安装helm traefik repo
helm repo add traefik https://helm.traefik.io/traefik
编辑values.yaml文件
可以到https://raw.githubusercontent.com/traefik/traefik-helm-chart/master/traefik/values.yaml
下载默认的values.yaml
修改 additionalArguments
additionalArguments:
- "--certificatesresolvers.letsencrypt.acme.email=<your-email-here>"
- "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
注释掉
#securityContext:
# capabilities:
# drop: [ALL]
# readOnlyRootFilesystem: true
# runAsGroup: 65532
# runAsNonRoot: true
# runAsUser: 65532
#podSecurityContext:
#fsGroup: 65532
这一步是防止acme.json权限不正确
复制cloudflare global account key.在My Profile -> API Tokens -> Global API Key -> View
将使用key将其存储在集群中。使用 kubectl,执行:
kubectl create secret generic cloudflare-credentials --from-literal=globalApiKey=<YOUR API KEY>
在values.yaml编辑env
env:
- name: CF_API_EMAIL
value: <[email protected]>
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: cloudflare-credentials
key: globalApiKey
打开traefik 的Dashboard,打开ssl
把expose 设置为true
修改tls里certResolver: letsencrypt
enabled: true
安装Traefik
helm install traefik traefik/traefik -f values.yaml
使用helm安装wordpress测试HTTPS
helm repo add bitnami https://charts.bitnami.com/bitnami
下载wordpress的values.yaml
https://raw.githubusercontent.com/bitnami/charts/master/bitnami/wordpress/values.yaml
修改values.yaml
修改enabled: true
修改 hostname: <你的域名>
安装wordpress
helm install wordpress bitnami/wordpress -f values.yaml
验证
traefik面板看到配置成功
访问域名也可看到证书