欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

4.kubernetes的服务暴露插件-Traefik

程序员文章站 2022-07-06 10:06:52
[TOC] 1.部署traefik 在hdss7 200.host.com上 2.准备资源配置清单 在hdss7 200.host.com上 rbac.yaml ds.ymal svc.yaml ingress.yaml 3.应用资源配置清单 4.检查创建资源 5.解析域名 6.配置反向代理 7.浏 ......

目录

1.部署traefik

在hdss7-200.host.com上

[root@hdss7-200 k8s-yaml]# docker pull traefik:v1.7.2-alpine
[root@hdss7-200 k8s-yaml]# docker images|grep traefik
[root@hdss7-200 k8s-yaml]# docker tag add5fac61ae5 harbor.od.com/public/traefik:v1.7.2
[root@hdss7-200 k8s-yaml]# docker push  harbor.od.com/public/traefik:v1.7.2

2.准备资源配置清单

在hdss7-200.host.com上

[root@hdss7-200 k8s-yaml]# mkdir traefik
[root@hdss7-200 k8s-yaml]# cd traefik/

rbac.yaml

apiversion: v1
kind: serviceaccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
apiversion: rbac.authorization.k8s.io/v1beta1
kind: clusterrole
metadata:
  name: traefik-ingress-controller
rules:
  - apigroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apigroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
kind: clusterrolebinding
apiversion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleref:
  apigroup: rbac.authorization.k8s.io
  kind: clusterrole
  name: traefik-ingress-controller
subjects:
- kind: serviceaccount
  name: traefik-ingress-controller
  namespace: kube-system

ds.ymal

apiversion: extensions/v1beta1
kind: daemonset
metadata:
  name: traefik-ingress
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress
        name: traefik-ingress
    spec:
      serviceaccountname: traefik-ingress-controller
      terminationgraceperiodseconds: 60
      containers:
      - image: harbor.od.com/public/traefik:v1.7.2
        name: traefik-ingress
        ports:
        - name: controller
          containerport: 80
          hostport: 81
        - name: admin-web
          containerport: 8080
        securitycontext:
          capabilities:
            drop:
            - all
            add:
            - net_bind_service
        args:
        - --api
        - --kubernetes
        - --loglevel=info
        - --insecureskipverify=true
        - --kubernetes.endpoint=https://10.4.7.10:7443
        - --accesslog
        - --accesslog.filepath=/var/log/traefik_access.log
        - --traefiklog
        - --traefiklog.filepath=/var/log/traefik.log
        - --metrics.prometheus

svc.yaml

kind: service
apiversion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress
  ports:
    - protocol: tcp
      port: 80
      name: controller
    - protocol: tcp
      port: 8080
      name: admin-web

ingress.yaml

apiversion: extensions/v1beta1
kind: ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: traefik.od.com
    http:
      paths:
      - path: /
        backend:
          servicename: traefik-ingress-service
          serviceport: 8080

3.应用资源配置清单

[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/rbac.yaml
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/ds.yaml
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/svc.yaml
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/ingress.yaml

4.检查创建资源

[root@hdss7-21 ~]# kubectl get pods -n kube-system

5.解析域名

[root@hdss7-11 ~]# vi /var/named/od.com.zone
$origin od.com.
$ttl 600        ; 10 minutes
@               in soa  dns.od.com. dnsadmin.od.com. (
                                2020042601 ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                                ns   dns.od.com.
$ttl 60 ; 1 minute
dns                a    10.4.7.11
harbor             a    10.4.7.200
k8s-yaml           a    10.4.7.200
traefik            a    10.4.7.10

[root@hdss7-11 ~]# systemctl restart named

6.配置反向代理

[root@hdss7-11 ~]# vi /etc/nginx/conf.d/od.com.conf
upstream default_backend_traefik {
    server 10.4.7.21:81    max_fails=3 fail_timeout=10s;
    server 10.4.7.22:81    max_fails=3 fail_timeout=10s;
}
server {
    server_name *.od.com;
  
    location / {
        proxy_pass http://default_backend_traefik;
        proxy_set_header host       $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}
[root@hdss7-11 ~]# nginx -t
[root@hdss7-11 ~]# nginx -s reload

7.浏览器访问

http://traefik.od.com/