K8S ingress控制器 (三）

认识traefik

参考: https://traefik.cn/
是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。 它支持多种后台 (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) 来自动化、动态的应用它的配置文件设置。

traefik部署

mkdir traefik/
cd traefik/

编排ConfigMap

vim traefik-config.yaml

apiVersion: v1kind: ConfigMapmetadata:  name: traefik-config  namespace: kube-systemdata:  traefik.toml: |    defaultEntryPoints = ["http","https"]    debug = false    logLevel = "INFO"    InsecureSkipVerify = true    [entryPoints]      [entryPoints.http]      address = ":80"      compress = true      [entryPoints.https]      address = ":443"        [entryPoints.https.tls]      address = ":8080"    [kubernetes]    [metrics]      [metrics.prometheus]      buckets=[0.1,0.3,1.2,5.0]      entryPoint = "traefik"    [ping]    entryPoint = "http"

编排SA与DaemonSet

vim traefik-ds.yaml

apiVersion: v1kind: ServiceAccountmetadata:  name: traefik-ingress-controller  namespace: kube-system---kind: DaemonSetapiVersion: apps/v1metadata:  name: traefik-ingress-controller-v2  namespace: kube-system  labels:    k8s-app: traefik-ingress-lbspec:  selector:    matchLabels:      name: traefik-ingress-lb-v2  template:    metadata:      labels:        k8s-app: traefik-ingress-lb        name: traefik-ingress-lb-v2    spec:      serviceAccountName: traefik-ingress-controller      terminationGracePeriodSeconds: 60      containers:      - image: traefik:2.1.6        name: traefik-ingress-lb-v2        ports:        - name: http          containerPort: 80          hostPort: 80        - name: admin          containerPort: 8080          hostPort: 8080        securityContext:          capabilities:            drop:            - ALL            add:            - NET_BIND_SERVICE        args:        - --api        - --api.insecure=true        - --providers.kubernetesingress=true        - --log.level=INFO      volumes:      - configMap:          name: traefik-config        name: config---kind: ServiceapiVersion: v1metadata:  name: traefik-ingress-service-v2  namespace: kube-system  labels:    k8s-app: traefik-ingress-lb-v2spec:  selector:    k8s-app: traefik-ingress-lb-v2  ports:    - protocol: TCP      port: 80      name: web    - protocol: TCP      port: 8080      name: admin

编排rbac

[root@master1 traefik]# vim traefik-rbac.yaml

kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: traefik-ingress-controllerrules:  - apiGroups:      - ""    resources:      - services      - endpoints      - secrets    verbs:      - get      - list      - watch  - apiGroups:      - extensions    resources:      - ingresses    verbs:      - get      - list      - watch  - apiGroups:    - extensions    resources:    - ingresses/status    verbs:    - update---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: traefik-ingress-controllerroleRef:  apiGroup: rbac.authorization. k8s.io  kind: ClusterRole  name: traefik-ingress-controllersubjects:- kind: ServiceAccount  name: traefik-ingress-controller  namespace: kube-system

编排dashborad

vim traefik-dashboard.yaml

apiVersion: v1kind: Servicemetadata:  name: traefik-web-ui  namespace: kube-systemspec:  selector:    k8s-app: traefik-ingress-lb  ports:  - name: web    port: 80    targetPort: 8080---apiVersion: extensions/v1beta1kind: Ingressmetadata:  name: traefik-web-ui  namespace: kube-systemspec:  rules:  - host: traefik-daniel.com                    # 这里换成自己的域名(实验环境模拟一个就OK)    http:      paths:      - path: /        backend:          serviceName: traefik-web-ui          servicePort: 80

应用YAML

ls

kubectl apply -f .

验证

kubectl get pods -n kube-system |grep traefik

[root@master1 traefik]# kubectl get svc -n kube-system |grep traefik

访问

1.用宿主机模拟客户端
vim /etc/hosts

192.168.154.139 traefik-daniel.com # 添加域名与任意k8s集群节点的绑定

2.客户端firefox访问traefik-daniel.com

3.或者使用任意k8s集群节点IP:8080访问