k8s 1.23 traefik v2.9.10 的应用
1.1 相关版本介绍
-
k8s:v1.23.17
-
traefik:v2.9.10
链接地址:
-
Dockerhub:https://hub.docker.com/_/traefik
-
gateway-api:
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
done
mkdir -p /root/traefik ; cd /root/traefik
cat > 00-role.yml <<EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
EOF
mkdir -p /root/traefik ; cd /root/traefik
cat > 00-account.yml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-account
EOF绑定帐户上的角色以对后者应用权限和规则
mkdir -p /root/traefik ; cd /root/traefik
cat > 01-role-binding.yml <<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-role
subjects:
- kind: ServiceAccount
name: traefik-account
namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.
EOF部署容器:
mkdir -p /root/traefik ; cd /root/traefik
cat > 02-traefik.yml <<EOF
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-deployment
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v2.9
args:
- --api.insecure
- --providers.kubernetesingress
ports:
- name: web
containerPort: 80
- name: dashboard
containerPort: 8080
EOF
mkdir -p /root/traefik ; cd /root/traefik
cat > 02-traefik-services.yml <<EOF
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard-service
spec:
type: NodePort # 这里先用nodeport展示:默认LoadBalancer
ports:
- port: 8080
targetPort: dashboard
selector:
app: traefik
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-service
spec:
type: NodePort
ports:
- targetPort: web
port: 80
selector:
app: traefik
EOF启动traefik:
kubectl apply -f 00-role.yml \
-f 00-account.yml \
-f 01-role-binding.yml \
-f 02-traefik.yml \
-f 02-traefik-services.yml
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 36d
myapp ClusterIP 10.110.23.33 <none> 80/TCP 22h
traefik-dashboard-service NodePort 10.107.137.221 <none> 8080:32584/TCP 41m #访问界面
traefik-web-service NodePort 10.101.176.161 <none> 80:30511/TCP 41m
