#google-kubernetes-engine #traefik
#google-kubernetes-engine #traefik
Вопрос:
Я настроил кластер Kubernetes с использованием GKE с экземпляром Traefik в качестве контроллера входа, но я всегда получаю 502 Bad Gateway ответ при попытке получить доступ к ресурсу (в данном случае к панели управления traefik).
Шаг, которому я следовал, основан на этой статье: https://medium.com/@kita_no_tori/setting-up-a-service-mesh-in-gke-using-linkerd2-and-traefik-2-0-a0518cfc7625
Мое развертывание контроллера входа:
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: traefik
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- name: traefik
image: traefik:2.1.4
ports:
- name: https
containerPort: 443
hostPort: 443
- name: dashboard
containerPort: 8080
hostPort: 8080
args:
- --entryPoints.traefik.address=:8100
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
- --api.dashboard=true
- --log.level=INFO
- --global.sendanonymoususage=false
- --global.checknewversion=false
# TLS CHALLENGE (single certificates)
- --certificatesresolvers.le.acme.tlschallenge
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.email=<MY_EMAIL>
- --certificatesresolvers.le.acme.storage=acme.json
# DNS CHALLENGE (wildcards certificates)
- --certificatesresolvers.ledns.acme.email=<MY_EMAIL>
- --certificatesresolvers.ledns.acme.storage=acme-dns.json
- --certificatesresolvers.ledns.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.ledns.acme.dnschallenge=true
- --certificatesresolvers.ledns.acme.dnschallenge.provider=ovh
- --certificatesresolvers.ledns.acme.dnschallenge.delaybeforecheck=10
- --certificatesresolvers.ledns.acme.dnschallenge.resolvers=213.186.33.99,1.1.1.1:53,8.8.8.8:53
- --providers.kubernetescrd
env:
- name: OVH_ENDPOINT
value: "ovh-eu"
- name: OVH_APPLICATION_KEY
value: <MY_KEY>
- name: OVH_APPLICATION_SECRET
value: <MY_SECRET>
- name: OVH_CONSUMER_KEY
value: <MY_CONSUMER_KEY>
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 180
periodSeconds: 3
timeoutSeconds: 1
Мои сервисы:
# Connects Traefik with cloud provider's load balancer.
# All external traffic comes through here.
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-controller
namespace: default
spec:
type: LoadBalancer
loadBalancerIP: <MY_LOAD_BALANCER_IP>
selector:
app: traefik
ports:
- name: https
port: 443
targetPort: 443
---
# Exposes Traefik dashboard inside the cluster.
# External access is provided by IngressRoute.
kind: Service
apiVersion: v1
metadata:
name: traefik-dashboard
namespace: traefik
spec:
type: ClusterIP
selector:
app: traefik
ports:
- name: dashboard
port: 8080
targetPort: 8080
Мой входной маршрут:
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: traefik-dashboard
namespace: traefik
spec:
entryPoints:
- websecure
tls:
certResolver: le
routes:
- match: Host(`traefik.dashboard.mydomain.com`)
kind: Rule
services:
- name: traefik-dashboard
port: 8080
Любая помощь приветствуется.
Спасибо.
Комментарии:
1. Вы когда-нибудь решали эту проблему?
2. Нет, мы решили перейти на решение на основе nginx