K8S：Traefik Ingress Controller

一.Traefik概念

1.什么是Traefik

（1）Traefik 是一个为了让部署微服务更加便捷而诞生的现代 HTTP 反向代理、负载均衡工具。traefik 本身设计的就能够实时跟 kubernetes api 交互，感知后端 service，pod 等的变化，自动更新配置并重载。

（2）traefik 是一个前端负载均衡器，对于微服务架构尤其是 kubernetes 等编排工具具有良好的支持；

（3）同 nginx 等相比，traefik 能够自动感知后端容器变化，从而实现自动服务发现。

2.traefik 部署方式及优缺点

（1）traefik 部署在 k8s 上分为 daemonset 和 deployment 两种方式，各有优缺点：

• daemonset 能确定有哪些 Node 在运行 traefik，所以可以确定的知道后端 ip，但是不能方便的伸缩。
• deployment 可以更方便的伸缩，但是不能确定有哪些 Node 在运行 traefik 所以不能确定的知道后端 ip。

（2）一般部署两种不同类型的 traefik:

• 面向内部（internal）服务的 traefik，建议可以使用 deployment 的方式。
• 面向外部（external）服务的 traefik，建议可以使用 daemonset 的方式。

（3）建议使用 traffic-type 标签
traffic-type: external
traffic-type: internal

（4）traefik 相应地使用 labelSelector
traffic-type=internal
traffic-type=external

官方网址: https://docs.traefik.io/
下载源码：git clone https://github.com/containous/traefik.git

二.部署 nginx-ingress-controller

1.获取配置文件

mkdir /opt/traefik
cd /opt/traefik

官方下载地址：
wget  https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-ds.yaml
wget  https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/ui.yaml

国内的 gitee：
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget  https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml

2.依次执行

//启用RBAC
kubectl apply -f traefik-rbac.yaml

//部署 Traefik 到 Kubernetes 集群，为外部访问创建 NodePorts
kubectl apply -f traefik-deployment.yaml

//部署 Traefik Web UI
kubectl apply -f ui.yaml

//查看结果
kubectl get pod -l k8s-app=traefik-ingress-lb -n kube-system
NAME                                          READY   STATUS    RESTARTS   AGE
traefik-ingress-controller-6b7f594d46-k94vx   1/1     Running   0          27m

kubectl get svc -o wide -n kube-system | grep traefik

traefik-ingress-service   NodePort    10.96.76.50     <none>        80:32256/TCP,8080:32644/TCP   12s   k8s-app=traefik-ingress-lb
traefik-web-ui            ClusterIP   10.96.229.103   <none>        80/TCP                        7s    k8s-app=traefik-ingress-lb

kubectl get pod traefik-ingress-controller-6b7f594d46-k94vx -o wide -n kube-system
NAME                                          READY   STATUS    RESTARTS   AGE   IP             NODE     NOMINATED NODE   READINESS GATES
traefik-ingress-controller-6b7f594d46-k94vx   1/1     Running   0          29m   10.244.2.199   node01   <none>           <none>

//访问 Traefik UI，浏览器访问 http://Nodeip:NodePort/dashboard/
http://192.168.198.12:32644/dashboard/

//Ingress HTTP 代理访问
cd /opt/ingress-nodeport

#创建 deployment、Service、Ingress Yaml 资源
vim ingress-nginx.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
spec:
  replicas: 2
  selector:
    matchLabels:
      name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: nginx
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    name: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-test
spec:
  rules:
    - host: www.benet.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service: 
              name: nginx-svc
              port:
                number: 80

kubectl apply -f ingress-nginx.yaml

kubectl get svc,pods -o wide

NAME                       TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE   SELECTOR
service/kubernetes         ClusterIP      10.96.0.1       <none>        443/TCP           33d   <none>
service/nginx-svc          ClusterIP      10.96.54.120    <none>        80/TCP            42h   name=nginx

pod/nginx-app-57dd86f5cc-k2f26                1/1     Running             0          41h    10.244.1.54    node02   <none>           <none>
pod/nginx-app-57dd86f5cc-vrwh7                1/1     Running             0          41h    10.244.2.193   node01   <none>          
<none>

kubectl exec -it pod/nginx-app-57dd86f5cc-k2f26 bash
 # cd /usr/share/nginx/html/
 # echo 'this is web1' >> index.html 

kubectl exec -it pod/nginx-app-57dd86f5cc-vrwh7 bash
 # cd /usr/share/nginx/html/
 # echo 'this is web2' >> index.html

#测试访问
curl 10.96.54.120

kubectl get svc -o wide -n kube-system | grep traefik
traefik-ingress-service   NodePort    10.96.76.50     <none>        80:32256/TCP,8080:32644/TCP   42m   k8s-app=traefik-ingress-lb
traefik-web-ui            ClusterIP   10.96.229.103   <none>        80/TCP                        42m   k8s-app=traefik-ingress-lb

#本地 host 添加域名解析
vim /etc/hosts
192.168.198.11 master01
192.168.198.12 node01
192.168.198.13 node02
192.168.198.13 www.benet.com

#模拟外部访问
curl http://www.benet.com:32644

#再刷新查看 Traefik UI 界面，会生成刚创建的集群信息
http://192.168.198.12:32644/dashboard/

8.13 www.benet.com

#模拟外部访问
curl http://www.benet.com:32644

[外链图片转存中...(img-0LMJMJ0o-1696919150066)]

#再刷新查看 Traefik UI 界面，会生成刚创建的集群信息
http://192.168.198.12:32644/dashboard/

![外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传](https://img-blog.csdnimg.cn/a66a66da700c4431aa9963a58b374ce3.png)