京東雲Kubernetes集羣+Traefik實戰
Traefik支持豐富的annotations配置,可配置衆多出色的特性,例如:自動熔斷、負載均衡策略、黑名單、白名單。因此Traefik對於微服務來講簡直就是一神器。html
利用Traefik,並結合京東雲Kubernetes集羣及其餘雲服務(RDS,NAS,OSS,塊存儲等),可快速構建彈性擴展的微服務集羣。前端
Traefik是一個爲了讓部署微服務更加便捷而誕生的現代HTTP反向代理、負載均衡工具。它支持多種後臺(Kubernetes,Docker,Swarm,Marathon,Mesos,Consul,Etcd,Zookeeper等)。nginx
本文大體步驟以下:git
Kubernetes權限配置(RBAC);github
Traefik部署;web
建立三個實例服務;docker
生成Ingress規則,並經過PATH測試經過Traefik訪問各個服務;後端
Traefik配置域名及TLS證書,並實現HTTP重定向到HTTS。api
本文部署Traefik使用到的Yaml文件均基於Traefik官方實例,併爲適配京東雲Kubernetes集羣作了相關修改:安全
https://github.com/containous/traefik/tree/master/examples/k8s
基本概念
1
Ingress邊界路由
雖然Kubernetes集羣內部署的pod、server都有本身的IP,可是卻沒法提供外網訪問,雖然咱們能夠經過監聽NodePort的方式暴露服務,可是這種方式並不靈活,生產環境也不建議使用。
Ingresss是k8s集羣中的一個API資源對象,扮演邊緣路由器(edge router)的角色,也能夠理解爲集羣防火牆、集羣網關,咱們能夠自定義路由規則來轉發、管理、暴露服務(一組Pod),很是靈活,生產環境建議使用這種方式。
什麼是Ingress?
在Kubernetes中,Service和Pod的IP地址僅能夠在集羣網絡內部使用,對於集羣外的應用是不可見的。爲了使外部的應用可以訪問集羣內的服務,在Kubernetes中能夠經過NodePort和LoadBalancer這兩種類型的Service,或者使用Ingress。
Ingress本質是經過http代理服務器將外部的http請求轉發到集羣內部的後端服務。經過Ingress,外部應用訪問羣集內容服務的過程以下所示:
Ingress 就是爲進入集羣的請求提供路由規則的集合。
Ingress 能夠給 Service 提供集羣外部訪問的URL、負載均衡、SSL終止、HTTP路由等。爲了配置這些 Ingress 規則,集羣管理員須要部署一個 Ingress controller,它監聽 Ingress 和 Service 的變化,並根據規則配置負載均衡並提供訪問入口。
2
Traefik是什麼?
Traefik在Github上Star數超19K:
https://github.com/containous/traefik
Traefik是一個爲了讓部署微服務更加便捷而誕生的現代HTTP反向代理、負載均衡工具。
Traefik是一個用Golang開發的輕量級的Http反向代理和負載均衡器,雖然相比於Nginx,它是後起之秀,可是它自然擁抱Kubernetes,直接與集羣K8s的Api Server通訊,反應很是迅速,同時還提供了友好的控制面板和監控界面,不只能夠方便地查看Traefik根據Ingress生成的路由配置信息,還能夠查看統計的一些性能指標數據,如:總響應時間、平均響應時間、不一樣的響應碼返回的總次數等。
不只如此,Traefik還支持豐富的annotations配置,可配置衆多出色的特性,例如:自動熔斷、負載均衡策略、黑名單、白名單。因此Traefik對於微服務來講簡直就是一神器。
Traefik User Guide for Kubernetes:
https://docs.traefik.io/user-guide/kubernetes/
3
京東雲Kubernetes集羣
京東雲Kubernetes整合京東雲虛擬化、存儲和網絡能力,提供高性能可伸縮的容器應用管理能力,簡化集羣的搭建和擴容等工做,讓用戶專一於容器化的應用的開發與管理。
用戶能夠在京東雲建立一個安全高可用的 Kubernetes 集羣,並由京東雲徹底託管 Kubernetes 服務,並保證集羣的穩定性和可靠性。讓用戶能夠方便地在京東雲上使用 Kubernetes 管理容器應用。
京東雲Kubernetes集羣:
https://3.cn/C5KdrKa
前置條件
1
建立京東雲Kubernetes集羣
建立Kubernetes集羣
請參考:
2
Kubernetes客戶端配置
集羣建立完成後,須要配置kubectl客戶端以鏈接Kubernetes集羣。
請參考:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/connect-to-cluster
Traefik部署
1
權限配置
建立響應的Cluster Role和Cluster Role Binding,以賦予Traefik足夠的權限。
Yaml文件以下:
1$ cat traefik-rbac.yaml
2---
3kind: ClusterRole
4apiVersion: rbac.authorization.k8s.io/v1beta1
5metadata:
6 name: traefik-ingress-controller
7rules:
8 - apiGroups:
9 - ""
10 resources:
11 - services
12 - endpoints
13 - secrets
14 verbs:
15 - get
16 - list
17 - watch
18 - apiGroups:
19 - extensions
20 resources:
21 - ingresses
22 verbs:
23 - get
24 - list
25 - watch
26---
27kind: ClusterRoleBinding
28apiVersion: rbac.authorization.k8s.io/v1beta1
29metadata:
30 name: traefik-ingress-controller
31roleRef:
32 apiGroup: rbac.authorization.k8s.io
33 kind: ClusterRole
34 name: traefik-ingress-controller
35subjects:
36- kind: ServiceAccount
37 name: traefik-ingress-controller
38 namespace: kube-system
複製代碼
開始建立
1$ kubectl create -f traefik-rbac.yaml
2clusterrole "traefik-ingress-controller" created
3clusterrolebinding "traefik-ingress-controller" created
複製代碼
建立成功
1$ kubectl get clusterrole -n kube-system | grep traefik
2traefik-ingress-controller 25s
3
4$ kubectl get clusterrolebinding -n kube-system | grep traefik
5traefik-ingress-controller 35s
複製代碼
2
部署Traefik
本文選擇使用Deployment部署Traefik。除此以外,Traefik還提供了DaemonSet的部署方式:
https://github.com/containous/traefik/blob/master/examples/k8s/traefik-ds.yaml
Traefik的80端口爲接收HTTP請求,8080端口爲Dashboard訪問端口;經過Load Balancer類型的Service建立京東雲負載均衡SLB,來做爲K8s集羣的統一入口。
Yaml文件以下:
1$ cat traefik-deployment.yaml
2---
3apiVersion: v1
4kind: ServiceAccount
5metadata:
6 name: traefik-ingress-controller
7 namespace: kube-system
8---
9kind: Deployment
10apiVersion: extensions/v1beta1
11metadata:
12 name: traefik-ingress-controller
13 namespace: kube-system
14 labels:
15 k8s-app: traefik-ingress-lb
16spec:
17 replicas: 1
18 selector:
19 matchLabels:
20 k8s-app: traefik-ingress-lb
21 template:
22 metadata:
23 labels:
24 k8s-app: traefik-ingress-lb
25 name: traefik-ingress-lb
26 spec:
27 serviceAccountName: traefik-ingress-controller
28 terminationGracePeriodSeconds: 60
29 containers:
30 - image: traefik
31 name: traefik-ingress-lb
32 ports:
33 - name: http
34 containerPort: 80
35 - name: admin
36 containerPort: 8080
37 args:
38 - --api
39 - --kubernetes
40 - --logLevel=INFO
41---
42kind: Service
43apiVersion: v1
44metadata:
45 name: traefik-ingress-service
46 namespace: kube-system
47spec:
48 selector:
49 k8s-app: traefik-ingress-lb
50 ports:
51 - protocol: TCP
52 port: 80
53 name: web
54 - protocol: TCP
55 port: 8080
56 name: admin
57 type: LoadBalancer
複製代碼
開始建立
複製代碼
1$ kubectl create -f traefik-deployment.yaml
2serviceaccount "traefik-ingress-controller" created
3deployment "traefik-ingress-controller" created
4service "traefik-ingress-service" created
Pod正常運行
複製代碼
1$ kubectl get pod -n kube-system | grep traefik
2traefik-ingress-controller-668679b744-jvmbg 1/1 Running 0 57s
查看Pod日誌
1$ kubectl logs traefik-ingress-controller-668679b744-jvmbg -n kube-system
2time="2018-12-15T16:58:49Z" level=info msg="Traefik version v1.7.6 built on 2018-12-14_06:43:37AM"
3time="2018-12-15T16:58:49Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
4time="2018-12-15T16:58:49Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e20} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
5time="2018-12-15T16:58:49Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
6time="2018-12-15T16:58:49Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
7time="2018-12-15T16:58:49Z" level=info msg="Starting server on :80"
8time="2018-12-15T16:58:49Z" level=info msg="Starting server on :8080"
9time="2018-12-15T16:58:49Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-15T16:58:49Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-15T16:58:49Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :80"
13time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :8080"
複製代碼
查看Traefik對應的SLB Service
1$ kubectl get svc/traefik-ingress-service -n kube-system
2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
3traefik-ingress-service LoadBalancer 10.0.58.175 114.67.95.167 80:30331/TCP,8080:30232/TCP 2m
複製代碼
京東雲負載均衡的公網IP爲114.67.95.167。
若是須要經過域名訪問K8s內的服務,則能夠經過將域名解析至該公網IP。
此時,經過「公網IP:8080」即可以訪問Traefik的Dashboard。
3
Traefik使用示例
建立服務
建立3個Deployment對外提供HTTP服務,分別名爲:Stilton、Cheddar、Wensleydale。
1$ cat cheese-deployments.yaml
2---
3kind: Deployment
4apiVersion: extensions/v1beta1
5metadata:
6 name: stilton
7 labels:
8 app: cheese
9 cheese: stilton
10spec:
11 replicas: 2
12 selector:
13 matchLabels:
14 app: cheese
15 task: stilton
16 template:
17 metadata:
18 labels:
19 app: cheese
20 task: stilton
21 version: v0.0.1
22 spec:
23 containers:
24 - name: cheese
25 image: errm/cheese:stilton
26 resources:
27 requests:
28 cpu: 100m
29 memory: 50Mi
30 limits:
31 cpu: 100m
32 memory: 50Mi
33 ports:
34 - containerPort: 80
35---
36kind: Deployment
37apiVersion: extensions/v1beta1
38metadata:
39 name: cheddar
40 labels:
41 app: cheese
42 cheese: cheddar
43spec:
44 replicas: 2
45 selector:
46 matchLabels:
47 app: cheese
48 task: cheddar
49 template:
50 metadata:
51 labels:
52 app: cheese
53 task: cheddar
54 version: v0.0.1
55 spec:
56 containers:
57 - name: cheese
58 image: errm/cheese:cheddar
59 resources:
60 requests:
61 cpu: 100m
62 memory: 50Mi
63 limits:
64 cpu: 100m
65 memory: 50Mi
66 ports:
67 - containerPort: 80
68---
69kind: Deployment
70apiVersion: extensions/v1beta1
71metadata:
72 name: wensleydale
73 labels:
74 app: cheese
75 cheese: wensleydale
76spec:
77 replicas: 2
78 selector:
79 matchLabels:
80 app: cheese
81 task: wensleydale
82 template:
83 metadata:
84 labels:
85 app: cheese
86 task: wensleydale
87 version: v0.0.1
88 spec:
89 containers:
90 - name: cheese
91 image: errm/cheese:wensleydale
92 resources:
93 requests:
94 cpu: 100m
95 memory: 50Mi
96 limits:
97 cpu: 100m
98 memory: 50Mi
99 ports:
100 - containerPort: 80
複製代碼
1$ kubectl create -f cheese-deployments.yaml
2deployment "stilton" created
3deployment "cheddar" created
4deployment "wensleydale" created
複製代碼
對應的Service
1$ cat cheese-services.yaml
2---
3apiVersion: v1
4kind: Service
5metadata:
6 name: stilton
7spec:
8 ports:
9 - name: http
10 targetPort: 80
11 port: 80
12 selector:
13 app: cheese
14 task: stilton
15---
16apiVersion: v1
17kind: Service
18metadata:
19 name: cheddar
20spec:
21 ports:
22 - name: http
23 targetPort: 80
24 port: 80
25 selector:
26 app: cheese
27 task: cheddar
28---
29apiVersion: v1
30kind: Service
31metadata:
32 name: wensleydale
33spec:
34 ports:
35 - name: http
36 targetPort: 80
37 port: 80
38 selector:
39 app: cheese
40 task: wensleydale
複製代碼
1$ kubectl create -f cheese-services.yaml
2service "stilton" created
3service "cheddar" created
4service "wensleydale" created
複製代碼
建立Ingress
Ingress Yaml文件以下:
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
複製代碼
建立Ingress
1$ kubectl create -f my-cheeses-ingress.yaml
2ingress "cheeses" created
複製代碼
建立成功
1$ kubectl describe ingress/cheeses
2Name: cheeses
3Namespace: default
4Address:
5Default backend: default-http-backend:80 (<none>)
6Rules:
7 Host Path Backends
8 ---- ---- --------
9 www.<your-domain-name>.com
10 /stilton stilton:http (<none>)
11 /cheddar cheddar:http (<none>)
12 /wensleydale wensleydale:http (<none>)
13Annotations:
14Events: <none>
複製代碼
訪問服務
直接經過ELB IP+PATH訪問:
1$ curl 114.67.95.167/stilton
2404 page not found
複製代碼
訪問失敗,由於Ingress規則裏指定了host。
請求Header中指定host:
1$ curl -H "Host:www.<your-domain-name>.com" 114.67.95.167/stilton
2<html>
3 <head>
4 <style>
5 html {
6 background: url(./bg.png) no-repeat center center fixed;
7 -webkit-background-size: cover;
8 -moz-background-size: cover;
9 -o-background-size: cover;
10 background-size: cover;
11 }
12
13 h1 {
14 font-family: Arial, Helvetica, sans-serif;
15 background: rgba(187, 187, 187, 0.5);
16 width: 3em;
17 padding: 0.5em 1em;
18 margin: 1em;
19 }
20 </style>
21 </head>
22 <body>
23 <h1>Stilton</h1>
24 </body>
25</html>
複製代碼
訪問成功。
可是因爲域名未備案,這種方式會被京東雲攔截。
兩種方式:
一、Ingress裏移除指定host;
2、註冊域名,並綁定證書及私鑰。
從Ingress中移除host
將host字段註釋掉:
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10# - host: www.<your-domain-name>.com
11 - http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
複製代碼
重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
2ingress "cheeses" replaced
3$ kubectl get ingress
4NAME HOSTS ADDRESS PORTS AGE
5cheeses * 80 18m複製代碼
Ingress更新成功,經過公網IP+PATH訪問。
Stilton服務
1$ curl -I 114.67.95.167/stilton
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 517
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:19:15 GMT
7Etag: "5784f6c9-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:21 GMT
9Server: nginx/1.11.1
複製代碼
Cheddar服務
1$ curl -I 114.67.95.167/cheddar
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 517
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:19:54 GMT
7Etag: "5784f6e1-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:45 GMT
9Server: nginx/1.11.1複製代碼
Wensleydale服務
複製代碼
1$ curl -I 114.67.95.167/wensleydale
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 521
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:20:00 GMT
7Etag: "5784f6fb-209"
8Last-Modified: Tue, 12 Jul 2016 13:56:11 GMT
9Server: nginx/1.11.1
三個服務都可經過/正常訪問。
配置域名及證書
申請域名:.com,並在京東雲上備案,並解析到SLB公網IP:114.67.95.167
證書和私鑰
1$ ll *.pem
2-rw-r--r-- 1 pmo_jd_a pmo_jd_a 3554 Dec 20 16:04 fullchain.pem
3-rw------- 1 pmo_jd_a pmo_jd_a 1708 Dec 20 16:04 privkey.pem
複製代碼
建立Secret保存證書和私鑰:
1$ kubectl create secret generic traefik-cert --from-file=fullchain.pem --from-file=privkey.pem -n kube-system
2secret "traefik-cert" created
複製代碼
Traefik配置文件(HTTP訪問重定向到HTTPS,證書及私鑰存放在/ssl/目錄下,須要Secret掛載到該目錄以供Traefik讀取):
1# cat traefik.toml
2defaultEntryPoints = ["http","https"]
3[entryPoints]
4 [entryPoints.http]
5 address = ":80"
6 [entryPoints.http.redirect]
7 entryPoint = "https"
8 [entryPoints.https]
9 address = ":443"
10 [entryPoints.https.tls]
11 [[entryPoints.https.tls.certificates]]
12 CertFile = "/ssl/fullchain.pem"
13 KeyFile = "/ssl/privkey.pem"
複製代碼
建立ConfigMap用於保存配置文件traefik.toml:
複製代碼
1$ kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system
2configmap "traefik-conf" created
須要從新部署Traefik,新的Yaml文件以下:
複製代碼
1$ cat traefik-deployment-new.yaml
2kind: Deployment
3apiVersion: extensions/v1beta1
4metadata:
5 name: traefik-ingress-controller
6 namespace: kube-system
7 labels:
8 k8s-app: traefik-ingress-lb
9spec:
10 replicas: 1
11 selector:
12 matchLabels:
13 k8s-app: traefik-ingress-lb
14 template:
15 metadata:
16 labels:
17 k8s-app: traefik-ingress-lb
18 name: traefik-ingress-lb
19 spec:
20 serviceAccountName: traefik-ingress-controller
21 terminationGracePeriodSeconds: 60
22 containers:
23 - image: traefik
24 name: traefik-ingress-lb
25 ports:
26 - name: http
27 containerPort: 80
28 - name: admin
29 containerPort: 8080
30 args:
31 - --api
32 - --kubernetes
33 - --logLevel=INFO
34 - --configfile=/config/traefik.toml
35 volumeMounts:
36 - mountPath: "/ssl"
37 name: "ssl"
38 - mountPath: "/config"
39 name: "config"
40 volumes:
41 - name: ssl
42 secret:
43 secretName: traefik-cert
44 - name: config
45 configMap:
46 name: traefik-conf
從新部署:
1$ kubectl replace -f traefik-deployment-new.yaml
2deployment "traefik-ingress-controller" replaced
3$ kubectl get pod -n kube-system | grep traefik
4traefik-ingress-controller-668679b744-jvmbg 0/1 Terminating 0 4d
5traefik-ingress-controller-7d6cd769c9-2p57t 0/1 ContainerCreating 0 3s
6$ kubectl get pod -n kube-system | grep traefik
7traefik-ingress-controller-7d6cd769c9-2p57t 1/1 Running 0 19s複製代碼
從新部署的Pod正常running。
查看Pod日誌
1$ kubectl logs traefik-ingress-controller-7d6cd769c9-2p57t -n kube-system
2time="2018-12-20T09:29:30Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dbc0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
3time="2018-12-20T09:29:30Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00059de40 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072db80} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
4time="2018-12-20T09:29:30Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000216c60 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dba0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
5time="2018-12-20T09:29:30Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
6time="2018-12-20T09:29:30Z" level=info msg="Starting server on :8080"
7time="2018-12-20T09:29:30Z" level=info msg="Starting server on :80"
8time="2018-12-20T09:29:30Z" level=info msg="Starting server on :443"
9time="2018-12-20T09:29:30Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-20T09:29:30Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-20T09:29:30Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :8080"
13time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :80"
14time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :443"
複製代碼
更新Ingress
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
複製代碼
重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
複製代碼
更新Traefik Service,開放443端口:
1$ cat traefik-service.yaml
2kind: Service
3apiVersion: v1
4metadata:
5 name: traefik-ingress-service
6 namespace: kube-system
7spec:
8 selector:
9 k8s-app: traefik-ingress-lb
10 ports:
11 - protocol: TCP
12 port: 80
13 name: web
14 - protocol: TCP
15 port: 8080
16 name: admin
17 - protocol: TCP
18 port: 443
19 name: tls
20 type: LoadBalancer
複製代碼
應用Service更新:
1$ kubectl apply -f traefik-service.yaml -n kube-system
2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
3service "traefik-ingress-service" configured
複製代碼
HTTPS訪問:
https://www.your-domain-name.com/stilton
以及HTTP:
http://www.your-domain-name.com/stilton
都可正常訪問,且HTTP訪問會被重定向到HTTPS。
總結:
本文僅測試了traefik的路由分發,固然traefik的功能遠遠不止於此,其大體特性以下:
它很是快~~~
無需安裝其餘依賴,經過Go語言編寫的單一可執行文件
支持 Rest API
多種後臺支持:Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, 而且還會更多
後臺監控, 能夠監聽後臺變化進而自動化應用新的配置文件設置
配置文件熱更新,無需重啓進程
正常結束http鏈接
後端斷路器
輪詢,rebalancer 負載均衡
Rest Metrics
支持最小化 官方 docker 鏡像
後臺支持SSL
前臺支持SSL(包括SNI)
清爽的AngularJS前端頁面
支持Websocket
支持HTTP/2
網絡錯誤重試
支持Let’s Encrypt (自動更新HTTPS證書)
高可用集羣模式
歡迎點擊「連接」瞭解京東雲更多精彩內容
·END·
- 1. 乾貨 | 京東雲Kubernetes集羣+Traefik實戰
- 2. 京東雲Kubernetes集羣最佳實踐
- 3. 基於京東雲Kubernetes集羣的 SpringBoot+MySQL 應用示例
- 4. Traefik實現Kubernetes集羣服務外部https訪問
- 5. 京東構建了全球最大的Kubernetes集羣
- 6. 安裝部署Kubernetes集羣實戰
- 7. kubernetes雲平臺管理實戰: 集羣部署(一)
- 8. Kubernetes traefik Ingress
- 9. 京東容器集羣建設之路
- 10. Kubernetes 1.9集羣使用traefik發佈服務
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • Scala Set(集合) - Scala教程
- • Docker容器實戰(八) - 漫談 Kubernetes 的本質
- • Docker容器實戰(一) - 封神Server端技術
-
每一个你不满意的现在,都有一个你没有努力的曾经。