认识
Traefik2.0 中的配置可以使用两种不同的方式
静态配置
连接到 providers 并定义 Treafik 将要监听的 entrypoints。在 Traefik 中有三种方式定义静态配置:在配置文件中、在命令行参数中、通过环境变量传递。
动态配置
静态配置
包含定义系统如何处理请求的所有配置内容,这些配置是可以改变的,而且是无缝热更新的,没有任何请求中断或连接损耗。
安装
配置KubernetesCRD和部署/公开服务
安装文件准备
crd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75# cat > crd.yaml <<EOF
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TraefikService
plural: traefikservices
singular: traefikservice
scope: Namespaced
EOFrbac.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66# cat > rbac.yaml <<EOF
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- ingressroutes
- traefikservices
- ingressroutetcps
- tlsoptions
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
EOFtraefik.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84# cat >traefik.yaml <<EOF
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik
namespace: kube-system
labels:
app: traefik-ingress-lb
spec:
selector:
matchLabels:
app: traefik-ingress-lb
template:
metadata:
labels:
app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- image: traefik:v2.1.1
name: traefik-ingress-lb
ports:
- name: web
containerPort: 80
hostPort: 80
- name: websecure
containerPort: 443
hostPort: 443
- name: admin
containerPort: 8080
- name: mongo
hostPort: 27017
containerPort: 27017
- name: redis
containerPort: 6379
hostPort: 6379
args:
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
- --entryPoints.mongo.address=:27017
- --entrypoints.redis.Address=:6379
- --api.insecure=true
- --providers.kubernetescrd
- --api
- --api.dashboard=true
- --providers.kubernetesingress
- --accesslog
- --metrics
- --metrics.datadog=true
- --metrics.prometheus=true
- --tracing
- --tracing.zipkin=true
nodeSelector:
IngressProxy: "true"
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/ingress
operator: Equal
---
kind: Service
apiVersion: v1
metadata:
name: traefik
namespace: kube-system
spec:
type: ClusterIP
selector:
app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
targetPort: 80
- protocol: TCP
port: 8080
name: admin
targetPort: 8080
EOF
注:
- args: 都是静态参数
--providers.kubernetesingress这个参数可以开启,如果之前安装过traefik,也建立了一些traefik的ingress。就会自动的导入添加进来,这比较方便和实用。
- Ingressroute.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16# cat >Ingressroute.yaml<<EOF
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-webui
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.xxlaila.cn`)
kind: Rule
services:
- name: traefik
port: 8080
EOF
上述文件可以参考traefik官方,可以直接拿来使用,根据自己的需求来进行修改。插件部分参考官方,也可以参考实列
执行创建
1 | # kubectl apply -f ./ |
在浏览器访问traefik.xxlaila.cn即可
traefik 动态配置
在很多时候,某一个应用程序突然发生改变,这就会产生配置文件的改动,按照之前的部署方式来进行使用traefik,每一次的都需要进行重新部署,这对于生成环境或者在正式使用的过程中是不允许的,还好traefik提供了动态配置,动态配置可以支持一个目录,也可以支持一个文件。似乎动态加载目录下面的配置文件更加的舒适,部分配置文件分开,有利于维护和影响小范围。
动态配置文件生成过多,在某些时候变动过大,traefik重载配置可能会压力比较大。还好traefik有一个参数配置providers.providersThrottleDuration,该参数配置是Traefik在重新加载配置之后等待的持续时间,然后才考虑任何新的配置刷新事件。如果在此持续时间内有任何事件到达,则仅考虑最近的事件,所有先前的事件都将被丢弃。traefik默认时间是2s。
部署traefik动态配置
traefik.yaml
1 | # cat > traefik.yaml<<EOF |
dashboard部署
1 | # cat >dashboard.yaml<<EOF |
创建基础配置文件
1 | # cat >dy_traefik.yaml<<EOF |
dy_teaefik.yaml 配置文件是放在 traefik对应node节点,目录建立对应的/opt/traefik/{conf,logs,certs}。需要进行动态更新的文件放在conf目录下面。dy_traefik.yaml文件放在node的/opt/traefik目录下面。
注:
- args: 都是静态参数
- –configfile: 是指定traefik启动时候加载的配置文件
- –providers.file.filename参数: 指定配置文件开启 File Provider
- –providers.file.watch=true 参数: 让 Traefik 动态更新配置
--providers.kubernetesingress这个参数可以开启,如果之前安装过traefik,也建立了一些traefik的ingress。就会自动的导入添加进来,这比较方便和实用。
执行创建
1 | # kubectl apply -f traefik.yaml |
测试
在conf下面建立一个rule.toml文件。配置一个灰度发布的规则,创建一个名为 Router0 的路由。在 web 这个入口点上面监听 Host=nginx.xxlaila.cn,将请求路由给名为 app 的服务。服务将请求路由给了 appv1 这个服务,权重为3,其他请求路由给了 appv2 服务,权重为2,创建nginx服务可以参考nginx资源部署
- rule.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44# cat >rule.toml<<EOF
[http]
[http.routers]
[http.routers.Router0]
namespace = "default"
entryPoints = ["web"]
service = "app"
rule = "Host(`nginx.xxlaila.cn`)"
[http.services]
[http.services.app]
[[http.services.app.weighted.services]]
name = "appv1"
weight = 3
[[http.services.app.weighted.services]]
name = "appv2"
weight = 2
[http.services.appv1]
[http.services.appv1.loadBalancer]
[[http.services.appv1.loadBalancer.servers]]
url = "http://appv1.default.svc.cluster.local:80/"
[http.services.appv2]
[http.services.appv2.loadBalancer]
[[http.services.appv2.loadBalancer.servers]]
url = "http://appv2.default.svc.cluster.local:80/"
[http.middlewares]
[http.middlewares.Middleware00]
[http.middlewares.Middleware00.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware01]
[http.middlewares.Middleware01.basicAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
realm = "foobar"
removeHeader = true
headerField = "foobar"
EOF
traefik会自动加载配置,http.middlewares 的配置可以删除和增加来测试是否动态配置是否生效。
这里进行5次请求,appv1 接受了3次请求,appv2 接受了两次请求
1 | # kubectl logs -f appv1-6f88c7b898-qx2pc nginx |
