部署 Traefik 实现 dashboard 与 原生Ingress使用 CRD IngressRoute使用
部署Traefik
00-namespace.yml
apiVersion: v1
kind: Namespace
metadata:
name: test-traefik
00-role.yml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role
namespace: test-traefik
rules:
- apiGroups:
- ""
resources:
- services
- secrets
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.io
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
- serverstransporttcps
verbs:
- get
- list
- watch
00-account.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-account
namespace: test-traefik
01-role-binding.yml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role-binding
namespace: test-traefik
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-role
subjects:
- kind: ServiceAccount
name: traefik-account
namespace: test-traefik
02-traefik.yml
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-deployment
namespace: test-traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v3.1
args:
- --api.insecure
- --providers.kubernetesingress
ports:
- name: web
containerPort: 80
- name: dashboard
containerPort: 8080
02-traefik-services.yml
把 LoadBalancer 改成 NodePort
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard-service
namespace: test-traefik
spec:
type: NodePort
ports:
- port: 8080
targetPort: dashboard
selector:
app: traefik
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-service
namespace: test-traefik
spec:
type: NodePort
ports:
- targetPort: web
port: 80
selector:
app: traefik
kubectl apply -f 00-namespace.yml \
-f 00-role.yml \
-f 00-account.yml \
-f 01-role-binding.yml \
-f 02-traefik.yml \
-f 02-traefik-services.yml
kubectl get all -n test-traefik
访问Traefik Dashboard:http://127.0.0.1:32193/dashboard
Ingress示例
00-nginx-deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx
namespace: test-traefik
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/nginx:1.27.1
ports:
- name: web
containerPort: 80
01-nginx-services.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: test-traefik
spec:
ports:
- name: web
port: 80
targetPort: web
selector:
app: nginx
02-nginx-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: test-traefik
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
name: web
kubectl apply -f 00-nginx-deployment.yaml \
-f 01-nginx-services.yaml \
-f 02-nginx-ingress.yaml
访问http://127.0.0.1:32560/
ingressRoute示例
注意这里的kind为IngressRoute
00-nginx-ingressroute.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nginxIngressRoute
namespace: test-traefik
spec:
entryPoints:
- web
routes:
- match: Host(`ingressRoute.example.com`)
kind: Rule
services:
- name: nginx
port: 80
kubectl apply -f 00-nginx-ingressroute.yaml
访问http://ingressroute.example.com:32560/
ingressRoute.example.com需要配置/etc/hosts文件进行ip与命名的映射,如果没有DNS服务。
参考:
https://blog.csdn.net/networken/article/details/85953346
https://blog.csdn.net/networken/article/details/85953346
https://doc.traefik.io/traefik/getting-started/quick-start-with-kubernetes/