k8s配置ingress traefik2.2

下面是配置traefik2.2为k8s的ingress,也可以配置为k8s的ingress route
rbac.yaml

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses/status
    verbs:
      - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
    namespace: traefik

deployment.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik
  labels:
    app: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:v2.2
          args:
            - --log.level=DEBUG
            - --api
            - --api.insecure
            - --accesslog
            - --entrypoints.web.address=:80
            - --providers.kubernetesingress=true # 配置为kubernetes的ingress
            - --providers.kubernetesingress.ingressclass=traefik-new02 # 如果有多个ingress的情况,一定要配置这个进行区分
          ports:
            - name: web
              containerPort: 80
            - name: admin
              containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: traefik
spec:
  type: NodePort
  selector:
    app: traefik
  ports:
    - protocol: TCP
      port: 80
      name: web
      targetPort: 80
    - protocol: TCP
      port: 8080
      name: admin
      targetPort: 8080

部署:

kubectl apply -n traefik -f rbac.yaml
kubectl apply -n traefik -f deployment.yaml

上面的部署并没有开启ssl服务,如果需要配置,可以参考官方文档
配置示例应用
example-dp.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: whoami
  labels:
    app: containous
    name: whoami
spec:
  replicas: 2
  selector:
    matchLabels:
      app: containous
      task: whoami
  template:
    metadata:
      labels:
        app: containous
        task: whoami
    spec:
      containers:
        - name: containouswhoami
          image: containous/whoami
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
spec:
  ports:
    - name: http
      port: 80
  selector:
    app: containous
    task: whoami
example-ingress.yaml
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: myingress
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web   # web这个对应80端口
    kubernetes.io/ingress.class: "traefik-new02"   # 要对应上
spec:
  rules:
    - host: test.example.com
      http:
        paths:
          - path: /bar
            backend:
              serviceName: whoami
              servicePort: 80
          - path: /foo
            backend:
              serviceName: whoami
              servicePort: 80

部署示例应用:
kubectl apply -n traefik example-dp.yaml
kubectl apply -n traefik example-ingress.yaml
部署完成后,查看
在这里插入图片描述
访问dashboard
在这里插入图片描述
在这里插入图片描述
可以看到,服务已经跟新部署的traefik2.2关联上了

参考:
https://docs.traefik.io/v2.2/routing/providers/kubernetes-ingress/
https://www.qikqiak.com/traefik-book/providers/kubernetes-ingress/

Kubernetes Ingress是一个控制器,它允许以一致的方式暴露服务并将流量路由到不同的服务,它可以在同一个IP地址和同一个端口上处理多个规则,这些规则定义了如何将入站请求路由到不同的服务或URI路径。 以下是如何配置Ingress规则的步骤: 1. 确认是否已经安装和启用了Ingress控制器。使用kubectl命令来查看是否有ingress-controller pod运行。 2. 在kubernetes集群中创建一个Ingress对象。这一步需要指定Ingress对象的metadata和spec字段。metadata中必须要指定一个名称,spec中必须要指定规则列表(rules),每个规则中需要定义host和对应的http(s)路径。 例如: ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example-ingress spec: rules: - host: example.com http: paths: - path: /api/v1 pathType: Prefix backend: service: name: api-service port: name: http ``` - host:用于匹配请求的主机名。 - http:HTTP协议规则,还有一个TLS协议规则,需要使用secret配置。HTTP和TLS规则不能同时出现。 - paths:一组定义要匹配请求和转发服务的路径规则。 - path:用于匹配传入请求的路径前缀。 - backend:后端服务的配置。 3. 创建服务对象 ```yaml apiVersion: v1 kind: Service metadata: name: api-service namespace: default spec: selector: app: api ports: - name: http port: 80 targetPort: 8080 ``` - 应该根据实际情况配置targetPort和selector字段。targetPort是要暴露的端口,selector指定要将请求转发到哪个Pod。 4. 部署后端服务的Pod ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: api spec: selector: matchLabels: app: api template: metadata: labels: app: api spec: containers: - name: api image: my-api-image ports: - containerPort: 8080 ``` - deployment对象需要指定pod的镜像和容器端口。 5. 应用ingress和service和deployment. ```bash kubectl apply -f your-configuration.yaml ``` 这些规则定义了如何将入站http请求路由到不同的Kubernetes服务。可以使用类似于nginx-ingress等的Ingress控制器来处理这些规则并负载均衡流量。
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值