k3s 修改traefik配置信息

浏览:157     发布时间:2024-07-31 16:27:41      博主:【张良人】

新增文件

vi /var/lib/rancher/k3s/server/manifests/traefik-config.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    additionalArguments:
      - "--entryPoints.web.proxyProtocol.insecure"            # 80
      - "--entryPoints.web.forwardedHeaders.insecure"
      - "--entryPoints.websecure.proxyProtocol.insecure"    # 443
      - "--entryPoints.websecure.forwardedHeaders.insecure"
      - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,172.16.0.0/16"
      - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,172.16.0.0/16"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"        # prometheus监控
      - "--metrics.prometheus.addEntryPointsLabels=true"    
      - "--metrics.prometheus.addrouterslabels=true"        
      - "--metrics.prometheus.addServicesLabels=true"        
      - "--certificatesResolvers.letse.acme.dnsChallenge.provider=alidns"   #自动签名证书letse配置,使用aliyun
      - "--certificatesResolvers.letse.acme.email=xxxxx@qq.com"
      - "--certificatesResolvers.letse.acme.storage=/data/acme.json"
      - "--certificatesresolvers.letse.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letse.acme.dnschallenge=true"
      - "--certificatesresolvers.letse.acme.dnschallenge.provider=alidns"
    deployment:                # 映射地址
      additionalVolumes:    
        - name: traefikconfig
          hostPath:
            path: /dataN/ingress/config
        - name: traefiklogs
          hostPath:
            path: /dataN/ingress/logs
    additionalVolumeMounts:  
      - name: traefikconfig
        mountPath: "/etc/traefik"
      - name: traefiklogs
        mountPath: "/var/log/traefik"
    env:
    - name: "ALICLOUD_ACCESS_KEY"
      value: "xxxx"
    - name: "ALICLOUD_SECRET_KEY"
      value: "xxxxx"
  • 参考: k3s Traefik获取上级网关传入的X-Real-Ip 【获取真实ip地址】