## 简介
[官方文档](https://traefik.io/)
[中文文档](https://traefik.cn/)
Træfɪk 是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。 它支持多种后台 (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) 来自动化、动态的应用它的配置文件设置。
假设你已经在你的基础设施上部署了一堆微服务。你可能使用了一个服务发现系统(例如 etcd 或 consul)或者一个资源管理框架(swarm,Mesos/Marathon)来管理所有这些服务。 如果你想让你的用户去从互联网访问你的某些微服务, 你就必需使用虚拟hosts或前缀路径来配置一个反向代理:
域名 `api.domain.com` 将指向你的私有网络中的微服务 `api`
路径 `domain.com/web` 将指向你的私有网络中的微服务 `web`
域名 `backoffice.domain.com` 将指向你的私有网络中的微服务 `backoffice` ,在你的多台实例之间负载均衡
但一个微服务的结构时动态的。。。 服务在会经常被添加、移除、杀死或更新,可能一天之内就会发生许多次。
传统的反向代理原生不支持动态配置。你不可能轻易的通过热更新更改它们的配置。
这时,Træfɪk就诞生了。
![](https://docs.traefik.cn/frontend_doc/images/architecture.png)
Træfɪk 可以监听你的服务发现、管理API,并且每当你的微服务被添加、移除、杀死或更新都会被感知,并且可以自动生成它们的配置文件。 指向到你服务的路由将会被直接创建出来。
## 部署traefik
```
$ cat traefik-insecure.yaml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: traefik-conf
namespace: kube-system
data:
traefik.toml: |
insecureSkipVerify = true
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
terminationGracePeriodSeconds: 60
hostNetwork: true
volumes:
- name: config
configMap:
name: traefik-conf
containers:
- image: registry.cn-shanghai.aliyuncs.com/mydlq/traefik:1.7.10
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
securityContext:
privileged: true
args:
- --configfile=/config/traefik.toml
- -d
- --web
- --kubernetes
volumeMounts:
- mountPath: "/config"
name: "config"
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
- protocol: TCP
port: 443
name: https
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: ingress.multi.io
http:
paths:
- backend:
serviceName: traefik-web-ui
servicePort: 80
```
- 部署
```
kubectl apply -f traefik-insecure.yaml
```
查看kube-system下的ingress
```
kubectl -n kube-system get ingresses.extensions traefik-web-ui
NAME HOSTS ADDRESS PORTS AGE
traefik-web-ui ingress.multi.io 80 4m6s
```
本地配置`ingress.multi.io`的hosts即可访问traefik的web Dashboard
## 部署测试服务
- 部署一个nginx服务
```
$ cat nginx-deploy.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.11.3
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
labels:
app: nginx-svc
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
```
- 部署一个tomcat服务
```
$ cat tomcat-deploy.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tomcat
labels:
app: tomcat
spec:
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: tomcat
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-svc
labels:
app: tomcat-svc
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tomcat
```
- 配置服务的ingress
```
cat ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: ingress.nginx.io # 访问的域名
http:
paths:
- backend:
serviceName: nginx-service 对应服务的service
servicePort: 80 # 对应service的端口
- host: ingress.tomcat.io
http:
paths:
- backend:
serviceName: tomcat-svc
servicePort: 8080
```
如果服务不是默认的namespace,需要单独使用一个ingress文件,在其中配置加入namespace配置
```
kubectl apply -f ingress.yaml
```
可以通过Dashboard查看对应的服务的情况
![](https://carey-akhack-com.oss-cn-hangzhou.aliyuncs.com/images/20190509/2.png)
- kubernetes基础
- 安装kubernetes
- kubeadm平滑升级群集
- Taint和Toleration
- 使用HostAliases向Pod /etc/hosts 文件添加条目
- ConfigMap
- 插件
- 支持外部dns
- 安装helm
- HPA
- 存储
- 本地存储
- 网络存储
- Secret
- ConfigMap
- QA
- k8s使用时需要注意的坑点
- 容器中的JVM资源该如何被安全的限制
- 项目实践
- eureka集群
- Traefik ingress服务发现与负载均衡
- etcd数据备份与恢复
- deployment滚动升级与回滚
- 监控
- prometheus operator初体验
- prometheus-operator监控
- metrics-server监控kubernetes资源
- weave scope可视化监控