英文:
Traefik self signed certificate on openshift with the ingress object
问题
I have a problem where i can create an ingress object, and make it work with https but it does not provide a custom certificate I have created and specified in the "ingress" object.
我有一个问题,我可以创建一个入口对象,并使其在https下工作,但它没有提供我在“入口”对象中创建和指定的自定义证书。
I am using openshift as the orchestrator.
我正在使用Openshift作为编排器。
I am using "ingress" as a provider and the "ingress" object for traefik.
我使用“入口”作为提供者,并使用traefik的“入口”对象。
How can I create and enable a self-signed certificate that traefik will use?
我如何创建和启用traefik将使用的自签名证书?
In addition, how can I change the default certificate traefik gives me?
另外,我如何更改traefik提供给我的默认证书?
My configurations:
我的配置:
I have installed traefik via the default values.yaml file and via the helm chart here:
我通过默认的values.yaml文件和这里的helm图表安装了traefik:
https://github.com/traefik/traefik-helm-chart/tree/master
My ingress object:
我的入口对象:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-http
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- traefik.ben-tests.com
secretName: my-tls
rules:
- host: traefik.ben-tests.com
http:
paths:
- path: /iamben
pathType: Prefix
backend:
service:
name: whoami-svc
port:
number: 80
When i do:
curl https://traefik.ben-tests.com/iamben -k or access via web i get the default traefik certificate.
当我执行:
curl https://traefik.ben-tests.com/iamben -k 或通过web访问时,我收到默认的traefik证书。
I have created the certificate via the following commands:
我通过以下命令创建了证书:
To create the certificate:
要创建证书:
openssl req -new -newkey rsa:2048 -nodes -keyout my.key -out my.crt
To create the secret:
要创建密钥:
oc create secret generic my-tls --from-file=tls.key=my.key --from-file=tls.crt=my.crt
What am i doing wrong?
我做错了什么?
Ty very much for the help.
非常感谢您的帮助。
英文:
I have a problem where i can create an ingress object, and make it work with https but it does not provide a custom certificate I have created and specified in the "ingress" object.
I am using openshift as the orchestrator.
I am using "ingress" as a provider and the "ingress" object for traefik.
How can I create and enable a self-signed certificate that traefik will use?
In addition, how can I change the default certificate traefik gives me?
My configurations:
I have installed traefik via the default values.yaml file and via the helm chart here:
https://github.com/traefik/traefik-helm-chart/tree/master
My ingress object:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-http
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- traefik.ben-tests.com
secretName: my-tls
rules:
- host: traefik.ben-tests.com
http:
paths:
- path: /iamben
pathType: Prefix
backend:
service:
name: whoami-svc
port:
number: 80
When i do:
curl https://traefik.ben-tests.com/iamben -k or access via web i get the default traefik certificate.
I have created the certificate via the following commands:
To create the certificate:
openssl req -new -newkey rsa:2048 -nodes -keyout my.key -out my.crt
To create the secret:
oc create secret generic my-tls --from-file=tls.key=my.key --from-file=tls.crt=my.crt
What am i doing wrong?
Ty very much for the help.
答案1
得分: 0
当我签发证书时,它没有 SAN(Subject Alternative Name),所以证书无效,因此 traefik 提供了默认的证书。
通过 OpenSSL(版本 1.1.1)创建了一个新的有效证书。
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout my.key -out my.crt -subj "/CN=traefik.ben-tests.com" -addext "subjectAltName=DNS:*.traefik.ben-tests.com,DNS:traefik.ben-tests.com"
它起作用了 
英文:
When i signed the certificate it had no SAN so the certificate was not valid, thus traefik served the default one.
Created a new valid crt via openssl (version 1.1.1)
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout my.key -out my.crt -subj "/CN=traefik.ben-tests.com" -addext "subjectAltName=DNS:*.traefik.ben-tests.com,DNS:traefik.ben-tests.com"
And it worked
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论