一、treafik简介
1.ingress简介
Traefik是一个开源的kuberetes ingrsss,它可以让你的服务发布成为一种有趣而轻松的体验。它代表您的系统接收请求,并找出哪些组件负责处理它们。
Traefik的与众不同之处在于,除了它的众多功能之外,它还可以自动为您的服务发现正确的配置。当 Traefik 检查您的基础设施时,奇迹就会发生,它会在其中找到相关信息并发现哪个服务服务于哪个请求。
Traefik 原生兼容所有主要的集群技术,例如 Kubernetes、Docker、Docker Swarm、AWS、Mesos、Marathon,不胜枚举;并且可以同时处理多个。(它甚至适用于在裸机上运行的遗留软件。)
使用 Traefik,无需维护和同步单独的配置文件:一切都自动实时发生(无需重启,无需连接中断)。使用 Traefik,您可以花时间为系统开发和部署新功能,而不是配置和维护其工作状态。
二、helm安装
wget https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz
tar vzxf helm-v3.9.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
三、traefik部署
# 添加rep
[root@master01 ~]# helm repo add traefik https://helm.traefik.io/traefik
"traefik" has been added to your repositories
# 更新repo仓库资源
[root@master01 ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "traefik" chart repository
Update Complete. ⎈Happy Helming!⎈
# 查看repo仓库traefik
[root@master01 ~]# helm search repo traefik
NAME CHART VERSION APP VERSION DESCRIPTION
traefik/traefik 10.20.1 2.7.0 A Traefik based Kubernetes ingress controller
#创建traefik-v2名称空间
[root@master01 ~]# kubectl create ns traefik
namespace/traefik created
# 安装traefik
[root@master01 ~]# helm install --namespace=traefik traefik traefik/traefik
NAME: traefik
LAST DEPLOYED: Thu Jun 2 16:41:14 2022
NAMESPACE: traefik
STATUS: deployed
REVISION: 1
TEST SUITE: None
# 查看helm列表
root@master01 ~]# helm list -n traefik
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik traefik 1 2022-06-02 16:41:14.361813545 +0800 CST deployed traefik-10.20.1 2.7.0
# 查看pod资源信息
[root@master01 ~]# kubectl get pod -n traefik
NAME READY STATUS RESTARTS AGE
traefik-7b95b5df6-r2v5j 1/1 Running 0 70s
四、暴露traefik dashboard服务
#手动转发模式
#默认情况下,由于安全考虑,不会公开 Traefik 仪表板。可以通过端口转发实现仪表板访问
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name -n traefik) -n traefik --address 0.0.0.0 9000:9000
访问:http://192.168.3.30:9000/dashboard/#/
五、配置http代理
1.部署whoami测试应用
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
namespace: traefik
spec:
replicas: 3
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
EOF
2.创建一个用于访问whoami应用的服务
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: whoami
namespace: traefik
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 80
selector:
app: whoami
EOF
3.创建一个Ingress,用于配置whoami应用的入口规则
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami
namespace: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: treafik.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
EOF
4.测试入口,OK
[root@master01 traefik]# curl -H "Host: treafik.demo" http://192.168.3.30:31325
Hostname: whoami-68689d7d7b-qwmgz
IP: 127.0.0.1
IP: ::1
IP: 10.244.140.66
IP: fe80::7446:b0ff:fe89:17a7
RemoteAddr: 10.244.248.196:56408
GET / HTTP/1.1
Host: treafik.demo
User-Agent: curl/7.61.1
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.244.241.64
X-Forwarded-Host: treafik.demo
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-7b95b5df6-r2v5j
X-Real-Ip: 10.244.241.64
六、配置tcp代理
1.更新Traefik运行参数,创建新的EntryPoint
# ports.whoamitcp.protocol=TCP 网络协议
# ports.whoamitcp.port=8081 监听端口
# ports.whoamitcp.exposedPort=8081 服务公开端口
# ports.whoamitcp.expose=true 是否暴露端口
helm upgrade --install --namespace traefik \
--set deployment.replicas=3 \
--set pilot.dashboard=false \
--set ingressRoute.dashboard.enabled=false \
--set ports.web.redirectTo=websecure \
--set additionalArguments[0]=--entrypoints.websecure.http.tls \
--set ports.whoamitcp.protocol=TCP \
--set ports.whoamitcp.port=8081 \
--set ports.whoamitcp.exposedPort=8081 \
--set ports.whoamitcp.expose=true \
traefik traefik/traefik
2.部署whoamitcp应用
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoamitcp
namespace: traefik
spec:
replicas: 3
selector:
matchLabels:
app: whoamitcp
template:
metadata:
labels:
app: whoamitcp
spec:
containers:
- name: whoamitcp
image: traefik/whoamitcp:latest
imagePullPolicy: IfNotPresent
ports:
- protocol: TCP
containerPort: 8080
EOF
3.创建一个用于访问whoamitcp应用的服务
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: whoamitcp
namespace: traefik
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 8080
selector:
app: whoamitcp
EOF
4.创建一个IngressRouteTCP,用于配置whoamitcp应用的入口规则
cat <<EOF | kubectl apply -f -
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: whoamitcp
namespace: traefik
spec:
entryPoints:
- whoamitcp
routes:
- match: HostSNI(\`*\`)
services:
- name: whoamitcp
port: 8080
EOF
5.验证反向代理和服务运行状态
#获取端口
[root@master01 traefik]# kubectl get svc traefik -n traefik
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik LoadBalancer 172.18.153.70 <pending> 80:31325/TCP,443:31211/TCP,8081:30182/TCP 105m
#测试ok
[root@master01 traefik]# echo "Hello" | socat - tcp4:192.168.3.30:30182
Received: Hello
[root@master01 traefik]#
七、配置udp代理
1.更新Traefik运行参数,创建新的EntryPoint
# ports.whoamiudp.protocol=UDP 网络协议
# ports.whoamiudp.port=8082 监听端口
# ports.whoamiudp.exposedPort=8082 服务公开端口
# ports.whoamiudp.expose=true 是否暴露端口
helm upgrade --install --namespace traefik \
--set deployment.replicas=3 \
--set pilot.dashboard=false \
--set ingressRoute.dashboard.enabled=false \
--set ports.web.redirectTo=websecure \
--set additionalArguments[0]=--entrypoints.websecure.http.tls \
--set ports.whoamitcp.protocol=TCP \
--set ports.whoamitcp.port=8081 \
--set ports.whoamitcp.exposedPort=8081 \
--set ports.whoamitcp.expose=true \
--set ports.whoamiudp.protocol=UDP \
--set ports.whoamiudp.port=8082 \
--set ports.whoamiudp.exposedPort=8082 \
--set ports.whoamiudp.expose=true \
traefik traefik/traefik
2.部署whoamiudp应用
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoamiudp
namespace: traefik
spec:
replicas: 3
selector:
matchLabels:
app: whoamiudp
template:
metadata:
labels:
app: whoamiudp
spec:
containers:
- name: whoamiudp
image: traefik/whoamiudp:latest
imagePullPolicy: IfNotPresent
ports:
- protocol: UDP
containerPort: 8080
EOF
3.创建一个用于访问whoamiudp应用的服务
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: whoamiudp
namespace: traefik
spec:
type: ClusterIP
ports:
- protocol: UDP
port: 8080
selector:
app: whoamiudp
EOF
4.创建一个IngressRouteUDP,用于配置whoamiudp应用的入口规则
cat <<EOF | kubectl apply -f -
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
name: whoamiudp
namespace: traefik
spec:
entryPoints:
- whoamiudp
routes:
- services:
- name: whoamiudp
port: 8080
EOF
5.验证反向代理和服务运行状态
[root@master01 traefik]# echo "Hello" | socat - udp4:192.168.3.30:30948
Received: Hello
版权声明:本文为lic95原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。