本文所有 yaml 文件均參考:
https://github.com/containous/traefik/tree/v1.7/examples/k8s
1.給集羣中的 worker 節點打上label,意味着traefik 將部署到這些節點
# 如果集羣內使用的Hostname ,則需要把 IP 改爲 worker 節點的 hostname
# 本文中 worker01: 192.168.20.11, worker02: 192.168.20.12
kubectl label nodes worker01 edgenode=traefik-proxy
kubectl label nodes worker02 edgenode=traefik-proxy
...
#查看標記結果
kubectl get nodes --show-labels
查看 LABELS 列中有存在 edgenode=traefik-proxy 字樣即爲標記成功
2.準備所需配置文件
#創建一個目錄用於存放所有需要的 yaml 文件
mkdir -p /home/yamls/traefik
cd /home/yamls/traefik
編輯 ingress-rbac.yaml
vi ingress-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: ingress
subjects:
- kind: ServiceAccount
name: ingress
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
編輯 traefik.yaml
vi traefik.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: traefik-ingress-lb
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
terminationGracePeriodSeconds: 60
hostNetwork: true
restartPolicy: Always
serviceAccountName: ingress
containers:
- image: traefik:1.7 # 注意:本文中使用的爲traefik V1.7 版本,不可省略版本號,由於最新版本爲V2.x 配置文件有較大區別
name: traefik-ingress-lb
resources:
limits:
cpu: 200m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8580
hostPort: 8580
args:
- --web
- --web.address=:8580
- --kubernetes
nodeSelector:
edgenode: "traefik-proxy" #需要安裝traefik的標籤 traefik-proxy 即爲 1 中所標記的標籤名稱
編輯 ui.yaml
vi ui.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8580
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
rules:
- host: traefikui.test.com #配置ui的域名,前提是對域名做好了dns解析(這裏需要解析到 1 中打過標籤的任意節點)
http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
3.部署 traefik
kubectl apply -f . #注意後面有一個點不可省略
#檢查是否執行成功
kubectl get svc,deployment,pod --all-namespaces -o wide | grep traefik
#檢查結果
kube-system service/traefik-web-ui ClusterIP 10.68.166.109 <none> 80/TCP 4h k8s-app=traefik-ingress-lb
kube-system pod/traefik-ingress-lb-2qbgd 1/1 Running 0 4h 192.168.20.12 192.168.20.12 <none>
kube-system pod/traefik-ingress-lb-9tc6n 1/1 Running 0 4h 192.168.20.11 192.168.20.11 <none>
kube-system pod/traefik-ingress-lb-fmfn6 1/1 Running 0 4h 192.168.20.13 192.168.20.13 <none>
#查看svc,ing狀態
kubectl describe svc,ing traefik-web-ui -n kube-system
#使用部署traefik節點的node ip: port就可以訪問了
curl http://worker01:8580
#出現 <a href="/dashboard/">Found</a>. 即表明部署成功了
#當然剛纔配置了域名,可以直接使用域名訪問
也可以使用 nginx 代理轉發, nginx代理轉發可參考如下配置
upstream k8s-slave {
server 192.168.20.11 weight=5 max_fails=3 fail_timeout=100s; #服務器地址1
server 192.168.20.12 weight=5 max_fails=3 fail_timeout=100s; #服務器地址2
}
server {
listen 80;
server_name uat.traefik-ui.jz-ins.com;
location / {
proxy_pass http://k8s-slave:8580/;
proxy_cookie_path /traefik-ui /traefik-ui;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header From uat.traefik-ui.jz-ins.com;
proxy_set_header Cookie $http_cookie;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}