kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问

背景:kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问
1.安装traefik ingress
cat > traefik-ingress.yaml <<EOF

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-ingress-controller
rules:

  • apiGroups:
    • ""
      resources:
    • pods
    • services
    • endpoints
    • secrets
      verbs:
    • get
    • list
    • watch
  • apiGroups:
    • extensions
      resources:
    • ingresses
      verbs:
    • get
    • list
    • watch

      kind: ClusterRoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
      name: traefik-ingress-controller
      roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: traefik-ingress-controller
      subjects:

      • kind: ServiceAccount
        name: traefik-ingress-controller
        namespace: c7n-system

        apiVersion: v1
        kind: ServiceAccount
        metadata:
        name: traefik-ingress-controller
        namespace: c7n-system

        kind: Deployment
        apiVersion: apps/v1beta1
        metadata:
        name: traefik-ingress-controller
        namespace: c7n-system
        labels:
        k8s-app: traefik-ingress-lb
        spec:
        replicas: 1
        selector:
        matchLabels:
        k8s-app: traefik-ingress-lb
        template:
        metadata:
        labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
        spec:
        serviceAccountName: traefik-ingress-controller
        terminationGracePeriodSeconds: 60
        containers:

    • image: traefik:v1.7.4
      imagePullPolicy: IfNotPresent
      name: traefik-ingress-lb
      args:
      • --api
      • --kubernetes
      • --logLevel=INFO

        kind: Service
        apiVersion: v1
        metadata:
        name: traefik-ingress-service
        namespace: c7n-system
        spec:
        selector:
        k8s-app: traefik-ingress-lb
        ports:

      • protocol: TCP

        该端口为 traefik ingress-controller的服务端口

        port: 80

        集群hosts文件中设置的 NODE_PORT_RANGE 作为 NodePort的可用范围

        从默认20000~40000之间选一个可用端口,让ingress-controller暴露给外部的访问

        nodePort: 23456
        name: web

      • protocol: TCP

        该端口为 traefik 的管理WEB界面

        port: 8080
        name: admin
        type: NodePort
        EOF

2.查看k8s集群配置微服务svc
kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问

3.配置raefik ingress后端f服务
cat > traefik-choerodon.yaml <<EOF

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: choerodon-xiongxj
namespace: c7n-system
spec:
rules:

  • host: choerodon.maimailoan.cn
    http:
    paths:
    • path: /api-gateway
      backend:
      serviceName: api-gateway
      servicePort: 8080
    • path: /c7n-slaver
      backend:
      serviceName: c7n-slaver
      servicePort: 80
    • path: /chartmuseum-chartmuseum
      backend:
      serviceName: chartmuseum-chartmuseum
      servicePort: 8080
    • path: /choerodon-front
      backend:
      serviceName: choerodon-front
      servicePort: 80
    • path: /config-server
      backend:
      serviceName: config-server
      servicePort: 8010
    • path: /devops-service
      backend:
      serviceName: devops-service
      servicePort: 8060
    • path: /gitlab
      backend:
      serviceName: gitlab
      servicePort: 80
    • path: /harbor
      backend:
      serviceName: harbor-harbor-ui
      servicePort: 80
    • path: /minio
      backend:
      serviceName: minio-svc
      servicePort: 9000
    • path: /xwiki
      backend:
      serviceName: xwiki
      servicePort: 8080
      EOF
      4.查看ingress详情
      kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问

5.访问
kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问

上一篇:kubernetes-traefik(二十一)


下一篇:Nginx背后是Traefik Docker Swarm模式真正的ip