基於kubernetes1.11安裝Harbor私有映象庫(三)
簡介
上一篇說明了如何配置執行traefik服務,本篇將會說明如何讓traefik支援https請求的轉發。
配置traefik-HTTPS
- 用ssl證書建立secret
這裡忽略關於如何建立ssl證書的過程,你可以建立新的或使用已有的ssl證書。假設現在已經有ssl.crt,ssl.key檔案,並儲存在host目錄/etc/k8s/ssl/下。
k8s中建立一個secret資源,
[root@kubemaster ssl]kubectl create secret generic traefik-cert --from-file=ssl.crt --from-file=ssl.key -n kube-system
secret "traefik-cert" created
- 建立configmap用於儲存traefik的配置
參考traefik/traefik.toml, 建立一個配置檔案,放在/etc/k8s/conf/目錄下,其內容如下:
[root@kubemaster ssl]cat /etc/k8s/conf/traefik.toml
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/k8s/ssl/ssl.crt"
keyFile = "/etc/k8s/ssl/ssl.key"
建立configmap:
[root@kubemaster conf]# kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system
configmap "traefik-conf" created
- 更新traefik服務
我們現在來更新traefik-deployment.yaml檔案(建議把原來的檔案重新命名備份一下),用以支援https轉發, 修改後內容如下:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
hostNetwork: true
volumes:
- name: ssl
secret:
secretName: traefik-cert
- name: config
configMap:
name: traefik-conf
containers:
- image: traefik
name: traefik-ingress-lb
volumeMounts:
- mountPath: "/etc/k8s/ssl/"
name: "ssl"
- mountPath: "/etc/k8s/conf/"
name: "config"
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: admin
containerPort: 8080
args:
- --configFile=/etc/k8s/conf/traefik.toml
- --api
- --kubernetes
- --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 443
name: https
- protocol: TCP
port: 8080
name: admin
type: NodePort
更新service相關:
[root@kubemaster k8s]# kubectl apply -f traefik-deployment.yaml
serviceaccount "traefik-ingress-controller" unchanged
daemonset.extensions "traefik-ingress-controller" configured
service "traefik-ingress-service" configured
-
檢視ui變化
可以看到此時entry points已支援http/https協議訪問。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/3034/viewspace-2816121/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Harbor-私有映象倉庫的安裝部署
- harbor私有映象安裝和使用
- containerd 配置使用私有映象倉庫 harborAI
- 容器技術之Docker私有映象倉庫harborDocker
- 容器映象倉庫-Harbor的安裝及踩坑
- 企業級映象倉庫 Harbor 的安裝與配置
- Kubernetes基於helm安裝 harbor
- 私有化輕量級持續整合部署方案--06-私有映象倉庫-Harbor
- Docker搭建Harbor私有倉庫Docker
- 搭建Harbor 映象倉庫
- 配置pod拉取harbor容器映象倉庫私有映象:secret儲存賬號密碼密碼
- Kunbernetes-基於Nexus構建私有映象倉庫
- Docker私有倉庫之Harbor神器Docker
- CentOS部署Harbor映象倉庫CentOS
- Docker搭建私有倉庫Registry&HarborDocker
- Docker-------私有倉庫 Harbor 的搭建Docker
- harbor安裝
- kubernetes實踐之二十八:使用Harbor作為私有映象倉庫
- Harbor倉庫映象掃描原理
- 微服務探索之路03篇-docker私有倉庫Harbor搭建+Kubernetes(k8s)部署私有倉庫的映象微服務DockerK8S
- Docker--harbor私有倉庫部署與管理Docker
- Docker企業級映象倉庫HarborDocker
- Centos7安裝docker倉庫HarborCentOSDocker
- docker安裝harborDocker
- 可能是最詳細的部署:DockerRegistry企業級私有映象倉庫Harbor管理WEBUIDockerWebUI
- Docker搭建私有映象倉庫Docker
- 手把手教你搭建Docker私有倉庫HarborDocker
- 基於滴滴雲安裝 Docker 並上傳映象到滴滴雲 Docker 倉庫Docker
- 可能是最詳細的部署:Docker Registry企業級私有映象倉庫Harbor管理WEB UIDockerWebUI
- harbor映象倉庫證書過期問題
- 搭建npm私有映象倉庫,天下苦於npm build久矣NPMUI
- AnolisOS7.9安裝Harbor
- k8s 使用 containerd 作為容器執行時拉取 http 的 harbor 私有倉庫映象K8SAIHTTP
- 【Harbor學習筆記】-教你快速搭建Docker私有倉庫筆記Docker
- k8s-harbor安裝K8S
- harbor安裝實操筆記筆記
- 部署docker-consul群集,Harbor構建Docker私有倉庫Docker
- Docker私有映象Docker