traefik 中间件 MiddleWare ¶
traefik 中间件介绍 MiddleWare ¶
中间件是 Traefik2.0 中一个非常有特色的功能,我们可以根据自己的各种需求去选择不同的中间件来满足服务,Traefik 官方已经内置了许多不同功能的中间件,其中包括修改请求头信息;重定向;身份验证等等,而且中间件还可以通过链式组合的方式来适用各种情况。例如:强制跳转https、去除访问前缀、访问白名单等。
traefik 中间件应用案例 ipWhiteList ¶
在工作中,有一些 URL 并不希望对外暴露,比如 prometheus、grafana 等,我们就可以通过白名单 IP 来过到要求,可以使用 Traefix 中的 ipWhiteList 中间件来完成。
001-deploy-service.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx-web-middleware
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: middle
template:
metadata:
labels:
app: middle
spec:
containers:
- name: nginx-web-c
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: service-middle
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: middle
002-middleware-ipwhitelist.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: gs-ipwhitelist
spec:
ipWhiteList:
sourceRange:
- 127.0.0.1
- 10.244.0.0/16
- 10.96.0.0/12
- 192.168.10.0/24
003-deploy-service-middle.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutemiddle
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`middleware.k8s.huichengcheng.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: service-middle
port: 80
namespace: default
middlewares:
- name: gs-ipwhitelist
1. 创建资源 ¶
kubectl apply -f 001-deploy-service.yaml
kubectl apply -f 002-middleware-ipwhitelist.yaml
kubectl apply -f 003-deploy-service-middle.yaml
2. 在集群之外的主机上验证可用性 ¶
1. 添加 hosts 解析 10.96.232.10 为 service IP
# tail -n 1 /etc/hosts
10.96.138.87 middleware.k8s.huichengcheng.com
> kubectl get svc whoamiudp
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
whoamiudp ClusterIP 10.96.215.107 <none> 8080/UDP 31h
...
> echo "WHO" | socat - udp4-datagram:10.96.215.107:8080
Hostname: whoamiudp-686fbfcb49-rwv6n
IP: 127.0.0.1
IP: ::1
IP: 10.244.214.119
IP: fe80::5cad:38ff:fe36:b0df
...
> echo "othermessage" | socat - udp4-datagram:10.96.215.107:8080
Received: othermessage