k8s-Traefik-配置路由规则 ¶
1. 配置 HTTP 路由规则 ¶
1. 创建应用及服务资源清单文件并应用 ¶
001-traefik-http-deployment-whoami.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
namespace: default
labels:
app: traefiklabs
name: whoami
spec:
replicas: 2
selector:
matchLabels:
app: traefiklabs
task: whoami
template:
metadata:
labels:
app: traefiklabs
task: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: whoami
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoamitcp
namespace: default
labels:
app: traefiklabs
name: whoamitcp
spec:
replicas: 2
selector:
matchLabels:
app: traefiklabs
task: whoamitcp
template:
metadata:
labels:
app: traefiklabs
task: whoamitcp
spec:
containers:
- name: whoamitcp
image: traefik/whoamitcp
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: whoamitcp
namespace: default
spec:
ports:
- protocol: TCP
port: 8080
selector:
app: traefiklabs
task: whoamitcp
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoamiudp
namespace: default
labels:
app: traefiklabs
name: whoamiudp
spec:
replicas: 2
selector:
matchLabels:
app: traefiklabs
task: whoamiudp
template:
metadata:
labels:
app: traefiklabs
task: whoamiudp
spec:
containers:
- name: whoamiudp
image: traefik/whoamiudp:latest
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: whoamiudp
namespace: default
spec:
ports:
- port: 8080
protocol: UDP
selector:
app: traefiklabs
task: whoamiudp
1. 创建 001-traefik-http-deployment-whoami.yaml
kubectl apply -f 001-traefik-http-deployment-whoami.yaml
2. 查看创建的资源
kubectl get all
2. 创建 whoami 应用 ingress route 资源清单文件并应用 ¶
002-traefik-http-ingressroute-whoami.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: myingressroute
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`whoami.k8s.huichengcheng.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: whoami
port: 80
2. 创建资源
kubectl apply -f 002-traefik-http-ingressroute-whoami.yaml
2. 配置 HTTPS 路由规则 ¶
如果我们需要用 HTTPS 来访问我们这个应用的话,就需要监听 websecure 这个入口点,也就是通过默认 443 端口来访问,同样用 HTTPS 访问应用就需要证书
1. 创建应用及服务资源清单文件并应用 ¶
2. 创建 secret
kubectl create secret tls tencent-tls --cert=tls.crt --key=tls.key
003-traefik-https-ingressroute-whoami.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutetls
spec:
entryPoints:
- websecure
routes:
- match: Host(`tencent.k8s.huichengcheng.com`)
kind: Rule
services:
- name: whoami
port: 80
tls:
secretName: tencent-tls
3. 创建 route 资源
kubectl apply -f 003-traefik-https-ingressroute-whoami.yaml
3. 配置 TCP 路由规则 ¶
SNI 为服务名称标识,是 TLS 协议的扩展。因此,只有 TLS 路由才能使用该规则指定域名。但是,非 TLS 路由必须使用带有 * 的规则(每个域)来声明每个非 TLS 请求都将由路由进行处理。
1. 实验案例配置 ¶
004-whoami-ingressroutetcp.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcpwho
spec:
entryPoints:
- tcpep
routes:
- match: HostSNI(`*`)
services:
- name: whoamitcp
port: 8080
1. 创建 route 资源
kubectl apply -f 004-whoami-ingressroutetcp.yaml
2. 生产案例配置 MySQL 部署及 traefik 代理 ¶
1. 修改 traefik 相关配置 ¶
1. 修改 traefik-configmap.yaml ¶
003-traefik-configmap.yaml
1. 添加
mysql:
address: ":3312"
2. 修改 005-traefix-service.yaml ¶
005-traefix-service.yaml
1. 添加
- protocol: TCP
name: mysql
port: 3312
2. 部署 mysql 应用 ¶
关于端口的说明: traefik Pod:3312:3306(traefik Pod:k8s Node),3312 是 traefik 配置的 mysql 入口点的端口,3306 是 k8s Node 的端口,traefik 请求入口
1. 编写 mysql-configmap.yaml
1. 添加
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql
labels:
app: mysql
namespace: default
data:
my.cnf: |
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
skip-character-set-client-handshake = 1
default-storage-engine = INNODB
max_allowed_packet = 500M
explicit_defaults_for_timestamp = 1
long_query_time = 10
2. 编写 mysql-deploy.yaml
1. 添加
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: mysql
name: mysql
namespace: default
spec:
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_ROOT_PASSWORD
value: abc123
ports:
- containerPort: 3306
volumeMounts:
- mountPath: /var/lib/mysql
name: pv
- mountPath: /etc/mysql/conf.d/my.cnf
subPath: my.cnf
name: cm
volumes:
- name: pv
hostPath:
path: /opt/mysqldata
- name: cm
configMap:
name: mysql
3. 编写 mysql-service.yaml
1. 添加
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: default
spec:
ports:
- port: 3306
protocol: TCP
targetPort: 3306
selector:
app: mysql
3. 为 mysql 应用创建 ingressroute ¶
4. 编写 mysql-ingressroutetcp.yaml
1. 添加
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: mysql
namespace: default
spec:
entryPoints:
- mysql
routes:
- match: HostSNI(`*`)
services:
- name: mysql
port: 3306
1. 创建资源
kubectl apply -f mysql-configmap.yaml
kubectl apply -f mysql-deploy.yaml
kubectl apply -f mysql-service.yaml
kubectl apply -f mysql-ingressroutetcp.yaml
4. 验证 mysql 应用 ¶
1. 添加 hosts 解析 10.96.232.10 为 service IP
# tail -n 1 /etc/hosts
10.96.232.10 mysql.k8s.huichengcheng.com
2. 连接 mysql
mysql -h mysql.k8s.huichengcheng.com -uroot -pabc123 -P3306
2. 生产案例 Redis 部署及 traefik 代理 ¶
1. 修改 traefik 相关配置 ¶
1. 修改 traefik-configmap.yaml ¶
003-traefik-configmap.yaml
1. 添加
redis:
address: ":6379"
2. 修改 005-traefix-service.yaml ¶
005-traefix-service.yaml
1. 添加
- protocol: TCP
name: redis
port: 6379
3. 重新创建应用 ¶
1. 重新创建
kubectl delete -f 003-traefik-configmap.yaml && kubectl apply -f 003-traefik-configmap.yaml
kubectl delete -f 005-traefix-service.yaml && kubectl apply -f 005-traefix-service.yaml
2. 部署 redis 相关配置 ¶
1. 编写 redis-deployment.yaml
1. 添加
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: default
spec:
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:6.2.6
ports:
- containerPort: 6379
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: redis
3. 为 redis 应用创建 ingressroute ¶
4. 编写 redis-ingressroutetcp.yaml
1. 添加
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: redis
namespace: default
spec:
entryPoints:
- redis
routes:
- match: HostSNI(`*`)
services:
- name: redis
port: 6379
4. 验证 redis 应用 ¶
1. 添加 hosts 解析 10.96.232.10 为 service IP
# tail -n 1 /etc/hosts
10.96.14.53 redis.k8s.huichengcheng.com
2. 安装 redis-client
wget http://download.redis.io/releases/redis-3.2.8.tar.gz && tar xf redis-3.2.8.tar.gz && cd redis-3.2.8 && make
3. 连接 redis
./src/redis-cli -h redis.k8s.huichengcheng.com -p 6379
4. 配置 UDP 路由规则 ¶
1. 为 UDP 应用创建 ingressroute ¶
1. 编写 whoami-ingressrouteudp.yaml
1. 添加
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
name: ingressrouteudpwho
spec:
entryPoints:
- udpep
routes:
- services:
- name: whoamiudp
port: 8080
1. 创建应用
kubectl apply -f whoami-ingressrouteudp.yaml
2. 验证可用性 ¶
> kubectl get svc whoamiudp
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
whoamiudp ClusterIP 10.96.215.107 <none> 8080/UDP 31h
...
> echo "WHO" | socat - udp4-datagram:10.96.215.107:8080
Hostname: whoamiudp-686fbfcb49-rwv6n
IP: 127.0.0.1
IP: ::1
IP: 10.244.214.119
IP: fe80::5cad:38ff:fe36:b0df
...
> echo "othermessage" | socat - udp4-datagram:10.96.215.107:8080
Received: othermessage