5.kubernetes的服务暴露插件-Traefik
目录
部署traefik
在HDSS7-200.host.com上
[root@hdss7-200 k8s-yaml]# docker pull traefik:v1.7.2-alpine [root@hdss7-200 k8s-yaml]# docker images |grep traefik [root@hdss7-200 k8s-yaml]# docker tag add5fac61ae5 harbor.fx.com/public/traefik:v1.7.2 [root@hdss7-200 k8s-yaml]# docker push harbor.fx.com/public/traefik:v1.7.2
准备资源配置清单
在HDSS7-200.host.com上
[root@hdss7-200 traefik]# mkdir -p /data/k8s-yaml/traefik && cd /data/k8s-yaml/traefik
rbac.yaml
[root@hdss7-200 traefik]# vim rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: traefik-ingress-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: traefik-ingress-controller rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system
ds.yaml
[root@hdss7-200 traefik]# vim ds.yaml apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: traefik-ingress namespace: kube-system labels: k8s-app: traefik-ingress spec: template: metadata: labels: k8s-app: traefik-ingress name: traefik-ingress spec: serviceAccountName: traefik-ingress-controller terminationGracePeriodSeconds: 60 containers: - image: harbor.fx.com/public/traefik:v1.7.2 name: traefik-ingress ports: - name: controller containerPort: 80 hostPort: 81 - name: admin-web containerPort: 8080 securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE args: - --api - --kubernetes - --logLevel=INFO - --insecureskipverify=true - --kubernetes.endpoint=https://10.4.7.10:7443 - --accesslog - --accesslog.filepath=/var/log/traefik_access.log - --traefiklog - --traefiklog.filepath=/var/log/traefik.log - --metrics.prometheus
svc.yaml
[root@hdss7-200 traefik]# vim svc.yaml kind: Service apiVersion: v1 metadata: name: traefik-ingress-service namespace: kube-system spec: selector: k8s-app: traefik-ingress ports: - protocol: TCP port: 80 name: controller - protocol: TCP port: 8080 name: admin-web
ingress.yaml
[root@hdss7-200 traefik]# vim ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: traefik-web-ui namespace: kube-system annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: traefik.fx.com http: paths: - path: / backend: serviceName: traefik-ingress-service servicePort: 8080
应用资源配置清单
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/traefik/rbac.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/traefik/ds.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/traefik/svc.yaml [root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/traefik/ingress.yaml
检查创建资源
[root@hdss7-21 ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-65cb567d6f-4x5tn 1/1 Running 0 15h traefik-ingress-7p7z4 1/1 Running 0 19m traefik-ingress-f6kpc 1/1 Running 0 19m
解析域名
[root@hdss7-11 ~]# vim /var/named/fx.com.zone $ORIGIN fx.com. $TTL 600 ; 10 minutes @ IN SOA dns.fx.com. dnsadmin.fx.com. ( 2020061010 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.fx.com. $TTL 60 ; 1 minute dns A 10.4.7.11 harbor A 10.4.7.200 k8s-yaml A 10.4.7.200 traefik A 10.4.7.10 [root@hdss7-11 ~]# systemctl restart named
配置反向代理
[root@hdss7-11 ~]# vim /etc/nginx/conf.d/fx.com.conf upstream default_backend_traefik { server 10.4.7.21:81 max_fails=3 fail_timeout=10s; server 10.4.7.22:81 max_fails=3 fail_timeout=10s; } server { server_name *.fx.com; location / { proxy_pass http://default_backend_traefik; proxy_set_header Host $http_host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; } } [root@hdss7-11 ~]# nginx -t [root@hdss7-11 ~]# nginx -s reload
注:HDSS7-12.host.com也需要配置nginx
浏览器访问
http://traefik.fx.com/
