🔥码云GVP开源项目 12k star Uniapp+ElementUI 功能强大 支持多语言、二开方便! 广告
### ingress介绍 Ingress是k8s API的标准资源类型之一,也是一种核心资源,它其实就是一组基于域名和URL路径,把用户的请求转发至指定service资源的规则,可以将集群外部的请求流量转发至集群内部,从而实现“服务暴露”。 ingress控制器是能够为ingress资源监听某套接字,然后根据ingress规则匹配机制路由调度流量的一个组件。 说白了,ingress就是个简化版nginx+一段go脚本而已。 #### 下载地址 https://github.com/traefik/traefik/releases ``` docker pull traefik:v1.7.2-alpine docker tag add5fac61ae5 harbor.od.com/public/traefik:v1.7.2 docker push harbor.od.com/public/traefik:v1.7.2 ``` #### 资源配置清单位置 https://github.com/traefik/traefik/tree/v1.7/examples/k8s ![](https://img.kancloud.cn/e6/10/e610e674dad0c34200fae4a49d2e5b05_1976x1045.png) [root@hdss7-200 traefik]# cat rbac.yaml ``` apiVersion: v1 kind: ServiceAccount metadata: name: traefik-ingress-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: traefik-ingress-controller rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system ``` [root@hdss7-200 traefik]# cat ds.yaml ``` apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: traefik-ingress namespace: kube-system labels: k8s-app: traefik-ingress spec: template: metadata: labels: k8s-app: traefik-ingress name: traefik-ingress spec: serviceAccountName: traefik-ingress-controller terminationGracePeriodSeconds: 60 containers: - image: harbor.od.com/public/traefik:v1.7.2 name: traefik-ingress ports: - name: controller containerPort: 80 hostPort: 81 - name: admin-web containerPort: 8080 securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE args: - --api - --kubernetes - --logLevel=INFO - --insecureskipverify=true - --kubernetes.endpoint=https://10.4.7.10:7443 - --accesslog - --accesslog.filepath=/var/log/traefik_access.log - --traefiklog - --traefiklog.filepath=/var/log/traefik.log - --metrics.prometheus ``` [root@hdss7-200 traefik]# cat svc.yaml ``` kind: Service apiVersion: v1 metadata: name: traefik-ingress-service namespace: kube-system spec: selector: k8s-app: traefik-ingress ports: - protocol: TCP port: 80 name: controller - protocol: TCP port: 8080 name: admin-web ``` [root@hdss7-200 traefik]# cat ingress.yaml ``` apiVersion: extensions/v1beta1 kind: Ingress metadata: name: traefik-web-ui namespace: kube-system annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: traefik.od.com http: paths: - path: / backend: serviceName: traefik-ingress-service servicePort: 8080 ``` #### 启动服务 ``` kubectl apply -f http://k8s-yaml.od.com/traefik/traefik-rbac.yaml kubectl apply -f http://k8s-yaml.od.com/traefik/traefik-ds.yaml kubectl create -f http://k8s-yaml.od.com/traefik/svc.yaml kubectl apply -f http://k8s-yaml.od.com/traefik/traefik-ingress.yaml ``` #### nginx配置反代 需要在HDSS-71和HDSS-72两台主机上的nginx配置 ``` vi /etc/nginx/conf.d/od.com.conf upstream default_backend_traefik { server 10.4.7.21:81 max_fails=3 fail_timeout=10s; server 10.4.7.22:81 max_fails=3 fail_timeout=10s; } server { server_name *.od.com; location / { proxy_pass http://default_backend_traefik; proxy_set_header Host $http_host; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; } } ``` #### dns添加一条A记录 ``` traefik A 10.4.7.10 systemctl restart named dig -t A traefik.od.com @10.4.7.11 +short 10.4.7.11 ``` #### 浏览器直接访问:http://traefik.od.com ![](https://img.kancloud.cn/aa/f6/aaf696be4d86d534b17f23205b052567_890x324.png)