k8s学习(十六)安装traefik2.5

最新推荐文章于 2024-06-10 10:30:00 发布
最新推荐文章于 2024-06-10 10:30:00 发布
阅读量2.3k 收藏 6
点赞数 1
分类专栏: k8s 文章标签: kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/RenshenLi/article/details/122291401
版权

目录

前言

目前traefik更新到了 2.5 的版本,本文基于最新版本安装traefik。

一、简介

    Traefik 是一个云原生的新型的 HTTP 反向代理、负载均衡软件,能轻易的部署微服务. 它支持多种后端 (Docker, Swarm, Mesos/Marathon, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) ,可以对配置进行自动化、动态的管理。

    Traefik是一个开源的边缘路由器,它使发布您的服务成为一个有趣和简单的体验。它接受外部请求,通过路由找到相关组件处理请求。

特点:

Golang编写,单文件部署,与系统无关,同时也提供小尺寸Docker镜像。

支持Docker/Etcd后端,天然连接我们的微服务集群。

内置Web UI(dashboard),管理相对方便。

自动配置ACME(Let’s Encrypt)证书功能。

性能尚可,我们也没有到压榨LB性能的阶段,易用性更重要。

Restful API支持。

支持后端健康状态检查,根据状态自动配置。

支持动态加载配置文件和graceful重启。

支持WebSocket和HTTP/2。

二、下载traefik

1、查询

[root@k8s-master k8s]# docker search traefik
NAME                                          DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
traefik                                       Traefik, The Cloud Native Edge Router           2310                [OK]
containous/traefik                            Traefik unofficial image (please use officia…   37                                      [OK]
thomseddon/traefik-forward-auth               Minimal forward authentication that provides…   35                                      [OK]

2、下载

[root@k8s-master k8s]# docker pull traefik
Using default tag: latest
latest: Pulling from library/traefik
97518928ae5f: Pull complete
8f1084cd7998: Pull complete
7f585f616a11: Pull complete
c4f598fe2b15: Pull complete
Digest: sha256:2f603f8d3abe1dd3a4eb28960c55506be48293b41ea2c6ed4a4297c851a57a05
Status: Downloaded newer image for traefik:latest
docker.io/library/traefik:latest

3、打tag

[root@k8s-master k8s]# docker tag traefik:latest 172.16.10.158:85/traefik

4、推送到私有仓库

[root@k8s-master k8s]# docker push 172.16.10.158:85/traefik
The push refers to repository [172.16.10.158:85/traefik]
d5027df3849a: Pushed
089094788c81: Pushed
329f6072fea0: Pushed
1a058d5342cc: Pushed
latest: digest: sha256:cb6c620b70f3981b2323cf759d452164e84ed6ce82c2a2a84e0df825a8428309 size: 1157

二、安装traefik

1.创建CRD资源

(1)traefik-crd.yaml

[root@k8s-master 2]# cat traefik-crd.yaml
## IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutes.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRoute
    plural: ingressroutes
    singular: ingressroute
---
## IngressRouteTCP
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutetcps.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteTCP
    plural: ingressroutetcps
    singular: ingressroutetcp
---
## Middleware
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
---
## MiddlewareTcp
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewaretcps.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: MiddlewareTCP
    plural: middlewaretcps
    singular: middlewaretcp
---
## ServersTransport
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: serverstransports.traefik.containo.us
spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: ServersTransport
    plural: serverstransports
    singular: serverstransport
  scope: Namespaced
---
## TLSOption
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsoptions.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSOption
    plural: tlsoptions
    singular: tlsoption
---
## TraefikService
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: traefikservices.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TraefikService
    plural: traefikservices
    singular: traefikservice
---
## TraefikTLSStore
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsstores.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSStore
    plural: tlsstores
    singular: tlsstore
---
## IngressRouteUDP
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressrouteudps.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteUDP
    plural: ingressrouteudps
    singular: ingressrouteudp

(2)创建

[root@k8s-master 2]# kubectl create -f traefik-crd.yaml
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/ingressroutes.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressroutetcps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/middlewares.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/middlewaretcps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/serverstransports.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsoptions.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/traefikservices.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsstores.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressrouteudps.traefik.containo.us created

2.创建RBAC权限

(1)traefik-rbac.yaml

[root@k8s-master 2]# cat traefik-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - traefik.containo.us
    resources:
      - middlewares
      - middlewaretcps
      - serverstransports
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
    verbs:
      - get
      - list
      - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
    namespace: kube-system

(2)创建

[root@k8s-master 2]# kubectl create -f traefik-rbac.yaml
serviceaccount/traefik-ingress-controller created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created

3.创建configMap配置

(1)traefik-config.yaml

[root@k8s-master 2]# cat traefik-config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: traefik-config
  namespace: kube-system
data:
  traefik.yaml: |-
    serversTransport:
      insecureSkipVerify: true  ## 忽略验证代理服务的 TLS 证书
    api:
      insecure: true            ## 允许 HTTP 方式访问 API
      dashboard: true           ## 启用 Dashboard UI
      debug: true               ## 启用 Debug 模式
    metrics:
      prometheus: metrics       ## 配置 Prometheus 监控指标数据
    entryPoints:
      web:
        address: ":80"          ## 配置 80 端口,并设置入口名称为 web
      websecure:
        address: ":443"         ## 配置 443 端口,并设置入口名称为 websecure
      traefik:
        address: ":8090"        ## 配置 8090 端口,并设置入口名称为 dashboard
      metrics:
        address: ":8082"        ## 配置 8082 端口,作为metrics收集入口
      tcpep:
        address: ":8000"        ## 配置 8000 端口,作为tcp入口
      udpep:
        address: ":9000/udp"    ## 配置 9000 端口,作为udp入口
    providers:
      kubernetescrd:            ## 启用 Kubernetes CRD 方式来配置路由规则
        ingressclass: traefik-v2.5
      kubernetesingress:        ## 启动 Kubernetes Ingress 方式来配置路由规则
        ingressclass: traefik-v2.5
    log:
      filePath: "/etc/traefik/logs/traefik.log"              ## 设置调试日志文件存储路径,如果为空则输出到控制台
      level: error                ## 设置调试日志级别
      format: json                ## 设置调试日志格式
    accessLog:
      filePath: "/etc/traefik/logs/access.log"              ## 设置访问日志文件存储路径,如果为空则输出到控制台
      format: json              
      bufferingSize: 0         
      filters:
        retryAttempts: true     ## 设置代理访问重试失败时,保留访问日志
        minDuration: 10         ## 设置保留请求时间超过指定持续时间的访问日志
      fields:                   ## 设置访问日志中的字段是否保留(keep 保留、drop 不保留)
        defaultMode: keep       ## 设置默认保留访问日志字段
        names:                  ## 针对访问日志特别字段特别配置保留模式
          ClientUsername: drop
        headers:                ## 设置 Header 中字段是否保留
          defaultMode: keep     ## 设置默认保留 Header 中字段
          names:                ## 针对 Header 中特别字段特别配置保留模式
            User-Agent: redact
            Authorization: drop
            Content-Type: keep

(2)创建

[root@k8s-master 2]# kubectl create -f traefik-config.yaml
configmap/traefik-config created

4.创建traefik service

(1)traefik-service.yaml

[root@k8s-master 2]# cat traefik-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: traefik-v2
  namespace: kube-system
  labels:
    app: traefik-v2
spec:
  replicas: 2
  selector:
    matchLabels:
      app: traefik-v2
  template:
    metadata:
      labels:
        app: traefik-v2
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 1
      containers:
        - name: traefik-v2
          image: 172.16.10.158:85/traefik
          args:
            - --configfile=/config/traefik.yaml
          ports:
            - name: web
              containerPort: 80
              hostPort: 80          
            - name: websecure
              containerPort: 443
              hostPort: 443         
            - name: admin
              containerPort: 8090
            - name: tcpep
              containerPort: 8000
            - name: udpep
              containerPort: 9000
          resources:
            limits:
              cpu: 500m
              memory: 1024Mi
            requests:
              cpu: 300m
              memory: 1024Mi
          securityContext:
            capabilities:             
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
          volumeMounts:
          - mountPath: "/config"
            name: "config"
          - mountPath: /etc/traefik/logs
            name: logdir
          - mountPath: /etc/localtime
            name: timezone
            readOnly: true
      volumes:
        - name: config
          configMap:
            name: traefik-config
        - name: logdir
          hostPath:
            path: /data/traefik/logs
            type: "DirectoryOrCreate"
        - name: timezone
          hostPath:
            path: /etc/localtime
            type: File
      tolerations:
        - operator: "Exists"      
      hostNetwork: true 
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-v2
  namespace: kube-system
spec:
  type: LoadBalancer
  selector:
    app: traefik-v2
  ports:
    - protocol: TCP
      port: 80
      name: web
      targetPort: 80
    - protocol: TCP
      port: 443
      name: websecure
      targetPort: 443
    - protocol: TCP
      port: 8090
      name: admin
      targetPort: 8090
    - protocol: TCP
      port: 8000
      name: tcpep
      targetPort: 8000

(2)创建

[root@k8s-master 2]# kubectl create -f traefik-service.yaml
deployment.apps/traefik-v2 created
service/traefik-v2 created

四、配置Dashboard路由

1、dashboard-route.yaml

[root@k8s-master 2]# cat dashboard-route.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard-route
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik-v2.5
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`dashboard.test.com`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: traefik-v2
      port: 8090

2、编辑本机hosts文件

添加ip域名

172.16.10.158   dashboard.test.com

3、访问

http://dashboard.test.com/

在这里插入图片描述

_lrs
关注
  • 1
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
k8s traefik2.4部署
qq_19757081的博客
04-21 363
安装namespace apiVersion: v1 kind: Namespace metadata: name: kube-traefik labels: app: traefik-ingress-lb traefik2.4引进了CRD资源 安装CRD apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: ingressroutes.traefik.c
k8s-traefik
weixin_44257754的博客
07-13 313
本次在内网环境,需在hosts文件做对应的域名解释(解析到traefik pod所在宿主机)至此traefik部署完成,下面配置以域名访问traefik后台服务(配置其他服务相似)k8s版本不同,资源配置文件格式可能不同(如apiversion)创建traefik后台service对应ingress。创建traefik daemonset文件。kuberbetes版本:v1.25.0。创建traefik后台service。1.traefik官网部署。创建traefik部署目录。资源的namespace。
k8s集群安装traefik 2.x (保证成功版)
Devin's Blog
04-12 1480
本人环境: k8s version: v1.22.0 配置:5 台4核8G阿里云服务器 master节点:3台 node节点:2台 按顺序执行下面5个文件即可 01:01-traefik-v2.x-crd-rbac.yaml 02:02-traefik-v2.x-dashboard-deployment.yaml 03:03-traefik-v2.x-dashboard-svc.yaml 04:04-app-deployment-svc.yaml 05:05-app-ingress.
k8s--基础--07--环境搭建--安装traefik
zhou920786312的博客
08-08 802
traefik 与 nginx 一样,是反向代理工具,或者叫 Edge Router。
Kubernetes】————————Traefik Ingress Controller
最新发布
zzzxxx520369的博客
06-10 487
Traefik 是一个为了让部署微服务更加便捷而诞生的现代 HTTP 反向代理、负载均衡工具。traefik 本身设计的就能够实时跟 kubernetes api 交互,感知后端 service,pod 等的变化,自动更新配置并重载。traefik 是一个前端负载均衡器,对于微服务架构尤其是 kubernetes 等编排工具具有良好的支持;同 nginx 等相比,traefik 能够自动感知后端容器变化,从而实现自动服务发现。
traefik】基于k8s搭建traefik, nginx与traefik共存
lixiaonan0318的博客
04-27 2052
ingress controller 负责解析 Ingress 的反向代理规则,当它收到请求后就会根据规则将请求转发到对应的 Service。每种边缘路由都有自己的 ingress controller,如 nginx ingress controller。此toml文件是静态的,不会热更新,关于动态配置文件下一篇再聊。检查pod 状态是否正常即可。
k8s整合Traefik
qq_29860591的博客
11-29 1480
k8s整合Traefik 介绍 公司的k8s云测试环境,集群和核心组件研究部署的差不多了,此处用阿里云进行模拟,记录安装traefik过程 Traefik 是一个开源的可以使服务发布变得轻松有趣的边缘路由器。它负责接收你系统的请求,然后使用合适的组件来对这些请求进行处理。 除了众多的功能之外,Traefik 的与众不同之处还在于它会自动发现适合你服务的配置。当 Traefik 在检查你的服务时...
K8S系列文章之 Traefik快速入门
Coder_Boy_的博客
08-06 667
traefik与nginx一样,是一款优秀的工具,或者叫。至于使用它的原因则基于以下几点dockerdashboardmetricsprometheusk8s
阿里云k8s kubectl 一键部署springboot2.5
01-10
阿里云k8s kubectl 一键部署springboot2.5
使用sealos安装k8s时的工具
11-05
而SealOS是一款专为简化k8s安装流程而设计的工具,它使得部署和管理k8s集群变得更加便捷。在《快速搭建云原生开发环境(k8s+pv+prometheus+grafana)》这篇文章中,SealOS扮演了关键的角色。 首先,我们来看一下...
traefik-1.7.34,k8s安装traefik作为ingress
03-28
要在k8s安装Traefik,通常需要以下步骤: 1. 创建一个ServiceAccount,以便Traefik可以访问k8s API。 2. 配置Role和RoleBinding,赋予Traefik必要的权限来读取Ingress资源。 3. 创建Deployment或DaemonSet,部署...
k8s sealos安装1.18.0
03-31
一条命令安装k8s sealos init --user root --passwd 1 --version v1.18.0 --pkg-url /root/kube1.18.0.tar.gz --master 192.168.36.135 --network calico --podcidr 10.10.0.0/16
k8s安装traefik作为ingress
虫虫的博客
03-28 1389
k8s安装traefik作为ingress
使用Træfɪk(traefik)来加速Qt在线更新
weixin_33724659的博客
10-02 231
简述 在使用Qt的MaintenanceTool程序进行在线更新的时候遇到一个问题,就是访问download.qt.io实在太慢了,老是失败。所以想使用国内的镜像站来进行更新。 使用Qt的镜像站方法也很简单,下载Update.xml和Update_orig.xml回来,然后修改里面的url即可,这个网上有很多教程。 但是这个方法不是很好用,还需要自己手动把一些元数据文件下载回来。 最近在研究tra...
k8s部署Traefik
田园园野的博客
06-02 8691
Ingress: ingress是从kubernetes集群外访问集群的入口,将用户的URL请求转发到不同的service上。Ingress相当于nginx、apache等负载均衡方向代理服务器,其中还包括规则定义,即URL的路由信息,路由信息得的刷新由Ingress controller来提供。 Ingress Controller 实质上可以理解为是个监视器,Ingress Controlle...
Traefik-kubernetes 负责均衡器初试
ximenghappy的专栏
03-08 2860
kubernetes Traefik
千云物流-k8s安装路由traefik
Hello Word
12-02 756
traefik开源的边缘路由器,traefik 本身就能跟 kubernetes API 交互,感知后端变化。traefik 是一个前端负载均衡器,做反向代理。对于微服务架构尤其是 kubernetes 等编排工具具有良好的支持;traefik部署在k8s上分为daemonset和deployment。所有操作都会自动实时进行(热加载)。在2.0版本之后增加了tcp代理。证书有效期为3个月,剩余不足30天时,Traefik将自动尝试续订。
k8s+Ingress+Traefik 搭建一个外网可以访问的 Web 服务
公众号 Java4ye
10-24 3297
k8s+Ingress+Traefik 搭建一个外网可以访问的 Web 服务
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

_lrs

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值