Я использую Traefik с Kubernetes и хочу развернуть несколько сайтов с сертификатом подстановочного знака letsencrypt.Журналы показывают, что часть запрашивающих сертификатов, кажется, работает нормально, также сообщения отладки показывают, что сертификат должен использоваться
time="2018-11-14T10:16:08Z" level=info msg="legolog: [INFO] [*.my-domain.com] Server responded with a certificate."
time="2018-11-14T10:16:08Z" level=debug msg="Certificates obtained for domains [*.my-domain.com]"
time="2018-11-14T10:16:08Z" level=debug msg="Configuration received from provider ACME: {}"
time="2018-11-14T10:16:08Z" level=debug msg="Wiring frontend dashboard.my-domain.com/ to entryPoint http"
time="2018-11-14T10:16:08Z" level=debug msg="Creating backend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Adding TLSClientHeaders middleware for frontend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Creating load-balancer wrr"
time="2018-11-14T10:16:08Z" level=debug msg="Creating server traefik-ingress-controller-84fbb59c4b-8h2p5 at http://MY-IP:8080 with weight 1"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route / PathPrefix:/"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route dashboard.my-domain.com Host:dashboard.my-domain.com"
time="2018-11-14T10:16:08Z" level=debug msg="Wiring frontend dashboard.my-domain.com/ to entryPoint https"
time="2018-11-14T10:16:08Z" level=debug msg="Creating backend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Adding TLSClientHeaders middleware for frontend dashboard.my-domain.com/"
time="2018-11-14T10:16:08Z" level=debug msg="Creating load-balancer wrr"
time="2018-11-14T10:16:08Z" level=debug msg="Creating server traefik-ingress-controller-84fbb59c4b-8h2p5 at http://MY-IP:8080 with weight 1"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route dashboard.my-domain.com Host:dashboard.my-domain.com"
time="2018-11-14T10:16:08Z" level=debug msg="Creating route / PathPrefix:/"
time="2018-11-14T10:16:08Z" level=debug msg="Add certificate for domains *.my-domain.com"
time="2018-11-14T10:16:08Z" level=info msg="Server configuration reloaded on :8080"
time="2018-11-14T10:16:08Z" level=info msg="Server configuration reloaded on :80"
time="2018-11-14T10:16:08Z" level=info msg="Server configuration reloaded on :443"
Но, как я открываю веб-сайт и меняю то есть http://dashboard.my -domain.com до https://dashboard.my -domain.com Я получаю сообщение об ошибке, что нет сертификата, и это «ERR_SSL_PROTOCOL_ERROR» в Chrome.
Для предоставления некоторого контекставот мои фрагменты yaml:
apiVersion: v1
kind: Service
metadata:
name: traefik-ingress-service
namespace: traefik
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
name: traefik-webui
namespace: traefik
spec:
selector:
k8s-app: traefik-ingress-lb
type: LoadBalancer
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080
- name: https
protocol: TCP
port: 443
targetPort: 8080
loadBalancerIP: MYEXTERNALIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-webui
namespace: traefik
spec:
rules:
- host: dashboard.my-domain.com
http:
paths:
- path: /
backend:
serviceName: traefik-webui
servicePort: web
также мой Configmap выглядит так:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: traefik
name: traefik-conf
data:
traefik.toml: |
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[kubernetes]
[web]
[acme]
email = "my-email@ddr.es"
storage = "/config/acme.json"
onDemand = true
entryPoint = "https"
acmeLogging = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[acme.dnsChallenge]
provider = "MYPROVIDER"
[[acme.domains]]
main = "*.my-domain.com"
logLevel = "DEBUG"