乾貨 | 京東雲Kubernetes集羣+Traefik實戰
摘要html
Traefik支持豐富的annotations配置,可配置衆多出色的特性,例如:自動熔斷、負載均衡策略、黑名單、白名單。因此Traefik對於微服務來講簡直就是一神器。前端
利用Traefik,並結合京東雲Kubernetes集羣及其餘雲服務(RDS,NAS,OSS,塊存儲等),可快速構建彈性擴展的微服務集羣。nginx
Traefik是一個爲了讓部署微服務更加便捷而誕生的現代HTTP反向代理、負載均衡工具。它支持多種後臺(Kubernetes,Docker,Swarm,Marathon,Mesos,Consul,Etcd,Zookeeper等)。git
本文大體步驟以下:github
Kubernetes權限配置(RBAC);web
Traefik部署;docker
建立三個實例服務;後端
生成Ingress規則,並經過PATH測試經過Traefik訪問各個服務;api
Traefik配置域名及TLS證書,並實現HTTP重定向到HTTS。安全
本文部署Traefik使用到的Yaml文件均基於Traefik官方實例,併爲適配京東雲Kubernetes集羣作了相關修改:
https://github.com/containous/traefik/tree/master/examples/k8s
基本概念
1 Ingress邊界路由
雖然Kubernetes集羣內部署的pod、server都有本身的IP,可是卻沒法提供外網訪問,雖然咱們能夠經過監聽NodePort的方式暴露服務,可是這種方式並不靈活,生產環境也不建議使用。
Ingresss是k8s集羣中的一個API資源對象,扮演邊緣路由器(edge router)的角色,也能夠理解爲集羣防火牆、集羣網關,咱們能夠自定義路由規則來轉發、管理、暴露服務(一組Pod),很是靈活,生產環境建議使用這種方式。
什麼是Ingress?
在Kubernetes中,Service和Pod的IP地址僅能夠在集羣網絡內部使用,對於集羣外的應用是不可見的。爲了使外部的應用可以訪問集羣內的服務,在Kubernetes中能夠經過NodePort和LoadBalancer這兩種類型的Service,或者使用Ingress。
Ingress本質是經過http代理服務器將外部的http請求轉發到集羣內部的後端服務。經過Ingress,外部應用訪問羣集內容服務的過程以下所示:
Ingress 就是爲進入集羣的請求提供路由規則的集合。
Ingress 能夠給 Service 提供集羣外部訪問的URL、負載均衡、SSL終止、HTTP路由等。爲了配置這些 Ingress 規則,集羣管理員須要部署一個 Ingress controller,它監聽 Ingress 和 Service 的變化,並根據規則配置負載均衡並提供訪問入口。
2 Traefik是什麼?
Traefik在Github上Star數超19K:
Traefik is a modern HTTP reverse proxy and load balancer designed for deploying microservices.
Traefik是一個爲了讓部署微服務更加便捷而誕生的現代HTTP反向代理、負載均衡工具。
Traefik是一個用Golang開發的輕量級的Http反向代理和負載均衡器,雖然相比於Nginx,它是後起之秀,可是它自然擁抱Kubernetes,直接與集羣K8s的Api Server通訊,反應很是迅速,同時還提供了友好的控制面板和監控界面,不只能夠方便地查看Traefik根據Ingress生成的路由配置信息,還能夠查看統計的一些性能指標數據,如:總響應時間、平均響應時間、不一樣的響應碼返回的總次數等。
不只如此,Traefik還支持豐富的annotations配置,可配置衆多出色的特性,例如:自動熔斷、負載均衡策略、黑名單、白名單。因此Traefik對於微服務來講簡直就是一神器。
Traefik User Guide for Kubernetes:
3 京東雲Kubernetes集羣
京東雲Kubernetes整合京東雲虛擬化、存儲和網絡能力,提供高性能可伸縮的容器應用管理能力,簡化集羣的搭建和擴容等工做,讓用戶專一於容器化的應用的開發與管理。
用戶能夠在京東雲建立一個安全高可用的 Kubernetes 集羣,並由京東雲徹底託管 Kubernetes 服務,並保證集羣的穩定性和可靠性。讓用戶能夠方便地在京東雲上使用 Kubernetes 管理容器應用。
京東雲Kubernetes集羣:
前置條件
1 建立京東雲Kubernetes集羣
建立Kubernetes集羣
請參考:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/create-to-cluster
2 Kubernetes客戶端配置
集羣建立完成後,須要配置kubectl客戶端以鏈接Kubernetes集羣。
請參考:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/connect-to-cluster
Traefik部署
1 權限配置
建立響應的Cluster Role和Cluster Role Binding,以賦予Traefik足夠的權限。
Yaml文件以下:
1$ cat traefik-rbac.yaml 2--- 3kind: ClusterRole 4apiVersion: rbac.authorization.k8s.io/v1beta1 5metadata: 6 name: traefik-ingress-controller 7rules: 8 - apiGroups: 9 - "" 10 resources: 11 - services 12 - endpoints 13 - secrets 14 verbs: 15 - get 16 - list 17 - watch 18 - apiGroups: 19 - extensions 20 resources: 21 - ingresses 22 verbs: 23 - get 24 - list 25 - watch 26--- 27kind: ClusterRoleBinding 28apiVersion: rbac.authorization.k8s.io/v1beta1 29metadata: 30 name: traefik-ingress-controller 31roleRef: 32 apiGroup: rbac.authorization.k8s.io 33 kind: ClusterRole 34 name: traefik-ingress-controller 35subjects: 36- kind: ServiceAccount 37 name: traefik-ingress-controller 38 namespace: kube-system
開始建立
1$ kubectl create -f traefik-rbac.yaml 2clusterrole "traefik-ingress-controller" created 3clusterrolebinding "traefik-ingress-controller" created
建立成功
1$ kubectl get clusterrole -n kube-system | grep traefik 2traefik-ingress-controller 25s 3 4$ kubectl get clusterrolebinding -n kube-system | grep traefik 5traefik-ingress-controller 35s
2 部署Traefik
本文選擇使用Deployment部署Traefik。除此以外,Traefik還提供了DaemonSet的部署方式:
https://github.com/containous/traefik/blob/master/examples/k8s/traefik-ds.yaml
Traefik的80端口爲接收HTTP請求,8080端口爲Dashboard訪問端口;經過Load Balancer類型的Service建立京東雲負載均衡SLB,來做爲K8s集羣的統一入口。
Yaml文件以下:
1$ cat traefik-deployment.yaml 2--- 3apiVersion: v1 4kind: ServiceAccount 5metadata: 6 name: traefik-ingress-controller 7 namespace: kube-system 8--- 9kind: Deployment 10apiVersion: extensions/v1beta1 11metadata: 12 name: traefik-ingress-controller 13 namespace: kube-system 14 labels: 15 k8s-app: traefik-ingress-lb 16spec: 17 replicas: 1 18 selector: 19 matchLabels: 20 k8s-app: traefik-ingress-lb 21 template: 22 metadata: 23 labels: 24 k8s-app: traefik-ingress-lb 25 name: traefik-ingress-lb 26 spec: 27 serviceAccountName: traefik-ingress-controller 28 terminationGracePeriodSeconds: 60 29 containers: 30 - image: traefik 31 name: traefik-ingress-lb 32 ports: 33 - name: http 34 containerPort: 80 35 - name: admin 36 containerPort: 8080 37 args: 38 - --api 39 - --kubernetes 40 - --logLevel=INFO 41--- 42kind: Service 43apiVersion: v1 44metadata: 45 name: traefik-ingress-service 46 namespace: kube-system 47spec: 48 selector: 49 k8s-app: traefik-ingress-lb 50 ports: 51 - protocol: TCP 52 port: 80 53 name: web 54 - protocol: TCP 55 port: 8080 56 name: admin 57 type: LoadBalancer
開始建立
1$ kubectl create -f traefik-deployment.yaml 2serviceaccount "traefik-ingress-controller" created 3deployment "traefik-ingress-controller" created 4service "traefik-ingress-service" created
Pod正常運行
<pre style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: inherit; color: inherit; line-height: inherit;"> 1$ kubectl get pod -n kube-system | grep traefik 2traefik-ingress-controller-668679b744-jvmbg 1/1 Running 0 57s
查看Pod日誌
1$ kubectl logs traefik-ingress-controller-668679b744-jvmbg -n kube-system 2time="2018-12-15T16:58:49Z" level=info msg="Traefik version v1.7.6 built on 2018-12-14_06:43:37AM" 3time="2018-12-15T16:58:49Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n" 4time="2018-12-15T16:58:49Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e20} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" 5time="2018-12-15T16:58:49Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" 6time="2018-12-15T16:58:49Z" level=info msg="Starting provider configuration.ProviderAggregator {}" 7time="2018-12-15T16:58:49Z" level=info msg="Starting server on :80" 8time="2018-12-15T16:58:49Z" level=info msg="Starting server on :8080" 9time="2018-12-15T16:58:49Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"10time="2018-12-15T16:58:49Z" level=info msg="ingress label selector is: \"\""11time="2018-12-15T16:58:49Z" level=info msg="Creating in-cluster Provider client"12time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :80"13time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :8080"
查看Traefik對應的SLB Service
1$ kubectl get svc/traefik-ingress-service -n kube-system2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE3traefik-ingress-service LoadBalancer 10.0.58.175 114.67.95.167 80:30331/TCP,8080:30232/TCP 2m
京東雲負載均衡的公網IP爲114.67.95.167。
若是須要經過域名訪問K8s內的服務,則能夠經過將域名解析至該公網IP。
此時,經過「公網IP:8080」即可以訪問Traefik的Dashboard。
3 Traefik使用示例
建立服務
建立3個Deployment對外提供HTTP服務,分別名爲:Stilton、Cheddar、Wensleydale。
1$ cat cheese-deployments.yaml 2--- 3kind: Deployment 4apiVersion: extensions/v1beta1 5metadata: 6 name: stilton 7 labels: 8 app: cheese 9 cheese: stilton 10spec: 11 replicas: 2 12 selector: 13 matchLabels: 14 app: cheese 15 task: stilton 16 template: 17 metadata: 18 labels: 19 app: cheese 20 task: stilton 21 version: v0.0.1 22 spec: 23 containers: 24 - name: cheese 25 image: errm/cheese:stilton 26 resources: 27 requests: 28 cpu: 100m 29 memory: 50Mi 30 limits: 31 cpu: 100m 32 memory: 50Mi 33 ports: 34 - containerPort: 80 35--- 36kind: Deployment 37apiVersion: extensions/v1beta1 38metadata: 39 name: cheddar 40 labels: 41 app: cheese 42 cheese: cheddar 43spec: 44 replicas: 2 45 selector: 46 matchLabels: 47 app: cheese 48 task: cheddar 49 template: 50 metadata: 51 labels: 52 app: cheese 53 task: cheddar 54 version: v0.0.1 55 spec: 56 containers: 57 - name: cheese 58 image: errm/cheese:cheddar 59 resources: 60 requests: 61 cpu: 100m 62 memory: 50Mi 63 limits: 64 cpu: 100m 65 memory: 50Mi 66 ports: 67 - containerPort: 80 68--- 69kind: Deployment 70apiVersion: extensions/v1beta1 71metadata: 72 name: wensleydale 73 labels: 74 app: cheese 75 cheese: wensleydale 76spec: 77 replicas: 2 78 selector: 79 matchLabels: 80 app: cheese 81 task: wensleydale 82 template: 83 metadata: 84 labels: 85 app: cheese 86 task: wensleydale 87 version: v0.0.1 88 spec: 89 containers: 90 - name: cheese 91 image: errm/cheese:wensleydale 92 resources: 93 requests: 94 cpu: 100m 95 memory: 50Mi 96 limits: 97 cpu: 100m 98 memory: 50Mi 99 ports:100 - containerPort: 80
1$ kubectl create -f cheese-deployments.yaml 2deployment "stilton" created3deployment "cheddar" created4deployment "wensleydale" created
對應的Service
1$ cat cheese-services.yaml 2--- 3apiVersion: v1 4kind: Service 5metadata: 6 name: stilton 7spec: 8 ports: 9 - name: http10 targetPort: 8011 port: 8012 selector:13 app: cheese14 task: stilton15---16apiVersion: v117kind: Service18metadata:19 name: cheddar20spec:21 ports:22 - name: http23 targetPort: 8024 port: 8025 selector:26 app: cheese27 task: cheddar28---29apiVersion: v130kind: Service31metadata:32 name: wensleydale33spec:34 ports:35 - name: http36 targetPort: 8037 port: 8038 selector:39 app: cheese40 task: wensleydale
1$ kubectl create -f cheese-services.yaml 2service "stilton" created3service "cheddar" created4service "wensleydale" created
建立Ingress
Ingress Yaml文件以下:
1$ cat my-cheeses-ingress.yaml 2apiVersion: extensions/v1beta1 3kind: Ingress 4metadata: 5 name: cheeses 6 annotations: 7 traefik.frontend.rule.type: PathPrefixStrip 8spec: 9 rules:10 - host: www.<your-domain-name>.com 11 http:12 paths:13 - path: /stilton14 backend:15 serviceName: stilton16 servicePort: http17 - path: /cheddar18 backend:19 serviceName: cheddar20 servicePort: http21 - path: /wensleydale22 backend:23 serviceName: wensleydale24 servicePort: http
建立Ingress
1$ kubectl create -f my-cheeses-ingress.yaml 2ingress "cheeses" created
建立成功
1$ kubectl describe ingress/cheeses 2Name: cheeses 3Namespace: default 4Address: 5Default backend: default-http-backend:80 (<none>) 6Rules: 7 Host Path Backends 8 ---- ---- -------- 9 www.<your-domain-name>.com 10 /stilton stilton:http (<none>)11 /cheddar cheddar:http (<none>)12 /wensleydale wensleydale:http (<none>)13Annotations:14Events: <none>
訪問服務
直接經過ELB IP+PATH訪問:
1$ curl 114.67.95.167/stilton2404 page not found
訪問失敗,由於Ingress規則裏指定了host。
請求Header中指定host:
1$ curl -H "Host:www.<your-domain-name>.com" 114.67.95.167/stilton
2<html>
3 <head>
4 <style>
5 html {
6 background: url(./bg.png) no-repeat center center fixed;
7 -webkit-background-size: cover;
8 -moz-background-size: cover;
9 -o-background-size: cover;
10 background-size: cover;
11 }
12
13 h1 {
14 font-family: Arial, Helvetica, sans-serif;
15 background: rgba(187, 187, 187, 0.5);
16 width: 3em;
17 padding: 0.5em 1em;
18 margin: 1em;
19 }
20 </style>
21 </head>
22 <body>
23 <h1>Stilton</h1>
24 </body>
25</html>
訪問成功。
可是因爲域名未備案,這種方式會被京東雲攔截。
兩種方式:
1、Ingress裏移除指定host;
2、註冊域名,並綁定證書及私鑰。
從Ingress中移除host
將host字段註釋掉:
1$ cat my-cheeses-ingress.yaml 2apiVersion: extensions/v1beta1 3kind: Ingress 4metadata: 5 name: cheeses 6 annotations: 7 traefik.frontend.rule.type: PathPrefixStrip 8spec: 9 rules: 10# - host: www.<your-domain-name>.com 11 - http: 12 paths: 13 - path: /stilton 14 backend: 15 serviceName: stilton 16 servicePort: http 17 - path: /cheddar 18 backend: 19 serviceName: cheddar 20 servicePort: http 21 - path: /wensleydale 22 backend: 23 serviceName: wensleydale 24 servicePort: http
重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml 2ingress "cheeses" replaced 3$ kubectl get ingress 4NAME HOSTS ADDRESS PORTS AGE 5cheeses * 80 18m
Ingress更新成功,經過公網IP+PATH訪問。
Stilton服務
1$ curl -I 114.67.95.167/stilton 2HTTP/1.1 200 OK 3Accept-Ranges: bytes 4Content-Length: 517 5Content-Type: text/html 6Date: Thu, 20 Dec 2018 06:19:15 GMT 7Etag: "5784f6c9-205" 8Last-Modified: Tue, 12 Jul 2016 13:55:21 GMT 9Server: nginx/1.11.1
Cheddar服務
1$ curl -I 114.67.95.167/cheddar 2HTTP/1.1 200 OK 3Accept-Ranges: bytes 4Content-Length: 517 5Content-Type: text/html 6Date: Thu, 20 Dec 2018 06:19:54 GMT 7Etag: "5784f6e1-205" 8Last-Modified: Tue, 12 Jul 2016 13:55:45 GMT 9Server: nginx/1.11.1
Wensleydale服務
1$ curl -I 114.67.95.167/wensleydale 2HTTP/1.1 200 OK 3Accept-Ranges: bytes 4Content-Length: 521 5Content-Type: text/html 6Date: Thu, 20 Dec 2018 06:20:00 GMT 7Etag: "5784f6fb-209" 8Last-Modified: Tue, 12 Jul 2016 13:56:11 GMT 9Server: nginx/1.11.1
三個服務都可經過/正常訪問。
配置域名及證書
申請域名:.com,並在京東雲上備案,並解析到SLB公網IP:114.67.95.167
證書和私鑰
1$ ll *.pem 2-rw-r--r-- 1 pmo_jd_a pmo_jd_a 3554 Dec 20 16:04 fullchain.pem 3-rw------- 1 pmo_jd_a pmo_jd_a 1708 Dec 20 16:04 privkey.pem
建立Secret保存證書和私鑰:
1$ kubectl create secret generic traefik-cert --from-file=fullchain.pem --from-file=privkey.pem -n kube-system 2secret "traefik-cert" created
Traefik配置文件(HTTP訪問重定向到HTTPS,證書及私鑰存放在/ssl/目錄下,須要Secret掛載到該目錄以供Traefik讀取):
1# cat traefik.toml 2defaultEntryPoints = ["http","https"] 3[entryPoints] 4 [entryPoints.http] 5 address = ":80" 6 [entryPoints.http.redirect] 7 entryPoint = "https" 8 [entryPoints.https] 9 address = ":443" 10 [entryPoints.https.tls] 11 [[entryPoints.https.tls.certificates]] 12 CertFile = "/ssl/fullchain.pem" 13 KeyFile = "/ssl/privkey.pem"
建立ConfigMap用於保存配置文件traefik.toml:
1$ kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system 2configmap "traefik-conf" created
須要從新部署Traefik,新的Yaml文件以下:
1$ cat traefik-deployment-new.yaml 2kind: Deployment 3apiVersion: extensions/v1beta1 4metadata: 5 name: traefik-ingress-controller 6 namespace: kube-system 7 labels: 8 k8s-app: traefik-ingress-lb 9spec: 10 replicas: 1 11 selector: 12 matchLabels: 13 k8s-app: traefik-ingress-lb 14 template: 15 metadata: 16 labels: 17 k8s-app: traefik-ingress-lb 18 name: traefik-ingress-lb 19 spec: 20 serviceAccountName: traefik-ingress-controller 21 terminationGracePeriodSeconds: 60 22 containers: 23 - image: traefik 24 name: traefik-ingress-lb 25 ports: 26 - name: http 27 containerPort: 80 28 - name: admin 29 containerPort: 8080 30 args: 31 - --api 32 - --kubernetes 33 - --logLevel=INFO 34 - --configfile=/config/traefik.toml 35 volumeMounts: 36 - mountPath: "/ssl" 37 name: "ssl" 38 - mountPath: "/config" 39 name: "config" 40 volumes: 41 - name: ssl 42 secret: 43 secretName: traefik-cert 44 - name: config 45 configMap: 46 name: traefik-conf
從新部署:
1$ kubectl replace -f traefik-deployment-new.yaml 2deployment "traefik-ingress-controller" replaced 3$ kubectl get pod -n kube-system | grep traefik 4traefik-ingress-controller-668679b744-jvmbg 0/1 Terminating 0 4d 5traefik-ingress-controller-7d6cd769c9-2p57t 0/1 ContainerCreating 0 3s 6$ kubectl get pod -n kube-system | grep traefik 7traefik-ingress-controller-7d6cd769c9-2p57t 1/1 Running 0 19s
從新部署的Pod正常running。
查看Pod日誌
$ kubectl logs traefik-ingress-controller-7d6cd769c9-2p57t -n kube-system
2time="2018-12-20T09:29:30Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dbc0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
3time="2018-12-20T09:29:30Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00059de40 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072db80} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
4time="2018-12-20T09:29:30Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000216c60 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dba0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
5time="2018-12-20T09:29:30Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
6time="2018-12-20T09:29:30Z" level=info msg="Starting server on :8080"
7time="2018-12-20T09:29:30Z" level=info msg="Starting server on :80"
8time="2018-12-20T09:29:30Z" level=info msg="Starting server on :443"
9time="2018-12-20T09:29:30Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-20T09:29:30Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-20T09:29:30Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :8080"
13time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :80"
14time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :443"
更新Ingress
$ cat my-cheeses-ingress.yaml 2apiVersion: extensions/v1beta1 3kind: Ingress 4metadata: 5 name: cheeses 6 annotations: 7 traefik.frontend.rule.type: PathPrefixStrip 8spec: 9 rules: 10 - host: www.<your-domain-name>.com 11 http: 12 paths: 13 - path: /stilton 14 backend: 15 serviceName: stilton 16 servicePort: http 17 - path: /cheddar 18 backend: 19 serviceName: cheddar 20 servicePort: http 21 - path: /wensleydale 22 backend: 23 serviceName: wensleydale 24 servicePort: http
重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
更新Traefik Service,開放443端口:
1$ kubectl apply -f traefik-service.yaml -n kube-system 2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply 3service "traefik-ingress-service" configured
應用Service更新:
1$ kubectl apply -f traefik-service.yaml -n kube-system2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply3service "traefik-ingress-service" configured
HTTPS訪問:
https://www.your-domain-name.com/stilton
以及HTTP:
http://www.your-domain-name.com/stilton
都可正常訪問,且HTTP訪問會被重定向到HTTPS。
總結:
本文僅測試了traefik的路由分發,固然traefik的功能遠遠不止於此,其大體特性以下:
它很是快~~~
無需安裝其餘依賴,經過Go語言編寫的單一可執行文件
支持 Rest API
多種後臺支持:Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, 而且還會更多
後臺監控, 能夠監聽後臺變化進而自動化應用新的配置文件設置
配置文件熱更新,無需重啓進程
正常結束http鏈接
後端斷路器
輪詢,rebalancer 負載均衡
Rest Metrics
支持最小化 官方 docker 鏡像
後臺支持SSL
前臺支持SSL(包括SNI)
清爽的AngularJS前端頁面
支持Websocket
支持HTTP/2
網絡錯誤重試
支持Let’s Encrypt (自動更新HTTPS證書)
高可用集羣模式
歡迎點擊「連接」瞭解更多精彩內容
·END·
RECOMMEND
推薦閱讀
乾貨 | 基於Keepalived實現京東雲內網服務組件高可用
產品發佈 | 京東雲發佈地域級高可用Kubernetes集羣服務
點擊閱讀原文, 瞭解更多京東雲K8s集羣
相關文章
- 1. 京東雲Kubernetes集羣+Traefik實戰
- 2. 京東雲Kubernetes集羣最佳實踐
- 3. 乾貨 | 京東雲託管Kubernetes集成鏡像倉庫並部署原生DashBoard
- 4. 乾貨|Kubernetes集羣部署 Nginx-ingress Controller
- 5. 基於京東雲Kubernetes集羣的 SpringBoot+MySQL 應用示例
- 6. 乾貨 | 京東雲帳號安全管理最佳實踐
- 7. 乾貨 | 京東雲彈性伸縮功能實踐
- 8. MySQL集羣乾貨
- 9. 乾貨 | 京東雲數據庫RDS SQL Server高可用概述
- 10. 乾貨 | 運維福音——Terraform自動化管理京東雲
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • 如何幹擾TCP數據傳輸? - TCP/IP教程
- • Docker容器實戰(八) - 漫談 Kubernetes 的本質
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 京東雲Kubernetes集羣+Traefik實戰
- 2. 京東雲Kubernetes集羣最佳實踐
- 3. 乾貨 | 京東雲託管Kubernetes集成鏡像倉庫並部署原生DashBoard
- 4. 乾貨|Kubernetes集羣部署 Nginx-ingress Controller
- 5. 基於京東雲Kubernetes集羣的 SpringBoot+MySQL 應用示例
- 6. 乾貨 | 京東雲帳號安全管理最佳實踐
- 7. 乾貨 | 京東雲彈性伸縮功能實踐
- 8. MySQL集羣乾貨
- 9. 乾貨 | 京東雲數據庫RDS SQL Server高可用概述
- 10. 乾貨 | 運維福音——Terraform自動化管理京東雲