[kubernetes]k8s配置traefik2.0
程序员文章站
2023-12-30 13:21:34
...
traefik2.x和traefik1.x之间的总体差异比较大, 部署方式和ingress的配置方式都不一样, 现在基于官方文档来具体演示下如何在k8s(v1.14及以上)集群中配置traefik2.0.
- 准备CRD及RBAC权限(traefik-crd.yaml)
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutetcps
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- tlsoptions
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: default
- 配置Service(traefik-svc.yaml)
通过NodePort的方式将service端口暴露到宿主机指定(自定义)的端口上.
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
type: NodePort
ports:
- protocol: TCP
name: web
port: 8000
nodePort: 30080
- protocol: TCP
name: admin
port: 8080
nodePort: 30081
- protocol: TCP
name: websecure
port: 4443
nodePort: 30443
selector:
app: traefik
- 定义deployment配置(traefik-deploy.yaml)
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: default
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: default
name: traefik
labels:
app: traefik
spec:
replicas: 2
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.0.2
args:
- --api.insecure
- --accesslog
- --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443
- --providers.kubernetescrd
- --certificatesresolvers.default.acme.tlschallenge
- --[email protected]
- --certificatesresolvers.default.acme.storage=acme.json
# Please note that this is the staging Let's Encrypt server.
# Once you get things working, you should remove that whole line altogether.
- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
ports:
- name: web
containerPort: 8000
- name: websecure
containerPort: 4443
- name: admin
containerPort: 8080
- 通过kubectl创建以上资源
kubectl apply -f traefik-crd.yaml
kubectl apply -f traefik-svc.yaml
kubectl apply -f traefik-deploy.yaml
- 测试ingress转发(test-ingress.yaml)
可先自定义一个微服务,监听8080端口.
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pro
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`xx.example.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: test-server
port: 8080
创建ingress配置:
kubectl apply -f test-ingress.yaml
推荐阅读
-
[kubernetes]k8s配置traefik2.0
-
Kubernetes 中配置集群 ETCD 碰到的一些问题的解决!
-
在centos 7中安装配置k8s集群的步骤详解
-
企业级kubernetes(K8s)入门学习
-
云原生技术kubernetes(K8S)简介
-
【DevOps】在CentOS中安装Rancher2,并配置kubernetes集群
-
kubernetes系列03—kubeadm安装部署K8S集群
-
Kubernetes SpringCloud持续集成 - 安装jenkins、配置模板pod(一)
-
Kubernetes - 从Docker 镜像到K8s Pod操作示例
-
kubernetes - Set up a K8s cluster