基於kubernetes1.11安裝Harbor私有映象庫(二)
阿新 • • 發佈:2018-12-10
簡介
Trafik,和nginx-ingress類似,都是用於微服務叢集的HTTP/HTTPS代理轉發和負載均衡的。
相對nginx-ingress來說, Traefik部署更簡單,其反向代理和負載均衡功能更直接高效。
本節主要說明如何在kubernetes1.11上安裝traefik,及配置https轉發的流程。
安裝Traefik
- 下載源安裝包
[[email protected] DevOps]# git clone https://github.com/containous/traefik.git
[[email protected] DevOps] 一般來說,我們只需要配置及部署traefik-deployment.yaml
traefik-rbac.yaml,ui.yaml這三個檔案即可。
- 建立traefik-rbac
因為Kubernetes在1.6之後的版本啟用了RBAC鑑權機制,所以需配置ClusterRole及ClusterRoleBinding來對api-server進行相應許可權的控制。
[[email protected] k8s]# kubectl apply -f traefik-rbac.yaml
clusterrole.rbac.authorization.k8s.io "traefik-ingress-controller" created
clusterrolebinding.rbac.authorization.k8s.io "traefik-ingress-controller" 可以此時看到已經完成clusterrole,clusterrolebinding的建立了。
- 建立traefik服務
[[email protected] k8s]# kubectl apply -f traefik-deployment.yaml
serviceaccount "traefik-ingress-controller" created
deployment.extensions "traefik-ingress-controller" created
service "traefik-ingress-service" created
#檢查是否建立成功
[[email protected] k8s]# kubectl get svc,deployment,pod -n kube-system | grep traefik
service/traefik-ingress-service NodePort 10.104.254.55 <none> 80:32672/TCP,8080:30005/TCP 15h
deployment.extensions/traefik-ingress-controller 1 1 1 1 2d
pod/traefik-ingress-controller-6f6d87769d-l7vgv 1/1 Running 0 15h
可以看到service,pod等都已經執行起來。
-
建立ui服務
- (1)修改
ui.yaml
- (1)修改
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations: ## 添加註解, 定義ingress.class為traefik
kubernetes.io/ingress.class: traefik
spec:
tls:
- secretName: traefik-cert
rules:
- host: traefik.example.com ## 主要修改這裡,把host改為你自己的
http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
- (2)建立service及檢查
[[email protected] k8s]# kubectl apply -f ui.yaml
service "traefik-web-ui" created
ingress.extensions "traefik-web-ui" created
# 檢查是否建立成功
[[email protected] k8s]# kubectl describe ing traefik-web-ui -n kube-system
Name: traefik-web-ui
Namespace: kube-system
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
traefik.example.com
/ traefik-web-ui:web (10.244.2.43:8080,192.168.1.49:8080,192.168.1.50:8080)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"traefik"},"name":"traefik-web-ui","namespace":"kube-system"},"spec":{"rules":[{"host":"traefik.example.com","http":{"paths":[{"backend":{"serviceName":"traefik-web-ui","servicePort":"web"},"path":"/"}]}}]}}
kubernetes.io/ingress.class: traefik
Events: <none>
[[email protected] k8s]# kubectl get ing traefik-web-ui -n kube-system
NAME HOSTS ADDRESS PORTS AGE
traefik-web-ui traefik.example.com 80 15h
- 瀏覽器訪問traefik
修改本機host或新增公網域名解析,通過traefik.example.com來訪問, 效果如下:
