apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:
- --log.level=ERROR
- --accesslog=false
- --global.checknewversion
- --global.sendAnonymousUsage=false
- --entrypoints.web.http.redirections.entryPoint.to=:443
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --providers.file.directory=/file
- --certificatesresolvers.le.acme.email=mail@mail.com
- --certificatesresolvers.le.acme.storage=/data/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 128Mi
path: /data
podSecurityContext:
fsGroup: 65532
deployment:
initContainers:
- name: volume-permissions
image: busybox:latest
command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
securityContext
runAsNonRoot: true
runAsGroup: 65532
runAsUser: 65532
volumeMounts:
- name: data
level=error msg="The ACME resolver "le" is skipped from the resolvers list because: unable to get ACME account: open /data/acme.json: permission denied"
how to use traefik for tls
Get you file permissions set up correctly, so Traefik can read from and write to the file.
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:
- --log.level=ERROR
- --accesslog=false
- --global.checknewversion
- --global.sendAnonymousUsage=false
- --entrypoints.web.http.redirections.entryPoint.to=:443
- --entrypoints.web.http.redirections.entryPoint.scheme=websecure
- --providers.file.directory=/file
- --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.le.acme.email=mail@mail.com
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.storage=/le/acme.json
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
volumes:
- name: config-file
mountPath: file/
type: configMap
persistence:
enabled: true
name: le
accessMode: ReadWriteOnce
size: 128Mi
path: /le
securityContext:
readOnlyRootFilesystem: false
runAsGroup: 0
runAsUser: 0
runAsNonRoot: false
that's how a file is created
, but there are no such instructions in traefik
and all this makes sense if the file provider will receive tls
, but nothing happens
ittools.yaml: |-
http:
routers:
ittools-router:
entryPoints:
- web
service: ittools-service
rule: Host(`ittools.domen.com`)
tls:
certResolver: le
services:
ittools-service:
loadBalancer:
servers:
- url: http://192.168.88.3:8888
passHostHeader: true
The problem is solved - that's how everything works and receives certificates
apiVersion: v1
kind: ConfigMap
metadata:
name: config-file
namespace: kube-system
data:
ittools.yaml: |-
http:
services:
ittools-service:
loadBalancer:
servers:
- url: http://192.168.88.3:8888
routers:
ittools-router:
entryPoints:
- web
rule: Host(`domen.domen.com`)
service: ittools-service
tls:
certResolver: le