其他分享
首页 > 其他分享> > 14 部署Ingress

14 部署Ingress

作者:互联网

#服务反向代理
#部署Traefik 2.0版本

14.1创建 traefik-crd.yaml 文件 (yanglin1)

[root@yanglin1 ~]# mkdir /root/ingress && cd /root/ingress
[root@yanglin1 ~]# vim traefik-crd.yaml
## IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutes.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRoute
    plural: ingressroutes
    singular: ingressroute
---
## IngressRouteTCP
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutetcps.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteTCP
    plural: ingressroutetcps
    singular: ingressroutetcp
---
## Middleware
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsoptions.traefik.containo.us
spec:
  scope: Namespaced
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSOption
    plural: tlsoptions
singular: tlsoption

14.1.1 :Q创建Traefik CRD资源(yanglin1)

[root@yanglin1 ~]#  cd /root/ingress
[root@yanglin1 ingress]#  kubectl create -f traefik-crd.yaml                                         
customresourcedefinition.apiextensions.k8s.io/ingressroutes.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressroutetcps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/middlewares.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsoptions.traefik.containo.us created

[root@yanglin1 ingress]# kubectl get CustomResourceDefinition
NAME                                   CREATED AT
ingressroutes.traefik.containo.us      2022-06-13T08:40:56Z
ingressroutetcps.traefik.containo.us   2022-06-13T08:40:56Z
middlewares.traefik.containo.us        2022-06-13T08:40:56Z
tlsoptions.traefik.containo.us         2022-06-13T08:40:56Z


14.2 创建Traefik RBAC文件(master-1)

[root@yanglin1 ~]#  vi  traefik-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: kube-system
  name: traefik-ingress-controller
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups: [""]
    resources: ["services","endpoints","secrets"]
    verbs: ["get","list","watch"]
  - apiGroups: ["extensions"]
    resources: ["ingresses"]
    verbs: ["get","list","watch"]
  - apiGroups: ["extensions"]
    resources: ["ingresses/status"]
    verbs: ["update"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["middlewares"]
    verbs: ["get","list","watch"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["ingressroutes"]
    verbs: ["get","list","watch"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["ingressroutetcps"]
    verbs: ["get","list","watch"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["tlsoptions"]
    verbs: ["get","list","watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
namespace: kube-system

14.2.1 创建RABC 资源

[root@yanglin1 ingress]# kubectl create -f traefik-rbac.yaml
serviceaccount/traefik-ingress-controller created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created

14.3 创建Traefik ConfigMap (yanglin1)

[root@yanglin1 ~]#  vi traefik-config.yaml 
kind: ConfigMap
apiVersion: v1
metadata:
  name: traefik-config
data:
  traefik.yaml: |-
    serversTransport:
      insecureSkipVerify: true
    api:
      insecure: true
      dashboard: true
      debug: true
    metrics:
      prometheus: ""
    entryPoints:
      web:
        address: ":80"
      websecure:
        address: ":443"
    providers:
      kubernetesCRD: ""
    log:
      filePath: ""
      level: error
      format: json
    accessLog:
      filePath: ""
      format: json
      bufferingSize: 0
      filters:
        retryAttempts: true
        minDuration: 20
      fields:
        defaultMode: keep
        names:
          ClientUsername: drop
        headers:
          defaultMode: keep
          names:
            User-Agent: redact
            Authorization: drop
            Content-Type: keep
            
            

14.3.1 创建Traefik ConfigMap资源配置

[root@yanglin1 ~]#  kubectl apply -f traefik-config.yaml -n kube-system

14.4 设置节点标签

#设置节点label
[root@yanglin1 ingress]# kubectl label nodes 192.168.177.155 IngressProxy=true

#暂时不做
[root@yanglin1 ingress]# kubectl label nodes 192.168.177.156 IngressProxy=true

14.4.1 查看节点标签

#检查是否成功
[root@yanglin1 ingress]# kubectl get nodes --show-labels

14.5 创建 traefik 部署文件

#注意每个Node节点的80与443端口不能被占用
[root@yanglin1 ingress]# netstat -antupl | grep -E "80|443"

[root@yanglin1 ingress]# vi traefik-deploy.yaml
apiVersion: v1
kind: Service
metadata:
  name: traefik
spec:
  ports:
    - name: web
      port: 80
    - name: websecure
      port: 443
    - name: admin
      port: 8080
  selector:
    app: traefik
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: traefik-ingress-controller
  labels:
    app: traefik
spec:
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      name: traefik
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 1
      containers:
        - image: traefik:latest
          name: traefik-ingress-lb
          ports:
            - name: web
              containerPort: 80
              hostPort: 80 
            - name: websecure
              containerPort: 443
              hostPort: 443
            - name: admin
              containerPort: 8080
          resources:
            limits:
              cpu: 2000m
              memory: 1024Mi
            requests:
              cpu: 1000m
              memory: 1024Mi
          securityContext:
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
          args:
            - --configfile=/config/traefik.yaml
          volumeMounts:
            - mountPath: "/config"
              name: "config"
      volumes:
        - name: config
          configMap:
            name: traefik-config 
      tolerations: 
        - operator: "Exists"
      nodeSelector: 
        IngressProxy: "true"

14.5.1部署 Traefik 资源

[root@yanglin1 ingress]#  kubectl apply -f traefik-deploy.yaml -n kube-system

#查看运行状态
[root@yanglin1 ingress]# kubectl get DaemonSet -n kube-system              
NAME                         DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR       AGE
traefik-ingress-controller   1         1         1       1            1           IngressProxy=true   77s
 

14.6 Traefik 路由配置
14.6.1 配置Traefik Dashboard

[root@yanglin1 ingress]#  vi traefik-dashboard-route.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard-route
  namespace: kube-system
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`ingress.abcd.com`)
      kind: Rule
      services:
        - name: traefik
          port: 8080

#创建Ingress (traefik)
[root@yanglin1 ingress]#  kubectl apply -f traefik-dashboard-route.yaml

14.6.2 客户端访问Traefik Dashboard
14.6.2.1 绑定物理主机Hosts文件或者域名解析
/etc/hosts
192.168.177.155 ingress.abcd.com
访问web

 

14.7 部署访问服务(http)

#创建nginx服务
[root@yanglin1 ingress]#  kubectl run nginx-ingress-demo1 --image=nginx --replicas=1 -n kube-system
[root@yanglin1 ingress]#  kubectl expose deployment nginx-ingress-demo1 --port=1099 --target-port=80 -n kube-system

#创建nginx路由服务
vim nginx-ingress-demo-route1.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-nginx-demo-route1
  namespace: kube-system
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`nginx11.abcd.com`)
      kind: Rule
      services:
        - name: nginx-ingress-demo1
          port: 1099

#创建
[root@yanglin1 ingress]# kubectl  apply -f nginx-ingress-demo-route1.yaml

[root@yanglin1 ingress]# kubectl get IngressRoute -A
NAMESPACE     NAME                       AGE
default       traefik-dashboard-route    48m
kube-system   traefik-nginx-demo-route   68s

#访问
#绑定hosts (物理机器)
192.168.177.155 nginx11.abcd.com

 

标签:Ingress,14,部署,traefik,ingress,yanglin1,containo,root,name
来源: https://www.cnblogs.com/hbxZJ/p/16375488.html