K3s的traefik配置http强制跳转https

K3s
1

环境信息:
K3s 版本:

k3s version v1.21.11+k3s1 (4eb3a488)
go version go1.16.10

节点 CPU 架构、操作系统和版本::

Linux myth3year 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

集群配置:

单节点

问题描述:

复现步骤:

  • 安装 K3s 的命令:
    INSTALL_K3S_SKIP_DOWNLOAD=true
    INSTALL_K3S_EXEC="–service-node-port-range=63888-64888"
    /opt/k3s/install.sh

预期结果:

配置了 SSL证书(阿里云的)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-web-ingress
  annotations:
    kubernetes.io/ingress.class: "traefik"
    # nginx.ingress.kubernetes.io/ssl-redirect: "true"
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
    - hosts:
      - "nginx.xxx.cn"
      secretName: nginx-tls
  rules:
  - host: "nginx.xxx.cn"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-web
            port:
                number: 80

可以通过http://nginx.xxx.cn 访问.
可以 https://nginx.xxx.cn

我希望http强制跳转https

实际结果:
强制跳转 http → https 未实现

求大佬指导…找了好久没找到相关的

附加上下文/日志:

日志
上下文
2

要看你是需要全局https跳转,还是具体某个ingress做跳转。
如需全局HTTPS跳转,直接在helm chart (/var/lib/rancher/k3s/server/manifests/traefik-config.yaml)里面加入 (参考: Traefik 2: Permanent http to https redirect (pet2cattle.com))

valuesContent: |-
    ports:
      web:
        redirectTo: websecure ←

如果只需为某个ingress进行https跳转,则需先创建一个自动跳转的traefik middleware
参考: Set up Traefik Kubernetes Ingress for HTTP and HTTPS with redirect to HTTPS (aqibrahman.com)

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirect
  namespace: example

spec:
  redirectScheme:
    scheme: https
    permanent: true

然后在ingress yaml的annotation中进行引用

metadata:
  ...
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: example-redirect@kubernetescrd
1 个赞
3

感谢,虽然还没实践. :grinning: