1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  labels:
    k8s-app: harbor
  name: harbor-dashboard
  namespace: harbor
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/ssl-redirect: "true"  #去掉这行http会自动跳转为https
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
    traefik.ingress.kubernetes.io/service.serversscheme: "https"
spec:
  tls:
  - hosts:
    - harbor.example.net
    secretName: harbor-tls   ##虽然网上都是这样配置的，但好像这里的证书并没有起作用
  rules:
   - host: harbor.example.net
     http:
       paths:
         - path: /
           pathType: Prefix
           backend:
             service:
               name: harbor
               port:
                 number: 443

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: k8s-dashboard
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/ssl-redirect: "true"  #去掉这行http会自动跳转为https
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  entryPoints:
    - websecure

  routes:
    - match: Host(`k8s.isiact.com`) && PathPrefix(`/`)
      kind: Rule
      services:
        - kind: Service
          name: kubernetes-dashboard
          namespace: kubernetes-dashboard
          port: 443
          serversTransport: mytransport
  tls:                              # [11]
    secretName: harbor-tls #必须加，不然404

---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: mytransport
  namespace: kubernetes-dashboard
spec:
    insecureSkipVerify: true