安装helm traefik repo

helm repo add traefik https://helm.traefik.io/traefik

编辑values.yaml文件

可以到https://raw.githubusercontent.com/traefik/traefik-helm-chart/master/traefik/values.yaml下载默认的values.yaml
修改`
additionalArguments`


additionalArguments:
- "--certificatesresolvers.letsencrypt.acme.email=<your-email-here>"
- "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"

注释掉

#securityContext:
#  capabilities:
#    drop: [ALL]
#  readOnlyRootFilesystem: true
#  runAsGroup: 65532
#  runAsNonRoot: true
#  runAsUser: 65532

#podSecurityContext:
#fsGroup: 65532

这一步是防止acme.json权限不正确
复制cloudflare global account key.在My Profile -> API Tokens -> Global API Key -> View

将使用key将其存储在集群中。使用 kubectl,执行:

kubectl create secret generic cloudflare-credentials --from-literal=globalApiKey=<YOUR API KEY>

在values.yaml编辑env

         env:
            - name: CF_API_EMAIL
              value: <YOUR_CLOUDFLARE_EMAIL@DOMAIN.com>
            - name: CF_API_KEY
              valueFrom:
                secretKeyRef:
                  name: cloudflare-credentials
                  key: globalApiKey

打开traefik 的Dashboard,打开ssl

把expose 设置为true
修改tls里certResolver: letsencrypt enabled: true

安装Traefik

helm install traefik traefik/traefik -f values.yaml

使用helm安装wordpress测试HTTPS

helm repo add bitnami https://charts.bitnami.com/bitnami

下载wordpress的values.yaml
https://raw.githubusercontent.com/bitnami/charts/master/bitnami/wordpress/values.yaml

修改values.yaml

修改enabled: true
修改 hostname: <你的域名>

安装wordpress

helm install wordpress bitnami/wordpress -f values.yaml

验证


traefik面板看到配置成功
访问域名也可看到证书

Last modification:July 26th, 2021 at 08:57 pm
If you think my article is useful to you, please feel free to appreciate