K3s 集群如何使用 Traefik

前置条件

K3s集群环境: https://www.cnblogs.com/vpc123/articles/14021390.html
Helm部署: https://www.cnblogs.com/vpc123/articles/14322822.html

说明: 安装好k3s时,已默认安装好Tiller v2.16.8版本和traefik 1.81.0版本。

traefik面板暴露

编辑/var/lib/rancher/k3s/server/manifests/traefik.yaml文件,
helm文件中新增dashboard的value。全部内容如下:

kind: HelmChart
metadata:
  name: traefik
  namespace: kube-system
spec:
  chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
  valuesContent: |-
    rbac:
      enabled: true
    ssl:
      enabled: true
    dashboard:
      enabled: true
      domain: "traefik.me.k3s"
    metrics:
      prometheus:
        enabled: true
    kubernetes:
      ingressEndpoint:
        useDefaultPublishedService: true
    image: "rancher/library-traefik"
    tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
      - key: "node-role.kubernetes.io/master"
        operator: "Exists"
        effect: "NoSchedule"

说明: 此yaml文件中,启用了dashboard,且使用了一个traefik.me.k3s域名访问。
当我们更新完此yaml文件之后,k3s会自动调用Helm(helm-install-traefik)来重新部署一次traefik(如果部署失败,需要检查配置文件)。

nginx实践用例

# 创建 demo 目录
mkdir -p /home/work/nginx-demo
cd /home/work/nginx-demo
  • 创建命名空间 nginx-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: ns-test
  labels:
    name: label-test
  • 创建服务资源 nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: ns-test
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
  • 创建访问服务 nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: ns-test
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  • 创建ingress nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-nginx
  namespace: ns-test
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: traefik.dracula.io
    http:
      paths:
      - backend:
          serviceName: nginx-service
          servicePort: 80

集群服务验证

# 查看ingress
kubectl get ingress -A

# 配置 hosts 文件信息 
vi /etc/hosts
194.156.133.84   traefik.dracula.io
194.156.133.84   traefik.me.k3s

扩展阅读

通过traefik访问nginx与通过nodeport直接访问Nginx的区别。
k8s的nodeport比较难管理
traefik是作为API网关代码,有更多的治理功能。nginx ingress,KONG,ambassador等都是类似的,但traefik实现最简单。

posted @ 2021-01-27 18:21  流雨声  阅读(1012)  评论(0编辑  收藏  举报