traefik 工作原理
參考:https://blog.csdn.net/weixin_38320674/article/details/106632320
1. 應用服務釋出
1.1 自實作web服務myapp
服務是一個簡單的springboot web服務,隻提供一個對外的controller,具體的代碼有:
@Slf4j
@Controller
public class TestController {
@GetMapping("/test")
@ResponseBody
public Response<String> test() {
return new Response<>(0, "ok", "test return");
}
@GetMapping("/{path}/test")
@ResponseBody
public Response<String> pathTest(@PathVariable String path) {
log.info("path variable is {}", path);
return new Response<>(0, "ok", path);
}
}
@Data
public class Response<T> {
private int code;
private String msg;
private T data;
public Response(int code, String msg, T data){
this.code = code;
this.msg = msg;
this.data = data;
}
}
因為伺服器上滅有安裝Java運作環境,是以建構鏡像的時候,将jdk環境一同建構成一個可運作的鏡像。 建構鏡像的DockerFile
FROM adoptopenjdk/openjdk8-openj9:alpine-slim
ADD ./webdemon.jar webdemon.jar
ENTRYPOINT [ \
"java", \
"-XX:MetaspaceSize=256m", \
"-XX:MaxMetaspaceSize=256m", \
"-Xms512m", \
"-Xmx5128m", \
"-Xmn256m", \
"-Xss256k", \
"-XX:SurvivorRatio=8", \
"-XX:+UseConcMarkSweepGC", \
"-Duser.timezone=GMT+08", \
"-Djava.security.egd=file:/dev/./urandom", \
"-jar", \
"/webdemon.jar", \
"--spring.profiles.active=prod" \
]
可運作的服務jar:鏡像
釋出服務:vim appdemon-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
env: test
spec:
containers:
- name: appdemon
image: myapp:v1.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8088
vim appdemon-service.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: kube-system
spec:
selector:
app: myapp
ports:
- name: http
protocol: TCP
port: 9088
targetPort: 8088
執行kubectl apply -f 後,能看到服務應用正常啟動:
2. 安裝traefik
配置rabc.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
配置pod,這裡将伺服器的81端口映射到traefik controller的80端口,并且啟動一個traefik-ui的服務,用于檢視流量分發情況
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: traefik-ingress
namespace: kube-system
labels:
k8s-app: traefik-ingress
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress
name: traefik-ingress
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.7.2
name: traefik-ingress
ports:
- name: controller
containerPort: 80
hostPort: 81
- name: admin-web
containerPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
- --insecureskipverify=true
- --kubernetes.endpoint=https://172.17.0.4:6443
- --accesslog
- --accesslog.filepath=/var/log/traefik_access.log
- --traefiklog
- --traefiklog.filepath=/var/log/traefik.log
- --metrics.prometheus
釋出服務:
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress
ports:
- protocol: TCP
port: 80
name: controller
- protocol: TCP
port: 8080
name: admin-web
type: NodePort
3. 配置traefik流量轉發
這裡配置了3個轉發路徑,根路徑通路的是traefik的ui界面,/test路徑通路的是提供的demon服務。因為伺服器直接IP通路,是以沒有配置host,預設會放過所有的流量。這裡流量進入會通過前端加載一個Nginx,是以controller上面的端口也是映射成81,80端口留給了Nginx。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: traefik-ingress-service
servicePort: 8080
- path: /test
backend:
serviceName: myapp
servicePort: 9088
- path: /new
backend:
serviceName: myapp
servicePort: 9088
4. 驗證
浏覽器通路:ip:81/dashboard/
