我是靠谱客的博主 怕黑裙子,最近开发中收集的这篇文章主要介绍【k8s】集群14-traefik&Ingress1 traefik2 Ingress的前置负载nginx3 dns配置4 检验4 坑,觉得挺不错的,现在分享给大家,希望可以做个参考。
概述
这里写目录标题
- 1 traefik
- 1.1 准备traefik镜像
- 1.1.1 拉取alpine
- 1.1.2 创建entrypoint
- 1.1.3 创建Dockerfile
- 1.1.4 生成image
- 1.2 时间更改
- 1.2.1 创建Dockerfile
- 1.2.2 构建及推送镜像
- 1.3 准备资源配置清单
- 1.3.1 RBAC
- 1.3.2 Daemonset
- 1.3.3 Service
- 1.3.4 Ingress
- 1.4 应用配置清单
- 1.5 检查
- 1.6 宿主机端口
- 2 Ingress的前置负载nginx
- 3 dns配置
- 4 检验
- 4 坑
1 traefik
作为Ingress的controller
1.1 准备traefik镜像
由于时间不同步的问题 因此通过Dockerfile构建自己的traefik镜像
对象:h136
traefik版本1.7.30
1.1.1 拉取alpine
下面几个命令完成预先操作
mkdir /data/traefik
cd traefik
docker pull alpine:3.11
docker tag e389ae589224 harbor.od.com/public/alpine:v3.11
docker push harbor.od.com/public/alpine:v3.11
1.1.2 创建entrypoint
vim entrypoint.sh
#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- traefik "$@"
fi
# if our command is a valid Traefik subcommand, let's invoke it through Traefik instead
# (this allows for "docker run traefik version", etc)
if traefik "$1" --help >/dev/null 2>&1
then
set -- traefik "$@"
else
echo "= '$1' is not a Traefik command: assuming shell execution." 1>&2
fi
exec "$@"
1.1.3 创建Dockerfile
vim Dockerfile
FROM harbor.od.com/public/alpine:v3.11
RUN echo "Asia/shanghai" > /etc/timezone;ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN apk --no-cache add ca-certificates tzdata
RUN set -ex; apkArch="$(apk --print-arch)"; case "$apkArch" in armhf) arch='arm' ;; aarch64) arch='arm64' ;; x86_64) arch='amd64' ;; *) echo >&2 "error: unsupported architecture: $apkArch"; exit 1 ;; esac; wget --quiet -O /usr/local/bin/traefik "https://github.com/traefik/traefik/releases/download/v1.7.30/traefik_linux-$arch"; chmod +x /usr/local/bin/traefik
COPY entrypoint.sh /
EXPOSE 80
ENTRYPOINT ["/entrypoint.sh"]
CMD ["traefik"]
LABEL org.opencontainers.image.vendor=traefik org.opencontainers.image.url=https://traefik.io org.opencontainers.image.title=Traefik org.opencontainers.image.description=A_modern_reverse-proxy org.opencontainers.image.version=v1.7.30 org.opencontainers.image.documentation=https://docs.traefik.io
1.1.4 生成image
在这里插入代码片
1.2 时间更改
由于从dockerhub拉取的镜像时区是utc的,生产实际还是要用cst因此重新构建一下traefik
1.2.1 创建Dockerfile
vim Dockerfile
FROM harbor.od.com/public/traefik:v1.7.30
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime;echo "Asia/shanghai" > /etc/timezone
1.2.2 构建及推送镜像
docker build -f /root/hehe/Dockerfile . -t traefik_time
docker tag traefik_time harbor.od.com/public/traefik:v1.7.30-alpine
docker push harbor.od.com/public/traefik:v1.7.30-alpine
1.3 准备资源配置清单
资源配置清单的样例在github的traefik/traefik下,可自行查找
例:安装的是1.7.30版本,对应清单样例在github下面路径(一开始安装的是1.7.2版本但是报错,因此更换了高版本)
1.3.1 RBAC
vim /data/k8s-yaml/traefik/rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
1.3.2 Daemonset
vim /data/k8s-yaml/traefik/ds.yaml
注意最后2行的,imagePullSecret用到的regcred-kube-system是在【k8s】集群13一文中创建,创建方法可以去看
下面的TZ和accesslog.fields.names参数设置,可以改变access_log内日志的时间标识为东八区
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
selector:
matchLabels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: harbor.od.com/public/traefik:v1.7.30-alpine
name: traefik-ingress-lb
env:
- name: TZ
value: Asia/Shanghai
ports:
- name: controller
containerPort: 80
hostPort: 81
- name: admin-web
containerPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
- --insecureskipverify=true
- --kubernetes.endpoint=https://192.168.146.130:7443
- --accesslog
- --accesslog.filepath=/var/log/traefik_access.log
- --accesslog.fields.names="StartLocal=keep StartUTC=drop"
- --traefiklog
- --traefiklog.filepath=/var/log/traefik.log
- --metrics.prometheus
imagePullSecrets:
- name: regcred-kube-system
##---
##kind: Service
##apiVersion: v1
##metadata:
## name: traefik-ingress-service
## namespace: kube-system
##spec:
## selector:
## k8s-app: traefik-ingress-lb
## ports:
## - protocol: TCP
## port: 80
## name: web
## - protocol: TCP
## port: 8080
## name: admin
1.3.3 Service
vim /data/k8s-yaml/traefik/svc.yaml
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: controller
- protocol: TCP
port: 8080
name: admin-web
1.3.4 Ingress
vim /data/k8s-yaml/traefik/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
#traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- host: traefik.od.com
http:
paths:
- path: /
backend:
serviceName: traefik-ingress-service
servicePort: 8080
1.4 应用配置清单
任意kubectl node节点,这里是h134
[root@h134 cert]# kubectl apply -f http://k8s-yaml.od.com/traefik/rbac.yaml
serviceaccount/traefik-ingress-controller created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created
[root@h134 cert]# kubectl apply -f http://k8s-yaml.od.com/traefik/ds.yaml
daemonset.apps/traefik-ingress created
[root@h134 cert]# kubectl apply -f http://k8s-yaml.od.com/traefik/svc.yaml
service/traefik-ingress-service created
[root@h134 cert]# kubectl apply -f http://k8s-yaml.od.com/traefik/ingress.yaml
ingress.extensions/traefik-web-ui created
1.5 检查
[root@h134 cert]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-65cc6c5f86-ws2ws 1/1 Running 2 7d3h
traefik-ingress-87h5v 1/1 Running 0 4m3s
traefik-ingress-w2krn 1/1 Running 0 4m3s
[root@h134 cert]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 192.168.0.2 <none> 53/UDP,53/TCP,9153/TCP 7d3h
traefik-ingress-service ClusterIP 192.168.23.208 <none> 80/TCP,8080/TCP 16m
1.6 宿主机端口
在h134、h135上的的监听端口为81,该端口在ds.yaml中定义
2 Ingress的前置负载nginx
对象h132,h133
vim /etc/nginx/conf.d/proxy.conf
upstream default_backend_traefik {
server 192.168.146.134:81 max_fails=3 fail_timeout=10s;
server 192.168.146.135:81 max_fails=3 fail_timeout=10s;
}
server {
server_name *.od.com;
location / {
proxy_pass http://default_backend_traefik;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
重启nginx
nginx -s reload
3 dns配置
对象h132
vim /var/named/od.com.zone 添加最后一条A记录
$ORIGIN od.com.
$TTL 600
@ IN SOA dns.od.com. dnsadmin.od.com. (
2021063104 ; serial
10800 ; refresh
900 ; retry
604800 ; expire
86400 ) ; minimum
NS dns.od.com.
$TTL 60
dns IN A 192.168.146.132
harbor IN A 192.168.146.136
k8s-yaml IN A 192.168.146.136
traefik IN A 192.168.146.130
4 检验
现在windows主机的C:WindowsSystem32driversetchosts下添加
192.168.146.130 traefik.od.com
访问traefik页面
http://traefik.od.com/
4 坑
看traefik docker的日志 和认证有关 192.168.146.132 7443
traefik access_log时间问题 在ds.yaml中添加TZ=Asia/Shanghai
–accesslog.fields.names=‘StartLocal=keep StartUTC=drop’
最后
以上就是怕黑裙子为你收集整理的【k8s】集群14-traefik&Ingress1 traefik2 Ingress的前置负载nginx3 dns配置4 检验4 坑的全部内容,希望文章能够帮你解决【k8s】集群14-traefik&Ingress1 traefik2 Ingress的前置负载nginx3 dns配置4 检验4 坑所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复