xa0\x95\xa9g\"|\xee#\x99\xd8\u007f\xb8hV\x99\xa8[\x0eo{B\xc2\xe5\xe2\xbd\xd6^{.\x92\xe1jǛ2\b\xf5_/\xea4\xfa\xcfԈ\xeeцi\x1a\x8c\nfF\x13I\x8c۫\xee\xa0Bľ\xf1#\x01\x92\x847֝\x88\xde4!\xb9}\x1c\xe0\xdbjh\xe2\x13\xebZf\xc0\xaf'\xb0CN\tC\xad\xdfZ\xb0\x8f\x06u\xa1*\x1eh\x85Z:X\xe5\xbdN\x02\xf1őw1G\xf9\xc3sz\xac\x16͏R\xa6\xe1\xf1\u007fe\xa1\n\xbc\xe9\b\x80\x16\x1d\xc7h\xb4\x17w\xe5\xa24\xf3\x12\x02\x84y1\xe1\xf3ʊ-\xb6\xc6A\U0006500f\xb2\xaa2g\xdb\x18\x06\x1d\xe1w\xe7W7\x02\x03\x01\x00\x01\xa3\x82\x03\x060\x82\x03\x020\x1a\x06\x03U\x1d\x11\x04\x130\x11\x82\x0fztzd.lenovo.com0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\x8e\xb7Ӳ\x9f{/
Ț\xe2\xfbĴ;\xea\x9e\x02^\x9fm0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14\xbb'\x19QTYZb\xd8\xf3\xdb1\xe9\x90\v\x83\xcb\xebn@0\x82\x01Q\x06\x03U\x1d\x1f\x04\x82\x01H0\x82\x01D0\x82\x01@\xa0\x82\x01<\xa0\x82\x018\x86<http://Sha2SubCA1.lenovo.com/CertEnroll/lenovoSHA2SUBCA1.crl\x86<http://Sha2SubCA2.lenovo.com/CertEnroll/lenovoSHA2SUBCA1.crl\x86\x81\xb9ldap:///CN=lenovoSHA2SUBCA1,CN=SHA2SubCA1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=lenovo,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint0\x81\xd0\x06\b+\x06\x01\x05\x05\a\x01\x01\x04\x81\xc30\x81\xc00^\x06\b+\x06\x01\x05\x05\a0\x02\x86Rhttp://Sha2SubCA1.lenovo.com/CertEnroll/SHA2SubCA1.lenovo.com_lenovoSHA2SUBCA1.crt0^\x06\b+\x06\x01\x05\x05\a0\x02\x86Rhttp://Sha2SubCA2.lenovo.com/CertEnroll/SHA2SubCA1.lenovo.com_lenovoSHA2SUBCA1.crt0\v\x06\x03U\x1d\x0f\x04\x04\x03\x02\x05\xa00=\x06\t+\x06\x01\x04\x01\x827\x15\a\x0400.\x06&+\x06\x01\x04\x01\x827\x15\b\x82ȕA\x86\xcb\xc3Y\x85\xe9\x93\x16\x87\xff\xc6!\x86
؞ }\x85\xe8\xf9!\x86\x8f\xad\u007f\x02\x01d\x02\x0110\x13\x06\x03U\x1d%\x04\f0\n\x06\b+\x06\x01\x05\x05\a\x03\x010\x1b\x06\t+\x06\x01\x04\x01\x827\x15\n\x04\x0e0\f0\n\x06\b+\x06\x01\x05\x05\a\x03\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\v\x05\x00\x03\x82\x01\x01\x005N\x96\xfbS\xf2\x8c$\x8f\xf30\xb8\xbb\t`\xc4\xdbL\xc0-
Noc\xf6\x10\x94:\x1bIE\x15'\x88\xf2\xe8~\x8b\x132\xa9\xb4alʻ\x8d\x82Ԇ\xdb\x1b\x9f\xe1\x06\xc8\xf7\t\xc8\u007f\xd0f\xbd\xc6\xc7_3{\xff\xdcG\x1a\x1fT\"Qt\xd3\xec\r\xe8dQ\xf7#Լ\x16)x\xfe\x13\x9d\xe2{\xe9\x96#\x18u\xb3\xb3\xcd\xe3\xee,\xfd\xbdc̎\x9a\x82\x8f\x9aj㵯
\xc2$\xfe\xb5\x17O\xe0u\xf7\x96_lh\xfc\xbe\xc5~\xacQ\xd3\xf1\xf8rU\xb0Pd\n<%q\xd4\xd5ә\xe2\xc4m\x0e\xeb\xc3KV\xe1\x93g\x90\xe7\xb3\xd0A)\xf7\x8b\x89\xf3\xca{J\xd8J\x11k\xabl%\xcb3\xa9-H\x97CY`eL\xa7\xa9'\xe6<D\x9d\xaeD8̲\xe2+\xfb\xbb3\xb4\x05\xb8\xc4\xe11\x18BG\x90\x12'\xa6\x80D\
b\xa6\xcbl\n\xc4\xfeM\x87ݡ\x94\x99\xd49>P5>\xe9~\xd8\x13\av2\x01\xed\xf6 to store: unable to
generate TLS certificate : tls: failed to find any PEM data in certificate input" 
tlsStoreName=default

创建ingress

创建https的ingress方法如下:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
  labels:
    overlay-label: overlay-app
  name: client-h5-ingress
  namespace: stage
spec:
  tls:
  - hosts:
    - ztzd.lenovo.com #你的域名
    secretName: ztzd-secret
  rules:
  - host: ztzd.lenovo.com
    http:
      paths:
      - backend:
          service:
            name: client-h5
            port:
              number: 80
        path: /
        pathType: Prefix

多写一个例子吧

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
  labels:
    overlay-label: overlay-app
  name: superset-ingress
  namespace: stage
spec:
  tls:
  - hosts:
    - ztzd-superset.lenovo.com #你的域名
    secretName: ztzd-superset-secret
  rules:
  - host: ztzd-superset.lenovo.com
    http:
      paths:
      - backend:
          service:
            name: superset
            port:
              number: 80
        path: /
        pathType: Prefix
avatar
文章
阅读
粉丝