Title

traefik修改entryPoints端口

1、修改helm的values.yaml文件

# values.yaml
...
hostNetwork: true    # 使用宿主机的网络
ports:
  traefik:
    port: 8080
    ....
    ....
    ....
  web:
    port: 80          # 端口由 8000 改为 80
   ....
  websecure:
    port: 443         # 端口由 8443 改为 443
  ...
  ...
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop: [ALL]
    add: [NET_BIND_SERVICE]      # 添加绑定端口
  readOnlyRootFilesystem: true
  runAsGroup: 0                  # 使用root权限
  runAsNonRoot: false            
  runAsUser: 0
   
...

# 尝试更新helm
helm upgrade -n kube-system traefik -f values.yaml .
[root@master-11 traefik]# kubectl get pods -n kube-system
NAME                       READY   STATUS    RESTARTS   AGE
traefik-76d8b868d4-rhrfq   1/1     Running   0          11m
[root@master-11 traefik]# kubectl get deployments.apps -n kube-system -oyaml | grep "web"
          - --entryPoints.web.address=:80/tcp
          - --entryPoints.websecure.address=:443/tcp
          - --entryPoints.websecure.http.tls=true
            name: web
            name: websecure
# 这里可以看出来已经修改成功了

2、错误示例

# 不修改values.yaml直接修改deployment资源(没权限)
[root@master-11 traefik]# kubectl logs -n kube-system traefik-7b45ddb7b8-ndddt
2025-08-24T14:05:06Z INF Traefik version 3.3.4 built on 2025-02-25T10:11:01Z version=3.3.4
2025-08-24T14:05:06Z INF Stats collection is enabled.
2025-08-24T14:05:06Z INF Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.
2025-08-24T14:05:06Z INF Help us improve Traefik by leaving this feature on :)
2025-08-24T14:05:06Z INF More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2025-08-24T14:05:06Z ERR Command error error="command traefik error: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied"


若是监听端口里没有443端口(前提是你得有服务),hostNetwork在deployment中看不到则手动进行添加
[root@master-11 registry]# ss -tulnp | grep 443 
tcp   LISTEN 0      4096               *:6443             *:*    users:(("kube-apiserver",pid=1772,fd=3))
[root@master-11 registry]# kubectl edit deployments.apps -n traefik traefik
在你的spec下一级字段添加dnsPolicy: ClusterFirst与hostNetwork: true,然后稍等一段时间确认pod已经起来了
[root@master-11 registry]# ss -tulnp | grep 443
tcp   LISTEN 0      4096               *:6443             *:*    users:(("kube-apiserver",pid=1772,fd=3))
tcp   LISTEN 0      4096               *:443              *:*    users:(("traefik",pid=10357,fd=6))
posted @ 2025-08-31 16:30  xwk123  阅读(1)  评论(0)    收藏  举报