由于想在k8s中部署使用mysql使用,mysql是tcp连接,traefik1.7不支持tcp路由,所以升级到2.5.7
1、镜像
docker pull traefik:v2.5.7
2、tag
docker images | grep traefik
traefik v2.5.7 865923368a9f 7 hours ago 101MB
docker tag 865923368a9f registry.cn-shenzhen.aliyuncs.com/hqyinfra/traefik:v2.5.7
3、推送
docker push registry.cn-shenzhen.aliyuncs.com/hqyinfra/traefik:v2.5.7
4、自定义资源
crd.yaml
kubectl apply -f crd.yaml
引用官网:Definitions
5、rbac.yaml
kubectl apply -f rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kube-system
name: traefik-ingress-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
6、cm.yaml
kubectl apply -f cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik
namespace: kube-system
data:
traefik.yaml: |-
serversTransport:
insecureSkipVerify: true
api:
insecure: true
dashboard: true
debug: true
metrics:
prometheus: ""
entryPoints:
web:
address: ":8000"
websecure:
address: ":4443"
providers:
kubernetesCRD: ""
kubernetesingress: ""
log:
filePath: ""
level: error
format: json
accessLog:
filePath: ""
format: json
bufferingSize: 0
filters:
retryAttempts: true
minDuration: 20
fields:
defaultMode: keep
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
User-Agent: redact
Authorization: drop
Content-Type: keep
7、ds.yaml
kubectl apply -f ds.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: traefik
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: registry.cn-shenzhen.aliyuncs.com/hqyinfra/traefik:v2.5.7
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: /config
name: config
ports:
- name: web
containerPort: 8000
hostPort: 83
- name: websecure
containerPort: 4443
hostPort: 4443
- name: admin
containerPort: 8080
volumes:
- name: config
configMap:
name: traefik
8、svc.yaml
kubectl apply -f svc.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
ports:
- protocol: TCP
name: web
port: 8000
- protocol: TCP
name: admin
port: 8080
- protocol: TCP
name: websecure
port: 4443
selector:
app: traefik
9、ir.yaml
kubectl apply -f ir.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.candy.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: traefik
port: 8080
10、配置本地host
vi /etc/hosts
127.0.0.1 traefik.candy.com
11、修改原来转发请求至traefik的nginx的配置,改了下端口,避免和以前的冲突
docker exec -it nginx sh
vi /etc/nginx/conf.d/candy.com.conf
upstream default_backend_traefik {
server 192.168.65.4:83;
}
server {
server_name *.candy.com;
location / {
proxy_pass http://default_backend_traefik;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
nginx -s reload
exit
12、删除原来的traefik1.7的资源
kubectl delete -f rbac.yaml
kubectl delete -f ds.yaml
kubectl delete -f svc.yaml
kubectl delete -f ingress.yaml
13、浏览器访问:traefik.candy.com
14、修改原来dashboard的部署(可选,因为traefik2.5.7兼容之前的Ingress资源,只是进入点设置是所有的进入点,建议改掉,如果以后有tcp的进入点,设置的HostSNI(`*`),那么就会匹配到这个资源对象)
删除原来dashboard的ingress
kubectl delete -f ingress.yaml
ir.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
entryPoints:
- web
routes:
- match: Host(`dashboard.candy.com`)
kind: Rule
services:
- name: kubernetes-dashboard
port: 443
kubectl apply -f ir.yaml
浏览器访问:dashboard.candy.com
注意:由于所有资源文件的命名规则都是一样的,请区分好不同应用的不同资源文件!!