上篇懶得寫了索性轉載了一篇nginx-ingress的,本篇我們來看神器Traefik,我個人是比較看好和偏向與Traefik的,它輕便易用而且還有界面。
先介紹下什麼是Traefik,Traefik是一個爲了讓部署微服務更加便捷而誕生的現代HTTP反向代理、負載均衡工具。 它支持多種後臺 (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) 來自動化、動態的應用它的配置文件設置。
爲什麼比較偏向域Traefik呢,下面來簡單對比下。
ingress:
使用nginx作爲前端負載均衡,通過ingress controller不斷的和kubernetes api交互,實時獲取後端service,pod等的變化,然後動態更新nginx配置,並刷新使配置生效,達到服務發現的目的。
traefik:
traefik本身設計的就能夠實時跟kubernetes api交互,感知後端service,pod等的變化,自動更新配置並重載。
相對來說traefik更快速方便,同時支持更多的特性,使反向代理,負載均衡更直接更高效。
來看看如何部署,很簡單先把源碼clone下來。
[root@k8smaster ~]# git clone https://github.com/containous/traefik.git
來看看目錄下都有什麼,順便找到對應的K8S文件。
[root@k8smaster ~]# cd traefik/ [root@k8smaster traefik]# cd examples/ [root@k8smaster examples]# cd k8s [root@k8smaster k8s]# ls cheese-default-ingress.yaml cheese-ingress.yaml cheeses-ingress.yaml traefik-ds.yaml ui.yaml cheese-deployments.yaml cheese-services.yaml traefik-deployment.yaml traefik-rbac.yaml [root@k8smaster k8s]# pwd /root/traefik/examples/k8s
OK,到這一層就找到了所需的文件,一般呢只需要兩個文件,第一個就是deployment和rbac。
原因呢很簡單,在第一篇部署的時候我們就說了,由於在Kubernets1.6之後啓用了RBAC鑑權機制,所以需配置ClusterRole以及ClusterRoleBinding來對api-server的進行相應權限的鑑權。
那rbac這個文件呢就是創建ClusterRole和ClusterRoleBinding的,至於deployment文件這裏就不說了,相信看到本篇文章的童鞋已經對K8S有了基本認識。
開始創建rbac
[root@k8smaster k8s]# kubectl apply -f traefik-rbac.yaml clusterrole.rbac.authorization.k8s.io "traefik-ingress-controller" created clusterrolebinding.rbac.authorization.k8s.io "traefik-ingress-controller" created 檢查是否成功 [root@k8smaster k8s]# kubectl get clusterrolebinding NAME AGE cluster-admin 113d flannel 113d heapster 113d kubeadm:kubelet-bootstrap 113d ………. traefik-ingress-controller 3s [root@k8smaster k8s]# kubectl get clusterrole NAME AGE admin 113d cluster-admin 113d edit 113d flannel 113d
可以看到clusterrole,clusterrolebinding都創建成功了,下面創建Traefik。
[root@k8smaster k8s]# kubectl apply -f traefik-deployment.yaml serviceaccount "traefik-ingress-controller" created deployment.extensions "traefik-ingress-controller" created service "traefik-ingress-service" created 檢查是否成功 [root@k8smaster k8s]# kubectl get svc,deployment,pod -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE heapster ClusterIP 10.106.236.144 <none> 80/TCP 113d kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 113d kubernetes-dashboard-external NodePort 10.108.106.113 <none> 9090:30090/TCP 113d traefik-ingress-service NodePort 10.98.76.58 <none> 80:30883/TCP ,8080:30731/TCP 17s NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE heapster 1 1 1 1 113d kube-dns 1 1 1 1 113d kubernetes-dashboard 1 1 1 1 113d traefik-ingress-controller 1 1 1 0 18s NAME READY STATUS RESTARTS AGE etcd-k8smaster 1/1 Running 6 113d heapster-6595c54cb9-f7gvz 1/1 Running 4 113d kube-apiserver-k8smaster 1/1 Running 6 113d ………. traefik-ingress-controller-bf6486db6-jzd8w 1/1 Running 0 17s
可以看到service和pod都起來了。
剛纔前面也說到了有個非常簡潔漂亮的界面,非常適合運維統計管理,下面來看看。
[root@k8smaster k8s]# cat ui.yaml --- apiVersion: v1 kind: Service metadata: name: traefik-web-ui namespace: kube-system spec: selector: k8s-app: traefik-ingress-lb ports: - name: web port: 80 targetPort: 8080 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: traefik-web-ui namespace: kube-system spec: rules: - host: traefik-ui.minikube http: paths: - path: / backend: serviceName: traefik-web-ui servicePort: web [root@k8smaster k8s]# kubectl apply -f ui.yaml service "traefik-web-ui" created ingress.extensions "traefik-web-ui" created [root@k8smaster k8s]# kubectl describe ing traefik-web-ui -n kube-system Name: traefik-web-ui Namespace: kube-system Address: Default backend: default-http-backend:80 (<none>) Rules: Host Path Backends ---- ---- -------- traefik-ui.minikube / traefik-web-ui:web (10.0.100.203:8080,10.0.100.204:8080)
剛纔發佈了一個traefix-web-ui的ingress,接下來我們就可以通過域名了訪問了,玩過K8S的相信都能看懂剛纔ui-ingress那個yml文件裏面有一個域名,名爲traefik-ui.minikube,後端traefix-web-ui的service,可以看到關聯到了pod地址10.0.100.203:8080和10.0.100.204:8080。
下面我們修改本機hosts文件,使我們可以通過traefik-ui.minikube域名來訪問traefix-ui
好了本文到此結束,本篇文章只是初步實現了Traefix的http訪問代理,怎麼讓traefix實現https代理以及怎麼對traefix進行更多的配置,將在後續的博文中來討論。
本文參考資料:
http://blog.51cto.com/goome/2151353