k8s安装traefik配置使用ingress

简介

traefik 是一个前端负载均衡器，对于微服务 架构尤其是 kubernetes 等编排工具具有良好的支持；同 nginx 等相比，traefik 能够自动感知后端容器变化，从而实现自动服务发现。

traefik部署在k8s上分为daemonset和deployment两种方式各有优缺点：

• daemonset 能确定有哪些node在运行traefik，所以可以确定的知道后端ip，但是不能方便的伸缩
• deployment 可以更方便的伸缩，但是不能确定有哪些node在运行traefik所以不能确定的知道后端ip

一般部署两种不同类型的traefik:

• 面向内部(internal)服务的traefik，建议可以使用deployment的方式
• 面向外部(external)服务的traefik，建议可以使用daemonset的方式

建议使用traffic-type标签

• traffic-type: external
• traffic-type: internal

traefik相应地使用labelSelector

• traffic-type=internal
• traffic-type=external

安装

mkdir traefik && cd traefik wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml # 配置rbac kubectl apply -f traefik-rbac.yaml # 以下两种方式选择一个 # 80 提供正常服务，8080 是其自带的 UI 界面 # 以daemonset方式启动traefik # 会在所有node节点启动一个traefik并监听在80端口 # master节点不会启动traefik wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-ds.yaml kubectl apply -f traefik-ds.yaml # 以deployment方式启动traefik wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml kubectl apply -f traefik-deployment.yaml # 查看状态 kubectl get pods -n kube-system # 访问测试，如果有响应说明安装正确 # 应该返回404 # 如果以daemonset方式启动traefik使用如下方式验证 # 11.11.11.112为任何一个node节点的ip curl 11.11.11.112 # 如果以deployment方式启动traefik # 访问node:nodeport或者集群ip验证 复制代码

部署Træfik Web UI

wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/ui.yaml kubectl apply -f ui.yaml # 访问webui # 需要先配置host # 11.11.11.112为任何一个node节点的ip 11.11.11.112 traefik-ui.minikube # 浏览器访问如下地址 http://traefik-ui.minikube/ 复制代码

使用basic验证

# 生成加密密码，如果没有安装htpasswd可以在线生成 # https://tool.lu/htpasswd/ htpasswd -c ./auth myusername cat auth myusername:$apr1$78Jyn/1K$ERHKVRPPlzAX8eBtLuvRZ0 # 从密码文件创建secret # monitoring必须和ingress rule处于同一个namespace kubectl create secret generic mysecret --from-file auth --namespace=monitoring # 创建ingress cat >prometheus-ingress.yaml<<EOF apiVersion: extensions/v1beta1 kind: Ingress metadata: name: prometheus-dashboard namespace: monitoring annotations: kubernetes.io/ingress.class: traefik ingress.kubernetes.io/auth-type: "basic" ingress.kubernetes.io/auth-secret: "mysecret" spec: rules: - host: dashboard.prometheus.example.com http: paths: - backend: serviceName: prometheus servicePort: 9090 EOF kubectl create -f prometheus-ingress.yaml -n monitoring 复制代码

官方实例

1. 根据域名(host)路由

# deployment wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-deployments.yaml kubectl apply -f cheese-deployments.yaml # service wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-services.yaml kubectl apply -f cheese-services.yaml # ingress wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-ingress.yaml kubectl apply -f cheese-ingress.yaml # 查看状态 kubectl get pods kubectl get svc kubectl get ingress # 测试 # 配置hosts 11.11.11.112 stilton.minikube cheddar.minikube wensleydale.minikube # 浏览器访问测试 http://stilton.minikube/ http://cheddar.minikube/ http://wensleydale.minikube/ 复制代码

2. 根据路径(path)路由

# 使用新的ingress wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheeses-ingress.yaml kubectl apply -f cheeses-ingress.yaml # 测试 # 配置hosts 11.11.11.112 cheeses.minikube # 浏览器访问测试 http://cheeses.minikube/stilton/ http://cheeses.minikube/cheddar/ http://cheeses.minikube/wensleydale/ 复制代码

3. 指定路由优先级

apiVersion: extensions/v1beta1 kind: Ingress metadata: name: wildcard-cheeses annotations: traefik.frontend.priority: "1" spec: rules: - host: *.minikube http: paths: - path: / backend: serviceName: stilton servicePort: http kind: Ingress metadata: name: specific-cheeses annotations: traefik.frontend.priority: "2" spec: rules: - host: specific.minikube http: paths: - path: / backend: serviceName: stilton servicePort: http

本文转自掘金- k8s安装traefik配置使用ingress