(1)traefix组件说明
Traefik是一个用Golang开发的轻量级的Http反向代理和负载均衡器。由于可以自动配置和刷新backend节点,目前可以被绝大部分容器平台支持,例如Kubernetes,Swarm,Rancher等。由于traefik会实时与Kubernetes API交互,所以对于Service的节点变化,traefik的反应会更加迅速。总体来说traefik可以在Kubernetes中完美的运行.
(2)权限资源清单文件
# cat rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
DaemonSet资源清单文件
# cat daemonset.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
#replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik
name: traefik-ingress-lb
args:
- --web
- --kubernetes
- --web.metrics
- --web.metrics.prometheus
- --accesslog
- --accesslog.filepath=/var/log/traefik_access.log
- --traefiklog
- --traefiklog.filepath=/var/log/traefik.log
- --traefiklogsfile=traefik.log
- --api
- --loglevel=INFO
- --metrics.prometheus
service资源清单文件
# cat service.yaml
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: http
nodePort: 30080
- protocol: TCP
port: 8080
name: admin
nodePort: 38080
- protocol: TCP
port: 443
name: https
nodePort: 30443
type: NodePort
ui资源清单文件
# cat ui.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: traefik.nginx.com
http:
paths:
- backend:
serviceName: traefik-web-ui
servicePort: 80
创建资源
kubectl apply -f .
进入ui
http://192.168.213.133:38080/dashboard/
创建deployment和service资源
kubectl run nginx-test1 --image=nginx:1.11 --replicas=1
kubectl get pods -o wide
kubectl expose deployment nginx-test1 --port=80 --target-port=80 --type=NodePort
kubectl get svc
kubectl run nginx-test2 --image=nginx:1.11 --replicas=1
kubectl get pods -o wide
kubectl expose deployment nginx-test2 --port=80 --target-port=80 --type=ClusterIp
kubectl get svc
创建ingress资源,发布服务
# cat nginx-demo.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-demo
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: test1.nginx.com
http:
paths:
- path: /
backend:
serviceName: nginx-test1
servicePort: 80
- host: test2.nginx.com
http:
paths:
- path: /
backend:
serviceName: nginx-test2
servicePort: 80
#kubectl apply -f .
验证
修改本地hosts文件
C:\Windows\System32\drivers\etc\hosts
192.168.213.133 test1.nginx.com test2.nginx.com
报错处理
E0503 08:08:46.302482 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Get https://10.254.0.1:443/apis/extensions/v1beta1/ingresses?limit=500&resourceVersion=0: dial tcp 10.254.0.1:443: i/o timeout
解决方案:开启路由转发
参考文档:https://github.com/kubernetes-retired/contrib/issues/2249
#echo "1" > /proc/sys/net/ipv4/ip_forward
#sysctl net.ipv4.ip_forward=1
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1