4.kubernetes的服务暴露插件-Traefik
程序员文章站
2022-07-06 10:06:52
[TOC] 1.部署traefik 在hdss7 200.host.com上 2.准备资源配置清单 在hdss7 200.host.com上 rbac.yaml ds.ymal svc.yaml ingress.yaml 3.应用资源配置清单 4.检查创建资源 5.解析域名 6.配置反向代理 7.浏 ......
目录
1.部署traefik
在hdss7-200.host.com上
[root@hdss7-200 k8s-yaml]# docker pull traefik:v1.7.2-alpine [root@hdss7-200 k8s-yaml]# docker images|grep traefik [root@hdss7-200 k8s-yaml]# docker tag add5fac61ae5 harbor.od.com/public/traefik:v1.7.2 [root@hdss7-200 k8s-yaml]# docker push harbor.od.com/public/traefik:v1.7.2
2.准备资源配置清单
在hdss7-200.host.com上
[root@hdss7-200 k8s-yaml]# mkdir traefik [root@hdss7-200 k8s-yaml]# cd traefik/
rbac.yaml
apiversion: v1 kind: serviceaccount metadata: name: traefik-ingress-controller namespace: kube-system --- apiversion: rbac.authorization.k8s.io/v1beta1 kind: clusterrole metadata: name: traefik-ingress-controller rules: - apigroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apigroups: - extensions resources: - ingresses verbs: - get - list - watch --- kind: clusterrolebinding apiversion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleref: apigroup: rbac.authorization.k8s.io kind: clusterrole name: traefik-ingress-controller subjects: - kind: serviceaccount name: traefik-ingress-controller namespace: kube-system
ds.ymal
apiversion: extensions/v1beta1 kind: daemonset metadata: name: traefik-ingress namespace: kube-system labels: k8s-app: traefik-ingress spec: template: metadata: labels: k8s-app: traefik-ingress name: traefik-ingress spec: serviceaccountname: traefik-ingress-controller terminationgraceperiodseconds: 60 containers: - image: harbor.od.com/public/traefik:v1.7.2 name: traefik-ingress ports: - name: controller containerport: 80 hostport: 81 - name: admin-web containerport: 8080 securitycontext: capabilities: drop: - all add: - net_bind_service args: - --api - --kubernetes - --loglevel=info - --insecureskipverify=true - --kubernetes.endpoint=https://10.4.7.10:7443 - --accesslog - --accesslog.filepath=/var/log/traefik_access.log - --traefiklog - --traefiklog.filepath=/var/log/traefik.log - --metrics.prometheus
svc.yaml
kind: service apiversion: v1 metadata: name: traefik-ingress-service namespace: kube-system spec: selector: k8s-app: traefik-ingress ports: - protocol: tcp port: 80 name: controller - protocol: tcp port: 8080 name: admin-web
ingress.yaml
apiversion: extensions/v1beta1 kind: ingress metadata: name: traefik-web-ui namespace: kube-system annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: traefik.od.com http: paths: - path: / backend: servicename: traefik-ingress-service serviceport: 8080
3.应用资源配置清单
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/rbac.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/ds.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/svc.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.od.com/traefik/ingress.yaml
4.检查创建资源
[root@hdss7-21 ~]# kubectl get pods -n kube-system
5.解析域名
[root@hdss7-11 ~]# vi /var/named/od.com.zone $origin od.com. $ttl 600 ; 10 minutes @ in soa dns.od.com. dnsadmin.od.com. ( 2020042601 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) ns dns.od.com. $ttl 60 ; 1 minute dns a 10.4.7.11 harbor a 10.4.7.200 k8s-yaml a 10.4.7.200 traefik a 10.4.7.10 [root@hdss7-11 ~]# systemctl restart named
6.配置反向代理
[root@hdss7-11 ~]# vi /etc/nginx/conf.d/od.com.conf upstream default_backend_traefik { server 10.4.7.21:81 max_fails=3 fail_timeout=10s; server 10.4.7.22:81 max_fails=3 fail_timeout=10s; } server { server_name *.od.com; location / { proxy_pass http://default_backend_traefik; proxy_set_header host $http_host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; } } [root@hdss7-11 ~]# nginx -t [root@hdss7-11 ~]# nginx -s reload
7.浏览器访问
http://traefik.od.com/
下一篇: Redis 链表实现
推荐阅读
-
Linux服务器配置ip白名单防止远程登录以及端口暴露的问题
-
荐 【dubbo源码解析】--- dubbo的服务暴露+服务消费(RPC调用)底层原理深入探析
-
基于nodejs的流水线式的CRUD服务。依赖注入可以支持插件。
-
kubernetes的服务发现插件-CoreDNS
-
EasyNVR RTSP转HLS(m3u8+ts)流媒体服务器前端构建之:bootstrap-datepicker日历插件的实时动态展现
-
推荐一个超好用的linux服务器监控插件
-
开发者说:如何使用插件降低上传文件部署服务的复杂度 阿里巴巴
-
4.kubernetes的服务暴露插件-Traefik
-
Docker环境搭建和全终端无插件网页摄像机直播管理服务EasyNVS的部署方案详解
-
dubbo源码学习(四):暴露服务的过程