Traefik Ingress(Kubernetes)未收到letencrypt证书 [英] Traefik Ingress (Kubernetes) not receiving letsencrypt certificates

问题描述

我已经使用Let'sencrypt ACME配置了Traefik(舵图)，但是我没有收到任何证书. Traefik Ingress在端口80和443上公开了互联网.

I've configured Traefik (helm chart) with let'sencrypt ACME, but I'm not receiving any certificates. The Traefik Ingress is exposed on port 80 and 443 to the internet.

traefik.toml

traefik.toml

logLevel = "INFO"
InsecureSkipVerify = true
defaultEntryPoints = ["http","https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
  compress = true
  [entryPoints.https]
  address = ":443"
  compress = true
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      CertFile = "/ssl/tls.crt"
      KeyFile = "/ssl/tls.key"
[kubernetes]
[acme]
email = "email@email.com"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
acmeLogging = true
  [acme.httpChallenge]
  entryPoint = "http"
[web]
address = ":8080"

以Traefik作为IngressClass的Ingress

Ingress with Traefik as IngressClass

{
  "kind": "Ingress",
  "apiVersion": "extensions/v1beta1",
  "metadata": {
    "name": "domain",
    "namespace": "reverse-proxy",
    "selfLink": "/apis/extensions/v1beta1/namespaces/reverse-proxy/ingresses/domain",
    "uid": "550cdedc-ba77-11e8-8657-00155d00021a",
    "resourceVersion": "6393921",
    "generation": 5,
    "creationTimestamp": "2018-09-17T12:43:52Z",
    "annotations": {
      "ingress.kubernetes.io/ssl-redirect": "true",
      "kubernetes.io/ingress.class": "traefik"
    }
  },
  "spec": {
    "tls": [
      {
        "hosts": [
          "domain.com"
        ],
        "secretName": "cert" // without is also not working
      }
    ],
    "rules": [
      {
        "host": "domain.com",
        "http": {
          "paths": [
            {
              "backend": {
                "serviceName": "domain",
                "servicePort": 443
              }
            }
          ]
        }
      },
      {
        "host": "www.domain.com",
        "http": {
          "paths": [
            {
              "backend": {
                "serviceName": "www-domain",
                "servicePort": 443
              }
            }
          ]
        }
      }
    ]
  },
  "status": {
    "loadBalancer": {}
  }
}

我尝试同时使用http-01和tls-sni-01挑战. dns-01是没有选择的，因为我的DNS提供程序没有API.

I've tried to use both http-01 and tls-sni-01 challenge. dns-01 is no option, because my DNS provider doesn't have an API.

推荐答案

如何将letsencrypt配置注入到traefik Ingress服务/守护程序中?

How are you injecting the letsencrypt config to your traefik Ingress service/daemonset?

Traefik在Kubernetes Ingress文档上没有正式的letencrypt.但这是好的指南.查找外部Traefik入口控制器"，您需要一个kv后端来存储您的证书.

Traefik doesn't officially have letsencrypt on Kubernetes Ingress docs. But this is a good guide. Look for "External Traefik ingress controller" and you need a kv backend to store your certs.

您还可以尝试与Traefik一起使用的证书管理器

You can also try cert-manager which works with Traefik.

这篇关于Traefik Ingress(Kubernetes)未收到letencrypt证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！