Traefik Ingress Controller
Traefik 是一个为了让部署微服务更加便捷而诞生的现代 HTTP 反向代理、负载均衡工具。traefik 本身设计的就能够实时跟 kubernetes api 交互,感知后端 service,pod 等的变化,自动更新配置并重载。
traefik 是一个前端负载均衡器,对于微服务架构尤其是 kubernetes 等编排工具具有良好的支持;
同 nginx 等相比,traefik 能够自动感知后端容器变化,从而实现自动服务发现。
traefik 部署在 k8s 上分为 daemonset 和 deployment 两种方式,各有优缺点:
daemonset 能确定有哪些 Node 在运行 traefik,所以可以确定的知道后端 ip,但是不能方便的伸缩。
deployment 可以更方便的伸缩,但是不能确定有哪些 Node 在运行 traefik 所以不能确定的知道后端 ip。
一般部署两种不同类型的 traefik:
面向内部(internal)服务的 traefik,建议可以使用 deployment 的方式。
面向外部(external)服务的 traefik,建议可以使用 daemonset 的方式。
建议使用 traffic-type 标签
traffic-type: external
traffic-type: internal
traefik 相应地使用 labelSelector
traffic-type=internal
traffic-type=external
官方网址: https://docs.traefik.io/
下载源码:git clone https://github.com/containous/traefik.git
//部署 nginx-ingress-controller
1、获取配置文件
mkdir /opt/traefik
cd /opt/traefik
官方下载地址:
wget https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-rbac.yaml
wget https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-deployment.yaml
wget https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-ds.yaml
wget https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/ui.yaml
国内的 gitee:
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
2、依次执行
//启用RBAC
kubectl apply -f traefik-rbac.yaml
//部署 Traefik 到 Kubernetes 集群,为外部访问创建 NodePorts
kubectl apply -f traefik-deployment.yaml
//部署 Traefik Web UI
kubectl apply -f ui.yaml
//查看结果
kubectl get svc -o wide -n kube-system | grep traefik
traefik-ingress-service NodePort 10.96.241.13 <none> 80:32383/TCP,8080:32133/TCP 103m k8s-apptraefik-ingress-lb
traefik-web-ui ClusterIP 10.96.67.119 <none> 80/TCP 101m k8s-apptraefik-ingress-lb
//访问 Traefik UI,浏览器访问 http://Nodeip:NodePort/dashboard/
http://192.168.80.14:32133/dashboard/
//Ingress HTTP 代理访问
cd /opt/ingress-nodeport
#创建 deployment、Service、Ingress Yaml 资源
vim ingress-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-app
spec:
replicas: 2
selector:
matchLabels:
name: nginx
template:
metadata:
labels:
name: nginx
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
name: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-test
spec:
rules:
- host: www.my.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-svc
port:
number: 80
kubectl apply -f ingress-nginx.yaml
kubectl get svc,pods -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23d <none>
service/nginx-svc ClusterIP 10.96.89.181 <none> 80/TCP 88m name=nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-app-65d7b99f6b-nnw7q 1/1 Running 0 88m 10.244.2.4 node02 <none> <none>
pod/nginx-app-65d7b99f6b-x47l8 1/1 Running 0 88m 10.244.1.5 node01 <none> <none>
kubectl exec -it pod/nginx-app-65d7b99f6b-nnw7q bash
# cd /usr/share/nginx/html/
# echo 'this is web1' >> index.html
kubectl exec -it pod/nginx-app-65d7b99f6b-x47l8 bash
# cd /usr/share/nginx/html/
# echo 'this is web2' >> index.html
#测试访问
curl 10.96.89.181
kubectl get svc -o wide -n kube-system | grep traefik
traefik-ingress-service NodePort 10.96.241.13 <none> 80:32383/TCP,8080:32133/TCP 103m k8s-apptraefik-ingress-lb
traefik-web-ui ClusterIP 10.96.67.119 <none> 80/TCP 101m k8s-apptraefik-ingress-lb
#本地 host 添加域名解析
vim /etc/hosts
192.168.80.10 master
192.168.80.11 node01
192.168.80.12 node02
192.168.80.12 www.xiaoma.com www.my.com
#模拟外部访问
curl http://www.my.com:32383
#再刷新查看 Traefik UI 界面,会生成刚创建的集群信息
http://192.168.80.14:32133/dashboard/