简介
traefik 是一个前端负载均衡器,对于微服务架构尤其是 kubernetes 等编排工具具有良好的支持;同 nginx 等相比,traefik 能够自动感知后端容器变化,从而实现自动服务发现。
traefik部署在k8s上分为daemonset和deployment两种方式各有优缺点:
daemonset 能确定有哪些node在运行traefik,所以可以确定的知道后端ip,但是不能方便的伸缩
deployment 可以更方便的伸缩,但是不能确定有哪些node在运行traefik所以不能确定的知道后端ip
一般部署两种不同类型的traefik:
面向内部(internal)服务的traefik,建议可以使用deployment的方式
面向外部(external)服务的traefik,建议可以使用daemonset的方式
建议使用traffic-type标签
traffic-type: external
traffic-type: internal
traefik相应地使用labelSelector
traffic-type=internal
traffic-type=external
安装
mkdir traefik && cd traefik wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml# 配置rbackubectl apply -f traefik-rbac.yaml# 以下两种方式选择一个# 80 提供正常服务,8080 是其自带的 UI 界面# 以daemonset方式启动traefik# 会在所有node节点启动一个traefik并监听在80端口# master节点不会启动traefikwget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-ds.yaml kubectl apply -f traefik-ds.yaml# 以deployment方式启动traefikwget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml kubectl apply -f traefik-deployment.yaml# 查看状态kubectl get pods -n kube-system# 访问测试,如果有响应说明安装正确# 应该返回404# 如果以daemonset方式启动traefik使用如下方式验证# 11.11.11.112为任何一个node节点的ipcurl 11.11.11.112# 如果以deployment方式启动traefik# 访问node:nodeport或者集群ip验证
部署Træfik Web UI
wget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/ui.yaml kubectl apply -f ui.yaml# 访问webui# 需要先配置host# 11.11.11.112为任何一个node节点的ip11.11.11.112 traefik-ui.minikube# 浏览器访问如下地址http://traefik-ui.minikube/
使用basic验证
# 生成加密密码,如果没有安装htpasswd可以在线生成# https://tool.lu/htpasswd/htpasswd -c ./auth myusername cat auth myusername:$apr1$78Jyn/1K$ERHKVRPPlzAX8eBtLuvRZ0# 从密码文件创建secret# monitoring必须和ingress rule处于同一个namespace kubectl create secret generic mysecret --from-file auth --namespace=monitoring# 创建ingresscat >prometheus-ingress.yaml<<EOF apiVersion: extensions/v1beta1 kind: Ingress metadata: name: prometheus-dashboard namespace: monitoring annotations: kubernetes.io/ingress.class: traefik ingress.kubernetes.io/auth-type: "basic" ingress.kubernetes.io/auth-secret: "mysecret"spec: rules: - host: dashboard.prometheus.example.com http: paths: - backend: serviceName: prometheus servicePort: 9090 EOF kubectl create -f prometheus-ingress.yaml -n monitoring
官方实例
1. 根据域名(host)路由
# deploymentwget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-deployments.yaml kubectl apply -f cheese-deployments.yaml# servicewget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-services.yaml kubectl apply -f cheese-services.yaml# ingresswget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-ingress.yaml kubectl apply -f cheese-ingress.yaml# 查看状态kubectl get pods kubectl get svc kubectl get ingress# 测试# 配置hosts11.11.11.112 stilton.minikube cheddar.minikube wensleydale.minikube# 浏览器访问测试http://stilton.minikube/http://cheddar.minikube/http://wensleydale.minikube/
2. 根据路径(path)路由
# 使用新的ingresswget https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheeses-ingress.yamlkubectl apply -f cheeses-ingress.yaml# 测试# 配置hosts11.11.11.112 cheeses.minikube# 浏览器访问测试http://cheeses.minikube/stilton/http://cheeses.minikube/cheddar/http://cheeses.minikube/wensleydale/
3. 指定路由优先级
apiVersion: extensions/v1beta1kind: Ingressmetadata: name: wildcard-cheeses annotations: traefik.frontend.priority: "1"spec: rules: - host: *.minikube http: paths: - path: / backend: serviceName: stilton servicePort: httpkind: Ingressmetadata: name: specific-cheeses annotations: traefik.frontend.priority: "2"spec: rules: - host: specific.minikube http: paths: - path: / backend: serviceName: stilton servicePort: http
作者:CountingStars_
链接:https://www.jianshu.com/p/b3b0ffb0dc88