Traefik2.4:使用了一个不存在的解析器:inwx
Traefik2.4: uses a non-existent resolver: inwx
我遇到找不到问题解决程序,阅读了所有相关主题,但没有得到答案
环境:
- kubernetes v1.20.6
- traefik: 2.4.9
Traefik 正在安装 helm chart。 values.yaml 看起来像:
image:
name: traefik
globalArguments: # tried with "globalArguments" and "additionalArguments"
- "--api.insecure=true"
- "--accesslog=false"
- "--log.level=DEBUG"
- "--certificatesresolvers.inwx.acme.email=*****@example.com"
- "--certificatesresolvers.inwx.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.inwx.acme.dnschallenge=true"
- "--certificatesresolvers.inwx.acme.dnschallenge.provider=inwx"
- "--certificatesresolvers.inwx.acme.storage=/data/acme.json"
ingressRoute:
dashboard:
enabled: true
insecure: true
api:
insecure: true
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 128Mi
path: /data
annotations: {}
env:
- name: INWX_USERNAME
valueFrom:
secretKeyRef:
name: inwx-dns
key: INWX_USERNAME
- name: INWX_PASSWORD
valueFrom:
secretKeyRef:
name: inwx-dns
key: INWX_PASSWORD
rbac:
enabled: true
namespaced: false
ports:
traefik:
port: 9000
expose: true
结果:
在所需位置创建了一个空 acme.json 但 taefik 打印:
the router flweber-whoami-ingress-flweber-test-foo-example-de-flweber-whoami@kubernetes uses a non-existent resolver: inwx
入口定义:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: flweber-whoami-ingress
namespace: flweber-test
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: "inwx"
traefik.ingress.kubernetes.io/router.middlewares: flweber-test-flweber-stripprefix@kubernetescrd
spec:
rules:
- host: foo.example.de
http:
paths:
- path: /flweber-whoami
pathType: Prefix
backend:
service:
name: flweber-whoami
port:
number: 80
提前致谢
注意:我不得不用占位符替换所有域。我在实际配置中没有使用 example.com 或 example.de
对于所有遇到类似问题的人,请仔细检查您的调试日志。
在我的例子中,所有调试输出之间是这一行:
time="2021-07-26T09:56:43Z" level=error msg="The ACME resolver \"inwx\" is skipped from the resolvers list because: unable to get ACME account: permissions 660 for /data/acme.json are too open, please use 600"
traefik 第一次启动时一切正常,但如果我做了 helm upgrade 我会得到上面的日志。
我可以使用正确设置权限的初始化容器来修复它。
我添加到 values.yaml 的以下部分:
deployment:
initContainers:
- name: volume-permissions
image: busybox:1.31.1
command: ["sh", "-c", "chmod -Rv 600 /data/*"]
volumeMounts:
- name: data
mountPath: /data
如果你有兴趣,如果有更好的解决方案,我也在 traefik 的论坛上开了一个讨论 link:https://community.traefik.io/t/traefik2-4-uses-a-non-existent-resolver-inwx/11283/3
希望我能帮到别人:)
我遇到找不到问题解决程序,阅读了所有相关主题,但没有得到答案
环境:
- kubernetes v1.20.6
- traefik: 2.4.9
Traefik 正在安装 helm chart。 values.yaml 看起来像:
image:
name: traefik
globalArguments: # tried with "globalArguments" and "additionalArguments"
- "--api.insecure=true"
- "--accesslog=false"
- "--log.level=DEBUG"
- "--certificatesresolvers.inwx.acme.email=*****@example.com"
- "--certificatesresolvers.inwx.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.inwx.acme.dnschallenge=true"
- "--certificatesresolvers.inwx.acme.dnschallenge.provider=inwx"
- "--certificatesresolvers.inwx.acme.storage=/data/acme.json"
ingressRoute:
dashboard:
enabled: true
insecure: true
api:
insecure: true
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 128Mi
path: /data
annotations: {}
env:
- name: INWX_USERNAME
valueFrom:
secretKeyRef:
name: inwx-dns
key: INWX_USERNAME
- name: INWX_PASSWORD
valueFrom:
secretKeyRef:
name: inwx-dns
key: INWX_PASSWORD
rbac:
enabled: true
namespaced: false
ports:
traefik:
port: 9000
expose: true
结果:
在所需位置创建了一个空 acme.json 但 taefik 打印:
the router flweber-whoami-ingress-flweber-test-foo-example-de-flweber-whoami@kubernetes uses a non-existent resolver: inwx
入口定义:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: flweber-whoami-ingress
namespace: flweber-test
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: "inwx"
traefik.ingress.kubernetes.io/router.middlewares: flweber-test-flweber-stripprefix@kubernetescrd
spec:
rules:
- host: foo.example.de
http:
paths:
- path: /flweber-whoami
pathType: Prefix
backend:
service:
name: flweber-whoami
port:
number: 80
提前致谢
注意:我不得不用占位符替换所有域。我在实际配置中没有使用 example.com 或 example.de
对于所有遇到类似问题的人,请仔细检查您的调试日志。 在我的例子中,所有调试输出之间是这一行:
time="2021-07-26T09:56:43Z" level=error msg="The ACME resolver \"inwx\" is skipped from the resolvers list because: unable to get ACME account: permissions 660 for /data/acme.json are too open, please use 600"
traefik 第一次启动时一切正常,但如果我做了 helm upgrade 我会得到上面的日志。
我可以使用正确设置权限的初始化容器来修复它。
我添加到 values.yaml 的以下部分:
deployment:
initContainers:
- name: volume-permissions
image: busybox:1.31.1
command: ["sh", "-c", "chmod -Rv 600 /data/*"]
volumeMounts:
- name: data
mountPath: /data
如果你有兴趣,如果有更好的解决方案,我也在 traefik 的论坛上开了一个讨论 link:https://community.traefik.io/t/traefik2-4-uses-a-non-existent-resolver-inwx/11283/3
希望我能帮到别人:)