traefik 是一個前端負載均衡器,對於微服務架構尤爲是 kubernetes 等編排工具具備良好的支持;同 nginx 等相比,traefik 可以自動感知後端容器變化,從而實現自動服務發現。前端

      traefix的架構以下node

image.png

 

 

Traefix的部署使用nginx

部署環境:web

     k8s-node1(master):192.168.232.130後端

     k8s-node2(node): 192.168.232.131api

     k8s-node2(node): 192.168.232.129tomcat

 

部署步驟:bash

一:建立ClusterRole以及ClusterRoleBinding。(在kubernets1.6以後啓用了RBAC鑑權機制,所以需配置ClusterRole以及ClusterRoleBinding來對api-server的進行相應權限的鑑權)網絡

 

#vi traefik-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ingress
subjects:
  - kind: ServiceAccount
    name: ingress
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
  
  
# kubectl create -f traefik-rbac.yaml 
serviceaccount "ingress" created
clusterrolebinding.rbac.authorization.k8s.io "ingress" created
 

 

 

 

二:部署traefix,這裏使用Deployment方式,定義2個副本,使每一個node都運行traefix服務。架構

# vi traefik-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: traefik-ingress-lb
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 2
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      restartPolicy: Always
      serviceAccountName: ingress
      containers:
      - image: traefik
        name: traefik-ingress-lb
        resources:
          limits:
            cpu: 200m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8580
          hostPort: 8580
        args:
        - --web
        - --web.address=:8580
        - --kubernetes
        
        
# kubectl create -f traefik-deployment.yaml 
deployment.extensions "traefik-ingress-lb" created


# kubectl get deployment.extensions --all-namespaces
NAMESPACE     NAME                   DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
kube-system   kube-dns               1         1         1            0           6d
kube-system   kubernetes-dashboard   1         1         1            1           3d
kube-system   traefik-ingress-lb     2         2         2            2           23s


# kubectl get pods -n kube-system -l k8s-app=traefik-ingress-lb -o wide 
NAME                                  READY     STATUS    RESTARTS   AGE       IP                NODE
traefik-ingress-lb-756f5f956b-pmzlb   1/1       Running   0          6m        192.168.232.131   k8s-node2
traefik-ingress-lb-756f5f956b-xpmcl   1/1       Running   0          6m        192.168.232.129   k8s-node3
 

    這裏建立了一個traefix的Deployment,設置了2個副本,使用hostport的方式在運行traefix的node上監聽了80(traefix服務端口)和8050(traefix-ui界面)端口,而且兩個node上都存在一個traefix的pod。

2.PNG

1.PNG

image.png

 

三:traefix ui界面。

    部署完traefix以後,就可使用node上的8050端口來訪問traefix的ui界面了,從兩個node均可以訪問,以下:

3.PNG

4.PNG

    這裏咱們能夠發佈一個traefix-web-ui的ingress,使咱們能夠經過域名的方式來訪問traefix ui界面:

# vi traefik-ui.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui 
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8580 
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  rules:
  - host: traefik-ui.k8s
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui
          servicePort: web
          
          
# kubectl create -f traefik-ui.yaml 
service "traefik-web-ui" created
ingress.extensions "traefik-web-ui" created


# kubectl describe ingress traefik-web-ui -n kube-system
Name:             traefik-web-ui
Namespace:        kube-system
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host            Path  Backends
  ----            ----  --------
  traefik-ui.k8s  
                  /   traefik-web-ui:web (192.168.232.129:8580,192.168.232.131:8580)
Annotations:
Events:  <none>
 

    咱們發佈了一個host,名爲traefix-ui.k8s,後端traefix-web-ui的service,能夠看到關聯到了pod地址192.168.232.129:8580和192.168.232.131:8580。

    修改host,使咱們能夠經過traefix-ui.k8s域名來訪問traefix-ui:

192.168.232.129 traefik-ui.k8s
192.168.232.131 traefik-ui.k8s
 

5.PNG

 

四:發佈其餘web服務。

      部署完traefix以後,就能夠經過它來發布咱們本身的web應用了。這裏我有兩個簡單的tomcat服務鏡像test1和test2。訪問他們,分別返回字符串tomcat_test1和tomcat_test2。首先,我先建立tomcat-test1和tomcat-test2的pod和service,其中8080爲tomcat的http端口,8443爲tomcat的https端口,本例中僅使用http端口測試。

# vi tomcat-test1.yaml 
#-----Deployment----------------
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-test1
  labels: 
    app: tomcat-test1
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: tomcat-test1
  template:
    metadata:
      labels:
        app: tomcat-test1
    spec:
      containers:
      - name: tomcat-test1
        image: tomcat_test1:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8443
        - containerPort: 8080
---
#------service---------------
apiVersion: v1
kind: Service
metadata:
  name: tomcat-test1
  labels:
    name: tomcat-test1
spec:
  ports:
  - port: 8443
    targetPort: 8443
  selector:
    app: tomcat-test1
  ports:
  - port: 8080 
    targetPort: 8080
  selector:
    app: tomcat-test1

    
# more tomcat-test2.yaml 
#-----Deployment----------------
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat-test2
  labels: 
    app: tomcat-test2
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: tomcat-test2
  template:
    metadata:
      labels:
        app: tomcat-test2
    spec:
      containers:
      - name: tomcat-test2
        image: tomcat_test2:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8443
        - containerPort: 8080
---
#------service---------------
apiVersion: v1
kind: Service
metadata:
  name: tomcat-test2
  labels:
    name: tomcat-test2
spec:
  ports:
  - port: 8443
    targetPort: 8443
  ports:
  - port: 8080 
    targetPort: 8080
  selector:
    app: tomcat-test2
  
  
# kubectl create -f tomcat-test1.yaml 
deployment.apps "tomcat-test1" created
service "tomcat-test1" created
# kubectl create -f tomcat-test2.yaml 
deployment.apps "tomcat-test2" created
service "tomcat-test2" created


# kubectl get deployment
NAME           DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
tomcat-test1   1         1         1            1           52m
tomcat-test2   1         1         1            1           47m
# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP    6d
tomcat-test1   ClusterIP   10.103.134.175   <none>        8080/TCP   52m
tomcat-test2   ClusterIP   10.97.4.120      <none>        8080/TCP   47m
 

    建立test1的ingress,來發布tomcat-test1服務:

# vi ingress-tomcat1.yaml 
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat-test1-web
  namespace: default
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: tomcat.test1.k8s
    http:
      paths:
      - path: /
        backend:
          serviceName: tomcat-test1
          servicePort: 8080

# kubectl create -f ingress-tomcat.yaml 
ingress.extensions "tomcat-test1-web" created
 

    從traefix-ui界面上,能夠看到已經有了一個tomcat.test1.k8s的域名規則。

6.PNG

    修改hosts,使用tomcat.test1.k8s來訪問tomcat-test1應用:

192.168.232.129 tomcat.test1.k8s
192.168.232.131 tomcat.test1.k8s
 

7.PNG

 

五:ingress配置之,同域名分路徑代理不一樣web應用。

     不少使用咱們不想配置太多的域名來區別應用,使用同域名分路徑的方式來區別應用就簡潔方便不少。ingress也提供了相關的配置。

     從上文能夠知道,咱們有兩個應用tomcat-test1和tomcat-test2。這裏可配置域名tomcat.test.k8s,經過路徑test一、test2來分別代理兩個tomcat應用。其中,分路徑配置需添加配置:traefik.frontend.rule.type: PathPrefixStrip

# vi ingress-tomcat.yaml 
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat-test-web
  namespace: default
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.frontend.rule.type: PathPrefixStrip
spec:
  rules:
  - host: tomcat.test.k8s
    http:
      paths:
      - path: /test1/
        backend:
          serviceName: tomcat-test1
          servicePort: 8080
      - path: /test2/
        backend:
          serviceName: tomcat-test2
          servicePort: 8080

          
# kubectl create -f ingress-tomcat.yaml 
ingress.extensions "tomcat-test-web" created


# kubectl describe ingress tomcat-test-web
Name:             tomcat-test-web
Namespace:        default
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host             Path  Backends
  ----             ----  --------
  tomcat.test.k8s  
                   /test1/   tomcat-test1:8080 (<none>)
                   /test2/   tomcat-test2:8080 (<none>)
Annotations:
  kubernetes.io/ingress.class:  traefik
  traefik.frontend.rule.type:   PathPrefixStrip
Events:                         <none>
 

8.PNG

      從describe信息和ui界面上能夠看到,tomcat.test.k8s分別有了/test1/和/test2/的域名代理以及相對應的後端,能夠修改hosts測試一下分路徑是否生效:

192.168.232.129 tomcat.test.k8s
192.168.232.131 tomcat.test.k8s
 

9.PNG

10.PNG

 

 

後記

本章只是初步實現了traefix的http訪問代理,若是開啓traefix的https代理以及怎麼對traefix進行更多的配置,將在後續的博文中來討論。