Traefik 配置

1. 证书问题

Kyverno - Kubernetes 进阶训练营(第3期) (qikqiak.com)

ArgoCD and cert-manager TLS/SSL certificates Integration: In-depth guide | by soappanda | Medium

traefik TLS认证配置 

cert-manager 配置 自签名ca以签发证书

使用cert-manager自动签发证书

自动化证书管理：Cert-Manager 实践指南 

maestro docs: auto-traefik-tls-certificate.md

使用 cert-manager 签发免费证书 | k8s 折腾笔记 (todoit.tech)

Tools: terraform Prepare New AWS EKS Cluster and Orchestrator Deployment

kubectl -n argocd get secrets argocd-initial-admin-secret -ojsonpath='{.data.password}' | base64 -d

kubectl get certificate -n gateway-system traefik-tls-cert

kubectl get secrets -n gateway-system tls-traefik

kubectl get ingressroutes -n gateway-system  -o json  | jq .items[].spec.tls.secretName

 kubectl logs -n cert-manager -l app=cert-manager --tail -1

ca=traefik-tls-cert
dns=cluster1.onprem

# bash - How to escape single quotes within single quoted strings - Stack Overflow
kubectl -n gateway-system patch certificate $ca --type='json' -p '[
{"op":"replace","path":"/spec/dnsNames","value": ["'"$dns"'", "'"'"'*.'"$dns"''"'"'"]}]'

 

k8s中使用cert-manager玩转证书

HTTPS-使用Certbot自动配置Let’s Encrypt证书

User Guide — Certbot 2.12.0.dev0 documentation (eff-certbot.readthedocs.io)

 Multiple sources - Argo CD 中文文档 平台工程 Devops

Openssl生成自签名证书，简单步骤 - 凝雨 - Yun (ningyu1.github.io)

 cert

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  labels:
    argocd.argoproj.io/instance: onprem_self-signed-cert
  name: traefik-tls-cert-test
  namespace: gateway-system
spec:
  dnsNames:
  - mycluster.onprem
  - '*.mycluster.onprem'
  duration: 17520h0m0s
  isCA: true
  issuerRef:
    kind: ClusterIssuer
    name: traefik-selfsigned-issuer
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 4096
  renewBefore: 13140h0m0s
  secretName: tls-traefik-test
  subject:
    countries:
    - US
    organizations:
    - Intel Corporation
  usages:
  - digital signature
  - key encipherment
  - server auth