侧边栏壁纸
博主头像
惬意小蜗牛博主等级

海内存知己,天涯若比邻!

  • 累计撰写 54 篇文章
  • 累计创建 143 个标签
  • 累计收到 63 条评论

目 录CONTENT

文章目录

kubernetes 部署 traefik v1.7

惬意小蜗牛
2021-07-02 / 0 评论 / 0 点赞 / 1,632 阅读 / 938 字 / 正在检测是否收录...

本文所有 yaml 文件均参考:
https://github.com/containous/traefik/tree/v1.7/examples/k8s

1.给集群中的 worker 节点打上label,意味着traefik 将部署到这些节点

# 如果集群内使用的Hostname ,则需要把 IP 改为 worker 节点的 hostname
# 本文中 worker01: 192.168.20.11, worker02: 192.168.20.12

kubectl label nodes worker01 edgenode=traefik-proxy

kubectl label nodes worker02 edgenode=traefik-proxy

...

#查看标记结果
kubectl get nodes --show-labels

查看 LABELS 列中有存在 edgenode=traefik-proxy 字样即为标记成功

2.准备所需配置文件

#创建一个目录用于存放所有需要的 yaml 文件
mkdir -p /home/yamls/traefik
cd /home/yamls/traefik

编辑 ingress-rbac.yaml

vi ingress-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress
  namespace: kube-system

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ingress
subjects:
  - kind: ServiceAccount
    name: ingress
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

编辑 traefik.yaml

vi traefik.yaml

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: traefik-ingress-lb
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      restartPolicy: Always
      serviceAccountName: ingress
      containers:
      - image: traefik:1.7         # 注意:本文中使用的为traefik V1.7 版本,不可省略版本号,由于最新版本为V2.x 配置文件有较大区别
        name: traefik-ingress-lb
        resources:
          limits:
            cpu: 200m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8580
          hostPort: 8580
        args:
        - --web
        - --web.address=:8580
        - --kubernetes
      nodeSelector:
        edgenode: "traefik-proxy"  #需要安装traefik的标签 traefik-proxy 即为 1 中所标记的标签名称

注意:以上部署文件中 资源限制部分,这里因为是demo测试,所以资源限制没有去掉,也没有调整

将:
        resources:
          limits:
            cpu: 200m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
注释掉:
        #resources:
        #  limits:
        #    cpu: 200m
        #    memory: 30Mi
        #  requests:
        #    cpu: 100m
        #    memory: 20Mi

重新创建 traefik-ingress

如果在使用过程中出现,traefik 响应时间很慢的话,需要调整此处的资源限制,或者注释掉

编辑 ui.yaml

vi ui.yaml

apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8580
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  rules:
  - host: traefikui.test.com #配置ui的域名,前提是对域名做好了dns解析(这里需要解析到 1 中打过标签的任意节点)
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui
          servicePort: web

3.部署 traefik

kubectl apply -f .      #注意后面有一个点不可省略

#检查是否执行成功
kubectl get svc,deployment,pod --all-namespaces -o wide | grep traefik

#检查结果
kube-system   service/traefik-web-ui         ClusterIP   10.68.166.109   <none>        80/TCP              4h        k8s-app=traefik-ingress-lb
kube-system   pod/traefik-ingress-lb-2qbgd                1/1       Running   0          4h        192.168.20.12   192.168.20.12   <none>
kube-system   pod/traefik-ingress-lb-9tc6n                1/1       Running   0          4h        192.168.20.11   192.168.20.11   <none>
kube-system   pod/traefik-ingress-lb-fmfn6                1/1       Running   0          4h        192.168.20.13   192.168.20.13   <none>

#查看svc,ing状态
kubectl describe svc,ing traefik-web-ui -n kube-system

#使用部署traefik节点的node ip: port就可以访问了
curl http://worker01:8580

#出现 <a href="/dashboard/">Found</a>. 即表明部署成功了

#当然刚才配置了域名,可以直接使用域名访问

也可以使用 nginx 代理转发, nginx代理转发可参考如下配置

upstream k8s-slave {
    server 192.168.20.11 weight=5 max_fails=3 fail_timeout=100s;   #服务器地址1
    server 192.168.20.12 weight=5 max_fails=3 fail_timeout=100s;   #服务器地址2
}

server {
    listen       80;
    server_name  uat.traefik-ui.jz-ins.com;

    location / {
        proxy_pass http://k8s-slave:8580/;
        proxy_cookie_path /traefik-ui /traefik-ui;
        proxy_set_header   Host             $host:$server_port; 
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        add_header From uat.traefik-ui.jz-ins.com;
        proxy_set_header Cookie $http_cookie; 
        proxy_http_version 1.1;
        proxy_set_header Upgrade          $http_upgrade;
        proxy_set_header Connection       "upgrade";
    }
}
0

评论区