K8s Traefik v2 + cert-manager 自動更換憑證

下載git專案
git clone https://github.com/stnet253/K8s-Traefik-v2-cert-manager.git
安裝 traefik v2 
helm repo add traefik https://containous.github.io/traefik-helm-chart
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
安裝 cert-manager
# Install the CustomResourceDefinition resources separately
kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
# Create the namespace for cert-manager
kubectl create namespace cert-manager
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Update your local Helm chart repository cache
helm repo update
# Install the cert-manager Helm chart
helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v0.14.2
# check 
kubectl get pods --namespace cert-manager
#設定Issuer or ClusterIssuer
kubectl apply -f /Letsencrypt/cluster-issuer.yaml

#helm佈署traefik

cd /helm
kubectl create namespace traefik
cd /traefik
helm install --namespace traefik traefik traefik/traefik --values traefik/traefik-chart-values.yaml
kubectl apply -f traefik-config.yaml
#產生dashboard密碼
htpasswd -nb user password | openssl base64

#設定dashboard密碼
cd /helm/traefik/dashboard
vi middleware.yaml
  編輯yaml加入密碼

vi middleware.yaml
另外兩個檔案記得修改域名(解析要先設定好)
kubectl apply -f certificate.yaml 
kubectl apply -f ingressroute.yaml
開啟dashboard 
https://traefik.itnotetk.com

#Letsencrypt whomai example
cd /Letsencrypt/whomai
kubectl apply -f deployment.yml 
kubectl apply -f service.yml
kubectl apply -f ingressroute.yaml
kubectl apply -f certificate.yaml

點閱: 25

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料