簡介
traefik 是一個前端負載均衡器,對于微服務 架構尤其是 kubernetes 等編排工具具有良好的支援;同 nginx 等相比,traefik 能夠自動感覺後端容器變化,進而實作自動服務發現。
traefik部署在k8s上分為daemonset和deployment兩種方式各有優缺點:
- daemonset 能确定有哪些node在運作traefik,是以可以确定的知道後端ip,但是不能友善的伸縮
- deployment 可以更友善的伸縮,但是不能确定有哪些node在運作traefik是以不能确定的知道後端ip
一般部署兩種不同類型的traefik:
- 面向内部(internal)服務的traefik,建議可以使用deployment的方式
- 面向外部(external)服務的traefik,建議可以使用daemonset的方式
建議使用traffic-type标簽
- traffic-type: external
- traffic-type: internal
traefik相應地使用labelSelector
- traffic-type=internal
- traffic-type=external
安裝
mkdir traefik && cd traefik
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
# 配置rbac
kubectl apply -f traefik-rbac.yaml
# 以下兩種方式選擇一個 # 80 提供正常服務,8080 是其自帶的 UI 界面 # 以daemonset方式啟動traefik # 會在所有node節點啟動一個traefik并監聽在80端口 # master節點不會啟動traefik
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-ds.yaml
kubectl apply -f traefik-ds.yaml
# 以deployment方式啟動traefik
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml
kubectl apply -f traefik-deployment.yaml
# 檢視狀态
kubectl get pods -n kube-system
# 通路測試,如果有響應說明安裝正确 # 應該傳回404 # 如果以daemonset方式啟動traefik使用如下方式驗證 # 11.11.11.112為任何一個node節點的ip
curl 11.11.11.112
# 如果以deployment方式啟動traefik # 通路node:nodeport或者叢集ip驗證 複制代碼 部署Træfik Web UI
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/ui.yaml
kubectl apply -f ui.yaml
# 通路webui # 需要先配置host # 11.11.11.112為任何一個node節點的ip
11.11.11.112 traefik-ui.minikube
# 浏覽器通路如下位址
http://traefik-ui.minikube/
複制代碼 使用basic驗證
# 生成加密密碼,如果沒有安裝htpasswd可以線上生成 # https://tool.lu/htpasswd/
htpasswd -c ./auth myusername
cat auth
myusername:$apr1$78Jyn/1K$ERHKVRPPlzAX8eBtLuvRZ0 # 從密碼檔案建立secret # monitoring必須和ingress rule處于同一個namespace
kubectl create secret generic mysecret --from-file auth --namespace=monitoring
# 建立ingress
cat >prometheus-ingress.yaml<<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: prometheus-dashboard
namespace: monitoring
annotations:
kubernetes.io/ingress.class: traefik
ingress.kubernetes.io/auth-type: "basic"
ingress.kubernetes.io/auth-secret: "mysecret"
spec:
rules:
- host: dashboard.prometheus.example.com
http:
paths:
- backend:
serviceName: prometheus
servicePort: 9090
EOF
kubectl create -f prometheus-ingress.yaml -n monitoring
複制代碼 官方執行個體
1. 根據域名(host)路由
# deployment
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-deployments.yaml
kubectl apply -f cheese-deployments.yaml
# service
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-services.yaml
kubectl apply -f cheese-services.yaml
# ingress
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-ingress.yaml
kubectl apply -f cheese-ingress.yaml
# 檢視狀态
kubectl get pods
kubectl get svc
kubectl get ingress
# 測試 # 配置hosts
11.11.11.112 stilton.minikube cheddar.minikube wensleydale.minikube
# 浏覽器通路測試
http://stilton.minikube/
http://cheddar.minikube/
http://wensleydale.minikube/
複制代碼 2. 根據路徑(path)路由
# 使用新的ingress
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheeses-ingress.yaml
kubectl apply -f cheeses-ingress.yaml
# 測試 # 配置hosts
11.11.11.112 cheeses.minikube
# 浏覽器通路測試
http://cheeses.minikube/stilton/
http://cheeses.minikube/cheddar/
http://cheeses.minikube/wensleydale/
複制代碼 3. 指定路由優先級
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: wildcard-cheeses annotations: traefik.frontend.priority: "1" spec: rules: - host: *.minikube http: paths: - path: / backend: serviceName: stilton servicePort: http kind: Ingress metadata: name: specific-cheeses annotations: traefik.frontend.priority: "2" spec: rules: - host: specific.minikube http: paths: - path: / backend: serviceName: stilton servicePort: http 本文轉自掘金-
k8s安裝traefik配置使用ingress![(Nginx)03_Nginx原理與優化一、Nginx原理二、master-workers機制三、面試題:[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)