traefik + cert-manager

安装trefik-ingress

• 创建安装trefik rbac

cat >rbac.yml<

• 创建traefik配置

cat >traefik.toml<

• 安装traefik

cat >traefik.yaml<

安装cert-manager

helm repo add jetstack https://charts.jetstack.io
kubectl apply \
    -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"

helm install --name cert-manager --namespace  cert-manage jetstack/cert-manager --version v0.7.0

参考链接：https://hub.helm.sh/charts/jetstack/cert-manager/v0.7.0

创建traefik ingress

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik #关键参数
  name: kiali-ingress
  namespace: istio-system
spec:
  rules:
    - host: "kiali.xxx.com"
      http:
        paths:
          - path: /
            backend:
              serviceName: kiali
              servicePort: 20001
  tls:
    - hosts:
        - kiali.xxx.com
      secretName: kiali-cert

做DNS解析

创建clusterissuer

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod
    http01: {}

创建证书

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: kiali
  namespace: istio-system
spec:
  secretName: kiali-cert
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  dnsNames:
  - kiali.xxx.com
  acme:
    config:
    - http01:
        ingressClass: traefik
      domains:
      - kiali.xxx.com