14 部署Ingress
作者:互联网
#服务反向代理
#部署Traefik 2.0版本
14.1创建 traefik-crd.yaml 文件 (yanglin1)
[root@yanglin1 ~]# mkdir /root/ingress && cd /root/ingress [root@yanglin1 ~]# vim traefik-crd.yaml ## IngressRoute apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: ingressroutes.traefik.containo.us spec: scope: Namespaced group: traefik.containo.us version: v1alpha1 names: kind: IngressRoute plural: ingressroutes singular: ingressroute --- ## IngressRouteTCP apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: ingressroutetcps.traefik.containo.us spec: scope: Namespaced group: traefik.containo.us version: v1alpha1 names: kind: IngressRouteTCP plural: ingressroutetcps singular: ingressroutetcp --- ## Middleware apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: middlewares.traefik.containo.us spec: scope: Namespaced group: traefik.containo.us version: v1alpha1 names: kind: Middleware plural: middlewares singular: middleware --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: tlsoptions.traefik.containo.us spec: scope: Namespaced group: traefik.containo.us version: v1alpha1 names: kind: TLSOption plural: tlsoptions singular: tlsoption
14.1.1 :Q创建Traefik CRD资源(yanglin1)
[root@yanglin1 ~]# cd /root/ingress [root@yanglin1 ingress]# kubectl create -f traefik-crd.yaml customresourcedefinition.apiextensions.k8s.io/ingressroutes.traefik.containo.us created customresourcedefinition.apiextensions.k8s.io/ingressroutetcps.traefik.containo.us created customresourcedefinition.apiextensions.k8s.io/middlewares.traefik.containo.us created customresourcedefinition.apiextensions.k8s.io/tlsoptions.traefik.containo.us created [root@yanglin1 ingress]# kubectl get CustomResourceDefinition NAME CREATED AT ingressroutes.traefik.containo.us 2022-06-13T08:40:56Z ingressroutetcps.traefik.containo.us 2022-06-13T08:40:56Z middlewares.traefik.containo.us 2022-06-13T08:40:56Z tlsoptions.traefik.containo.us 2022-06-13T08:40:56Z
14.2 创建Traefik RBAC文件(master-1)
[root@yanglin1 ~]# vi traefik-rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: namespace: kube-system name: traefik-ingress-controller --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller rules: - apiGroups: [""] resources: ["services","endpoints","secrets"] verbs: ["get","list","watch"] - apiGroups: ["extensions"] resources: ["ingresses"] verbs: ["get","list","watch"] - apiGroups: ["extensions"] resources: ["ingresses/status"] verbs: ["update"] - apiGroups: ["traefik.containo.us"] resources: ["middlewares"] verbs: ["get","list","watch"] - apiGroups: ["traefik.containo.us"] resources: ["ingressroutes"] verbs: ["get","list","watch"] - apiGroups: ["traefik.containo.us"] resources: ["ingressroutetcps"] verbs: ["get","list","watch"] - apiGroups: ["traefik.containo.us"] resources: ["tlsoptions"] verbs: ["get","list","watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system
14.2.1 创建RABC 资源
[root@yanglin1 ingress]# kubectl create -f traefik-rbac.yaml serviceaccount/traefik-ingress-controller created clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created
14.3 创建Traefik ConfigMap (yanglin1)
[root@yanglin1 ~]# vi traefik-config.yaml kind: ConfigMap apiVersion: v1 metadata: name: traefik-config data: traefik.yaml: |- serversTransport: insecureSkipVerify: true api: insecure: true dashboard: true debug: true metrics: prometheus: "" entryPoints: web: address: ":80" websecure: address: ":443" providers: kubernetesCRD: "" log: filePath: "" level: error format: json accessLog: filePath: "" format: json bufferingSize: 0 filters: retryAttempts: true minDuration: 20 fields: defaultMode: keep names: ClientUsername: drop headers: defaultMode: keep names: User-Agent: redact Authorization: drop Content-Type: keep
14.3.1 创建Traefik ConfigMap资源配置
[root@yanglin1 ~]# kubectl apply -f traefik-config.yaml -n kube-system
14.4 设置节点标签
#设置节点label [root@yanglin1 ingress]# kubectl label nodes 192.168.177.155 IngressProxy=true #暂时不做 [root@yanglin1 ingress]# kubectl label nodes 192.168.177.156 IngressProxy=true
14.4.1 查看节点标签
#检查是否成功 [root@yanglin1 ingress]# kubectl get nodes --show-labels
14.5 创建 traefik 部署文件
#注意每个Node节点的80与443端口不能被占用 [root@yanglin1 ingress]# netstat -antupl | grep -E "80|443" [root@yanglin1 ingress]# vi traefik-deploy.yaml apiVersion: v1 kind: Service metadata: name: traefik spec: ports: - name: web port: 80 - name: websecure port: 443 - name: admin port: 8080 selector: app: traefik --- apiVersion: apps/v1 kind: DaemonSet metadata: name: traefik-ingress-controller labels: app: traefik spec: selector: matchLabels: app: traefik template: metadata: name: traefik labels: app: traefik spec: serviceAccountName: traefik-ingress-controller terminationGracePeriodSeconds: 1 containers: - image: traefik:latest name: traefik-ingress-lb ports: - name: web containerPort: 80 hostPort: 80 - name: websecure containerPort: 443 hostPort: 443 - name: admin containerPort: 8080 resources: limits: cpu: 2000m memory: 1024Mi requests: cpu: 1000m memory: 1024Mi securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE args: - --configfile=/config/traefik.yaml volumeMounts: - mountPath: "/config" name: "config" volumes: - name: config configMap: name: traefik-config tolerations: - operator: "Exists" nodeSelector: IngressProxy: "true"
14.5.1部署 Traefik 资源
[root@yanglin1 ingress]# kubectl apply -f traefik-deploy.yaml -n kube-system #查看运行状态 [root@yanglin1 ingress]# kubectl get DaemonSet -n kube-system NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE traefik-ingress-controller 1 1 1 1 1 IngressProxy=true 77s
14.6 Traefik 路由配置
14.6.1 配置Traefik Dashboard
[root@yanglin1 ingress]# vi traefik-dashboard-route.yaml apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: traefik-dashboard-route namespace: kube-system spec: entryPoints: - web routes: - match: Host(`ingress.abcd.com`) kind: Rule services: - name: traefik port: 8080 #创建Ingress (traefik) [root@yanglin1 ingress]# kubectl apply -f traefik-dashboard-route.yaml
14.6.2 客户端访问Traefik Dashboard
14.6.2.1 绑定物理主机Hosts文件或者域名解析
/etc/hosts
192.168.177.155 ingress.abcd.com
访问web
14.7 部署访问服务(http)
#创建nginx服务 [root@yanglin1 ingress]# kubectl run nginx-ingress-demo1 --image=nginx --replicas=1 -n kube-system [root@yanglin1 ingress]# kubectl expose deployment nginx-ingress-demo1 --port=1099 --target-port=80 -n kube-system #创建nginx路由服务 vim nginx-ingress-demo-route1.yaml apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: traefik-nginx-demo-route1 namespace: kube-system spec: entryPoints: - web routes: - match: Host(`nginx11.abcd.com`) kind: Rule services: - name: nginx-ingress-demo1 port: 1099 #创建 [root@yanglin1 ingress]# kubectl apply -f nginx-ingress-demo-route1.yaml [root@yanglin1 ingress]# kubectl get IngressRoute -A NAMESPACE NAME AGE default traefik-dashboard-route 48m kube-system traefik-nginx-demo-route 68s #访问 #绑定hosts (物理机器) 192.168.177.155 nginx11.abcd.com
标签:Ingress,14,部署,traefik,ingress,yanglin1,containo,root,name 来源: https://www.cnblogs.com/hbxZJ/p/16375488.html