k8s基础进阶之外部服务发现之Traefik

内容 隐藏
1 1 traefik和ingress的对比
2 2 基于helm部署traefik
3 3 基于helm3部署traefik2.5

1 traefik和ingress的对比

ingress: 使用nginx作为前端负载均衡,通过ingress controller不断的和kubernetes api交互,实时获取后端service,pod等的变化,然后动态更新nginx配置,并刷新使配置生效,达到服务发现的目的。 traefik: traefik本身设计的就能够实时跟kubernetes api交互,感知后端service,pod等的变化,自动更新配置并重载。 traefik更快速方便,同时支持更多的特性,使反向代理,负载均衡更直接更高效

2 基于helm部署traefik 

下载traefik需要用到的chart
[root@k8s-master ~]# git clone https://github.com/helm/charts.git

修改traefik使用宿主机网络
[root@k8s-master ~]# vim charts/stable/traefik/templates/deployment.yaml
hostNetwork: true

配置dashboard
[root@tech04 stable]# pwd
/root/k8s/traefik/charts/stable

 cat traefik/traefik.yaml 
serviceType: NodePort
replicas: 1
resources:
  limits:
    cpu: 500m
    memory: 512Mi
dashboard:
  enabled: true
  domain: traefik-test.devopstack.cn
service:
  nodePorts:
    http: 30080
    https: 30443
rbac:
  enabled: true
metrics:
  prometheus:
    enabled: true

部署
[root@k8s-master stable]# helm install ./traefik --name traefik --namespace kube-system -f traefik/traefik.yaml

报错
[root@tech04 stable]# helm install ./traefik --name traefik --namespace kube-system -f traefik/traefik.yaml
Error: release traefik failed: namespaces "kube-system" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "kube-system"
解决方法:
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

验证
[root@tech04 stable]# kubectl get pod -n kube-system -o wide |grep traefik
traefik-577695559f-mq59z                      1/1     Running   0          29m     10.244.2.39     tech06   <none>           <none>

[root@tech04 stable]# kubectl get ingress -n kube-system 
NAME                CLASS    HOSTS                            ADDRESS   PORTS   AGE
traefik-dashboard   <none>   traefik-test.unionpaysmart.com             80      29m

访问traefik dashborad
k8s基础进阶之外部服务发现之Traefik

3 基于helm3部署traefik2.5 

安装 CRD
kubectl apply -k "github.com/kubernetes-sigs/service-apis/config/crd?ref=v0.1.0"
安装配置 Traefik
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm install traefik   --set experimental.kubernetesGateway.enabled=true traefik/traefik  --namespace kube-system 
NAME: traefik
LAST DEPLOYED: Wed Sep 15 14:35:31 2021
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None

要验证新功能是否已经被启用,这里我们使用端口转发来直接暴露 Traefik 的 Dashboard。
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" -n kube-system --output=name ) 9000:9000
  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin
avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: