traefik在kubernetes中的安装及使用方法

发布时间:2021-10-12 11:38:08 作者:柒染
来源:亿速云 阅读:380

这篇文章将为大家详细讲解有关traefik在kubernetes中的安装及使用方法,文章内容质量较高,因此小编分享给大家做个参考,希望大家阅读完这篇文章后对相关知识有一定的了解。

  1. Download your desired version

  2. Unpack it (tar -zxvf helm-v3.0.0-linux-amd64.tar.gz)

  3. Find the helm binary in the unpacked directory, and move it to its desired destination (mv linux-amd64/helm /usr/local/bin/helm)

kubectl apply -f ingress-route-definition.yaml
#说明1:secret的数据需要base64编码(https://kubernetes.io/zh/docs/concepts/configuration/secret/)
echo -n 'admin' | base64

#说明2:增加一个存储(根据实际情况修改),验证通过的证书我们这里存到/etc/acme/acme.json文件中,我们一定要将这个文件持久化,否则每次 Traefik 重建后就需要重新认证
#说明3:Service直接暴露了端口使用(NodePort),未使用官方文档的kubectl port-forward
#说明4:- --providers.kubernetesingress
#      - --providers.kubernetescrd
#      导出二种支持的模式ingress, ingress-route
#说明5:dashboard不直接导出,保护资源,后面会通过https+basic auth方式查看
#traefik.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller

---
apiVersion: v1
kind: Secret
metadata:
  name: aliyun-secret
data:
  ALICLOUD_ACCESS_KEY: your_key_base64
  ALICLOUD_SECRET_KEY: your_secret_base64
  ALICLOUD_REGION_ID: your_region_base64

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: traefik-acme-cephfs-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: rook-cephfs

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      volumes:
      - name: acme-store
        persistentVolumeClaim:
          claimName: traefik-acme-cephfs-pvc
          readOnly: false
      containers:
        - name: traefik
          image: traefik:v2.4
          args:
            - --api.insecure
            - --log.level=INFO
            - --accesslog
            - --entrypoints.web.Address=:8000
            - --entrypoints.websecure.Address=:4443
            - --providers.kubernetesingress
            - --providers.kubernetescrd
            - --certificatesresolvers.aliyun.acme.dnschallenge.provider=alidns
            - --certificatesresolvers.aliyun.acme.email=your_email@qq.com
            - --certificatesresolvers.aliyun.acme.storage=/etc/acme/acme.json
          envFrom:
            - secretRef:
                name: aliyun-secret
          volumeMounts:
            - name: acme-store
              mountPath: /etc/acme
          ports:
            - name: web
              containerPort: 8000
            - name: websecure
              containerPort: 4443
            - name: admin
              containerPort: 8080

---
apiVersion: v1
kind: Service
metadata:
  name: traefik
spec:
  type: NodePort
  selector:
    app: traefik
  ports:
    - protocol: TCP
      port: 8000
      name: web
      targetPort: 80
      nodePort: 31001
    - protocol: TCP
      port: 4443
      name: websecure
      targetPort: 4443
      nodePort: 31000

---
apiVersion: v1
kind: Service
metadata:
  name: traefik-dashboard
spec:
  selector:
    app: traefik
  ports:
    - protocol: TCP
      port: 8080
      name: admin
      targetPort: 8080
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: myingress
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls.certresolver: aliyun
    traefik.ingress.kubernetes.io/router.tls.domains.0.main: your_domain.com

spec:
  rules:
    - host: your_domain.com
      http:
        paths:
          - path: /bar
            backend:
              serviceName: whoami
              servicePort: 80
          - path: /foo
            backend:
              serviceName: whoami
              servicePort: 80
apiVersion: v1
kind: Secret
metadata:
  name: traefik-dashboard-auth-secret
  namespace: default
type: Opaque
stringData:
  users: admin:$apr1$tQ1iFwRf$8SvGrGQcBT.RdZS73ULXH1

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-dashboard-auth
  namespace: default
spec:
  basicAuth:
    secret: traefik-dashboard-auth-secret

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: default
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`traefik.your_domain.com`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
    services:
    - kind: TraefikService
      name: api@internal
    middlewares:
    - name: traefik-dashboard-auth
  tls:
    certResolver: aliyun
    domains:
    - main: "traefik.your_domain.com"

 traefik在kubernetes中的安装及使用方法

关于traefik在kubernetes中的安装及使用方法就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果觉得文章不错,可以把它分享出去让更多的人看到。

推荐阅读:
  1. kubernetes部署Traefik Ingress Controller的教程
  2. Kubernetes中StorageClass的使用方法

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

kubernetes traefik

上一篇:Kubernetes中如何根据PID获取Pod名称

下一篇:如何使用php解析link_mysql

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》