Неудачный клиент ACME в Kubernetes traefik-ingress - PullRequest
Новая
       43

Неудачный клиент ACME в Kubernetes traefik-ingress

0 голосов
/ 09 мая 2019

Я пытаюсь развернуть traefik-ingress-controller на aws eks.Ниже приводится мое определение

ConfigMap 

apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-conf
  namespace: kube-system
data:
  traefik.toml: |
    defaultEntryPoints = ["http","https"]
    logLevel = "INFO"
    [entryPoints]
      [entryPoints.http]
        address = ":80"
        compress = true
        [entryPoints.http.redirect]
        entryPoint = "https"
        [entryPoints.http.whiteList]
        sourceRange = ["0.0.0.0/0"]
      [entryPoints.https]
        address = ":443"
        compress = true
        [entryPoints.https.tls]
        [entryPoints.https.whiteList]
        sourceRange = ["0.0.0.0/0"]
      [entryPoints.internal]
        address = ":4080"
        compress = true
    [kubernetes]
    [api]
    [ping]
    [accessLog]
    [acme]
      email = "XXX@domain.com"
      storage = "traefik-external-certificates/acme/account"
      acmeLogging = true
      entryPoint = "https"
      OnHostRule = true
      [acme.httpChallenge]
        entryPoint="http"

и DaemonSet 

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    app: traefik-ingress-lb
spec:
  selector:
    matchLabels:
      app: traefik-ingress-lb
  minReadySeconds: 5
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      containers:
      - name: traefik-ingress
        image: traefik:alpine
        volumeMounts:
        - mountPath: /config
          name: config
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        - name: internal
          containerPort: 4080
        - name: admin
          containerPort: 8080
        securityContext:
          privileged: true
        args:
        - --api
        - --ping
        - --kubernetes
        - --consul
        - --consul.endpoint=$(CONSUL_SERVICE_HOST):$(CONSUL_SERVICE_PORT)
        - --consul.watch=false
        - --configfile=/config/traefik.toml
        livenessProbe:
          httpGet:
            path: /ping
            port: 80
          initialDelaySeconds: 3
          periodSeconds: 3
          timeoutSeconds: 1
      volumes:
      - name: config
        configMap:
          name: traefik-conf

Но модуль traefik-ingress-controller не работает с

10.0.17.157 - - [09/May/2019:19:19:09 +0000] "GET /ping HTTP/1.1" 302 5 "-" "kube-probe/1.10+" 1 "entrypoint redirect for http" "/ping" 0ms
10.0.17.157 - - [09/May/2019:19:19:09 +0000] "GET /ping HTTP/2.0" 404 19 "http://10.0.17.157:80/ping" "kube-probe/1.10+" 2 "backend not found" "/ping" 0ms
10.0.17.157 - - [09/May/2019:19:19:12 +0000] "GET /ping HTTP/1.1" 302 5 "-" "kube-probe/1.10+" 3 "entrypoint redirect for http" "/ping" 0ms
10.0.17.157 - - [09/May/2019:19:19:12 +0000] "GET /ping HTTP/2.0" 404 19 "http://10.0.17.157:80/ping" "kube-probe/1.10+" 4 "backend not found" "/ping" 0ms
time="2019-05-09T19:19:12Z" level=info msg="I have to go..."
time="2019-05-09T19:19:12Z" level=info msg="Stopping server gracefully"
time="2019-05-09T19:19:12Z" level=info msg="Server stopped"
time="2019-05-09T19:19:12Z" level=info msg="Shutting down"

Кто-нибудь знает, что здесь не так?

...