温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
获取短信验证码
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》
登 录 注册有礼
云服务器 香港服务器 高防服务器
最新更新 网站标签 地图导航
产品

K8S 之 服务暴露Ingress Traefik 安装

发布时间:2020-03-06 01:21:47 来源:网络 阅读:503 作者:wx592bc92b285c7 栏目:系统运维

一、POD服务暴露Ingress Traefik的理解

K8S 之 服务暴露Ingress Traefik 安装

二、Ingress 数据流向

K8S 之 服务暴露Ingress Traefik 安装

三、Ingress Traefik安装

在运维主机上运行
[root@test-operator traefik]# cd /data/k8s-yaml/ k8s-yaml]# mkdir traefik k8s-yaml]# cd traefik/ traefik]# docker pull traefik:v1.7.2-alpine traefik]# docker images|grep traefik traefik]# docker tag add5fac61ae5 traefik]# harbor.od.com/public/traefik:v1.7.2 traefik]# docker push test-harbor.cedarhd.com/public/traefik:v1.7.2 #创建四个资源配置清单 traefik]# vi rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: traefik-ingress-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: traefik-ingress-controller rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system ------------------------------------------------------------------------------------------ traefik]# vi ds.yaml apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: traefik-ingress namespace: kube-system labels: k8s-app: traefik-ingress spec: template: metadata: labels: k8s-app: traefik-ingress name: traefik-ingress spec: serviceAccountName: traefik-ingress-controller terminationGracePeriodSeconds: 60 containers: - image: test-harbor.cedarhd.com/public/traefik:v1.7.2 name: traefik-ingress ports: - name: controller containerPort: 80 hostPort: 81 - name: admin-web containerPort: 8080 securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE args: - --api - --kubernetes - --logLevel=INFO - --insecureskipverify=true - --kubernetes.endpoint=https://10.3.153.240:7443 - --accesslog - --accesslog.filepath=/var/log/traefik_access.log - --traefiklog - --traefiklog.filepath=/var/log/traefik.log - --metrics.prometheus ------------------------------------------------------------------------------------------ traefik]# vi svc.yaml kind: Service apiVersion: v1 metadata: name: traefik-ingress-service namespace: kube-system spec: selector: k8s-app: traefik-ingress ports: - protocol: TCP port: 80 name: controller - protocol: TCP port: 8080 name: admin-web ------------------------------------------------------------------------------------------ traefik]# vi ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: traefik-web-ui namespace: kube-system annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: test-traefik.cedarhd.com http: paths: - path: / backend: serviceName: traefik-ingress-service servicePort: 8080
在任意运算节点主机上运行
[root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/rbac.yaml serviceaccount/traefik-ingress-controller created clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created [root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/ds.yaml daemonset.extensions/traefik-ingress created [root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/svc.yaml service/traefik-ingress-service created [root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/ingress.yaml ingress.extensions/traefik-web-ui created [root@test-nodes1 ~]# systemctl restart docker.service #重启两台运算节点的docker [root@test-nodes2 ~]# kubectl get pods -n kube-system #检查运行情况 NAME READY STATUS RESTARTS AGE coredns-6c69fbcc6c-6vqgr 1/1 Running 0 18h traefik-ingress-44ptk 1/1 Running 0 22m traefik-ingress-vrvr4 1/1 Running 0 22m

四、分别在master/standby proxy做域名解释跳转

[root@test-master ~]# vi /etc/nginx/conf.d/cedarhd.com.conf upstream default_backend_traefik { server 10.3.153.221:81 max_fails=3 fail_timeout=10s; server 10.3.153.222:81 max_fails=3 fail_timeout=10s; } server { server_name *.cedarhd.com; location / { proxy_pass http://default_backend_traefik; proxy_set_header Host $http_host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; } } [root@test-master ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@test-master ~]# nginx -s reload #备注,在DNS主机上把test-traefik.cedarhd.com的域名解释到VIP地址(10.3.153.240)上。

K8S 之 服务暴露Ingress Traefik 安装

向AI问一下细节
推荐阅读:
  1. k8s实践17:监控利器prometheus helm方式部署配置测试
  2. 入门级实操教程!从概念到部署,全方位了解K8S Ingress!

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

k8s gr 暴露

猜你喜欢

最新资讯
相关推荐

相关标签

prometheus1-k8s-node 部署k8s集群 k8s集群 k8s多节点部署 deployment 方法笔记 xtrabakup 外查询 globals sfb lpc 建网站
AI

产品服务
地区划分
专题活动
帮助支持
关于我们
售后咨询
7*24小时在线电话:400-100-2938
7*24小时在线 QQ:800811969
关注亿速云

亿速云公众号

手机网站二维码

Copyright © Yisu Cloud Ltd. All Rights Reserved. 2018 版权所有

广州亿速云计算有限公司粤ICP备17096448号-1 粤公网安备 44010402001142号增值电信业务经营许可证编号:B1-20181529