简介
Trafik,和nginx-ingress类似,都是用于微服务集群的HTTP/HTTPS代理转发和负载均衡的。
相对nginx-ingress来说, Traefik部署更简单,其反向代理和负载均衡功能更直接高效。
本节主要说明如何在kubernetes1.11上安装traefik,及配置https转发的流程。
安装Traefik
- 下载源安装包
[root@kubemaster DevOps]# git clone https://github.com/containous/traefik.git
[root@kubemaster DevOps]# cd traefik/examples/k8s
[root@kubemaster k8s]# ls
cheese-default-ingress.yaml cheese-services.yaml traefik-deployment.yaml traefik-rbac.yaml
cheese-deployments.yaml cheeses-ingress.yaml ui.yaml
cheese-ingress.yaml traefik-ds.yaml
一般来说,我们只需要配置及部署traefik-deployment.yaml
,traefik-rbac.yaml
,ui.yaml
这三个文件即可。
- 创建traefik-rbac
因为Kubernetes在1.6之后的版本启用了RBAC鉴权机制,所以需配置ClusterRole及ClusterRoleBinding来对api-server进行相应权限的控制。
[root@kubemaster k8s]# kubectl apply -f traefik-rbac.yaml
clusterrole.rbac.authorization.k8s.io "traefik-ingress-controller" created
clusterrolebinding.rbac.authorization.k8s.io "traefik-ingress-controller" created
#检查是否创建成功
[root@kubemaster k8s]# kubectl get clusterrolebinding | grep traefik
traefik-ingress-controller 5s
[root@kubemaster k8s]# kubectl get clusterrole | grep traefik
traefik-ingress-controller 13s
可以此时看到已经完成clusterrole,clusterrolebinding的创建了。
- 创建traefik服务
[root@kubemaster k8s]# kubectl apply -f traefik-deployment.yaml
serviceaccount "traefik-ingress-controller" created
deployment.extensions "traefik-ingress-controller" created
service "traefik-ingress-service" created
#检查是否创建成功
[root@kubemaster k8s]# kubectl get svc,deployment,pod -n kube-system | grep traefik
service/traefik-ingress-service NodePort 10.104.254.55 <none> 80:32672/TCP,8080:30005/TCP 15h
deployment.extensions/traefik-ingress-controller 1 1 1 1 2d
pod/traefik-ingress-controller-6f6d87769d-l7vgv 1/1 Running 0 15h
可以看到service,pod等都已经运行起来。
-
创建ui服务
- (1)修改
ui.yaml
- (1)修改
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations: ## 添加注解, 定义ingress.class为traefik
kubernetes.io/ingress.class: traefik
spec:
tls:
- secretName: traefik-cert
rules:
- host: traefik.example.com ## 主要修改这里,把host改为你自己的
http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
- (2)创建service及检查
[root@kubemaster k8s]# kubectl apply -f ui.yaml
service "traefik-web-ui" created
ingress.extensions "traefik-web-ui" created
# 检查是否创建成功
[root@kubemaster k8s]# kubectl describe ing traefik-web-ui -n kube-system
Name: traefik-web-ui
Namespace: kube-system
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
traefik.example.com
/ traefik-web-ui:web (10.244.2.43:8080,192.168.1.49:8080,192.168.1.50:8080)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"traefik"},"name":"traefik-web-ui","namespace":"kube-system"},"spec":{"rules":[{"host":"traefik.example.com","http":{"paths":[{"backend":{"serviceName":"traefik-web-ui","servicePort":"web"},"path":"/"}]}}]}}
kubernetes.io/ingress.class: traefik
Events: <none>
[root@kubemaster k8s]# kubectl get ing traefik-web-ui -n kube-system
NAME HOSTS ADDRESS PORTS AGE
traefik-web-ui traefik.example.com 80 15h
- 浏览器访问traefik
修改本机host或添加公网域名解析,通过traefik.example.com
来访问, 效果如下: