8.kubernetes部署-traefik网络

发布时间:2018年06月07日 阅读:698 次

共有三个yml文件分为:

traefik-deploy.yaml  traefik-rbac.yaml  traefik-web-ui-ingress.yaml

部署traefik

vim   traefik-deploy.yml

apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8580
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: traefik-ingress-lb
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      restartPolicy: Always
      serviceAccountName: ingress
      nodeSelector:
        LB: traefik
      containers:
      - image: traefik
        name: traefik-ingress-lb
        resources:
          limits:
            cpu: 1024m
            memory: 150Mi
          requests:
            cpu: 500m
            memory: 100Mi
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
                - name: https
                    containerPort: 443
                    hostPort: 443          
        - name: admin
          containerPort: 8580
          hostPort: 8580
        args:
        - --web
        - --web.address=:8580
        - --kubernetes
部署认证rbac
vim  traefik-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress
  namespace: kube-system

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ingress
subjects:
  - kind: ServiceAccount
    name: ingress
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
  
部署traefik的图形界面的ingress
vim   traefik-web-ui-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  rules:
  - host: traefik.test.com                #要访问的主机名,也就是往外反向代理的主机名
    http:
      paths:
      - path: /                           #访问路径
        backend:                          #后端的service指向
          serviceName: traefik-web-ui     #这个是traefik的service名称,一定是这个
          servicePort: web                #这个是traefik的service端口,一定是这个
          
开始创建

kubectl   create  -f  .


把上面的host:traefik.test.com 改你本地的host来访问就可以了!

xxxx.png

1.要各个节点都能域名解析访问入口的话traefik做成NodePort,这样就就算一个节点挂了,其他节点一样能放的到,这个适合于HA架构的,普通集群模式master挂了就算完了,有多少个node也没用
2.把traefik绑定到一个节点上,不适用NodePort,域名解析只用这个节点  
方法:打标签
kubectl label nodes 192.168.10.1  LB=traefik    在node上打了 LB=traefik的标签
在traefik的deploy的yml文件里写入标签

在container的上面再spec里写就把traefik pod固定在指定的node上了
nodeSelector:
  LB: traefik

LB.png

Tag:kubernetes docker container
相关文章

发表评论: