前置条件
K3s集群环境: https://www.cnblogs.com/vpc123/articles/14021390.html
Helm部署: https://www.cnblogs.com/vpc123/articles/14322822.html
说明: 安装好k3s时,已默认安装好Tiller v2.16.8版本和traefik 1.81.0版本。
traefik面板暴露
编辑/var/lib/rancher/k3s/server/manifests/traefik.yaml文件,
helm文件中新增dashboard的value。全部内容如下:
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
valuesContent: |-
rbac:
enabled: true
ssl:
enabled: true
dashboard:
enabled: true
domain: "traefik.me.k3s"
metrics:
prometheus:
enabled: true
kubernetes:
ingressEndpoint:
useDefaultPublishedService: true
image: "rancher/library-traefik"
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
说明: 此yaml文件中,启用了dashboard,且使用了一个traefik.me.k3s域名访问。
当我们更新完此yaml文件之后,k3s会自动调用Helm(helm-install-traefik)来重新部署一次traefik(如果部署失败,需要检查配置文件)。
nginx实践用例
# 创建 demo 目录
mkdir -p /home/work/nginx-demo
cd /home/work/nginx-demo
- 创建命名空间 nginx-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ns-test
labels:
name: label-test
- 创建服务资源 nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: ns-test
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
- 创建访问服务 nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: ns-test
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
- 创建ingress nginx-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-nginx
namespace: ns-test
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: traefik.dracula.io
http:
paths:
- backend:
serviceName: nginx-service
servicePort: 80
集群服务验证
# 查看ingress
kubectl get ingress -A
# 配置 hosts 文件信息
vi /etc/hosts
194.156.133.84 traefik.dracula.io
194.156.133.84 traefik.me.k3s
扩展阅读
通过traefik访问nginx与通过nodeport直接访问Nginx的区别。
k8s的nodeport比较难管理
traefik是作为API网关代码,有更多的治理功能。nginx ingress,KONG,ambassador等都是类似的,但traefik实现最简单。