本文所有 yaml 文件均参考:
https://github.com/containous/traefik/tree/v1.7/examples/k8s
1.给集群中的 worker 节点打上label,意味着traefik 将部署到这些节点
# 如果集群内使用的Hostname ,则需要把 IP 改为 worker 节点的 hostname
# 本文中 worker01: 192.168.20.11, worker02: 192.168.20.12
kubectl label nodes worker01 edgenode=traefik-proxy
kubectl label nodes worker02 edgenode=traefik-proxy
...
#查看标记结果
kubectl get nodes --show-labels
查看 LABELS 列中有存在 edgenode=traefik-proxy 字样即为标记成功
2.准备所需配置文件
#创建一个目录用于存放所有需要的 yaml 文件
mkdir -p /home/yamls/traefik
cd /home/yamls/traefik
编辑 ingress-rbac.yaml
vi ingress-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: ingress
subjects:
- kind: ServiceAccount
name: ingress
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
编辑 traefik.yaml
vi traefik.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: traefik-ingress-lb
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
terminationGracePeriodSeconds: 60
hostNetwork: true
restartPolicy: Always
serviceAccountName: ingress
containers:
- image: traefik:1.7 # 注意:本文中使用的为traefik V1.7 版本,不可省略版本号,由于最新版本为V2.x 配置文件有较大区别
name: traefik-ingress-lb
resources:
limits:
cpu: 200m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8580
hostPort: 8580
args:
- --web
- --web.address=:8580
- --kubernetes
nodeSelector:
edgenode: "traefik-proxy" #需要安装traefik的标签 traefik-proxy 即为 1 中所标记的标签名称
注意:以上部署文件中 资源限制部分,这里因为是demo测试,所以资源限制没有去掉,也没有调整
将:
resources:
limits:
cpu: 200m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
注释掉:
#resources:
# limits:
# cpu: 200m
# memory: 30Mi
# requests:
# cpu: 100m
# memory: 20Mi
重新创建 traefik-ingress
如果在使用过程中出现,traefik 响应时间很慢的话,需要调整此处的资源限制,或者注释掉
编辑 ui.yaml
vi ui.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8580
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
rules:
- host: traefikui.test.com #配置ui的域名,前提是对域名做好了dns解析(这里需要解析到 1 中打过标签的任意节点)
http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
3.部署 traefik
kubectl apply -f . #注意后面有一个点不可省略
#检查是否执行成功
kubectl get svc,deployment,pod --all-namespaces -o wide | grep traefik
#检查结果
kube-system service/traefik-web-ui ClusterIP 10.68.166.109 <none> 80/TCP 4h k8s-app=traefik-ingress-lb
kube-system pod/traefik-ingress-lb-2qbgd 1/1 Running 0 4h 192.168.20.12 192.168.20.12 <none>
kube-system pod/traefik-ingress-lb-9tc6n 1/1 Running 0 4h 192.168.20.11 192.168.20.11 <none>
kube-system pod/traefik-ingress-lb-fmfn6 1/1 Running 0 4h 192.168.20.13 192.168.20.13 <none>
#查看svc,ing状态
kubectl describe svc,ing traefik-web-ui -n kube-system
#使用部署traefik节点的node ip: port就可以访问了
curl http://worker01:8580
#出现 <a href="/dashboard/">Found</a>. 即表明部署成功了
#当然刚才配置了域名,可以直接使用域名访问
也可以使用 nginx 代理转发, nginx代理转发可参考如下配置
upstream k8s-slave {
server 192.168.20.11 weight=5 max_fails=3 fail_timeout=100s; #服务器地址1
server 192.168.20.12 weight=5 max_fails=3 fail_timeout=100s; #服务器地址2
}
server {
listen 80;
server_name uat.traefik-ui.jz-ins.com;
location / {
proxy_pass http://k8s-slave:8580/;
proxy_cookie_path /traefik-ui /traefik-ui;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header From uat.traefik-ui.jz-ins.com;
proxy_set_header Cookie $http_cookie;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
评论区