一、背景

1.?????rancher、kubernetes-dashboard等應(yīng)用需要通過https方式訪問，所以此次部署將開啟traefik對(duì)https的支持。

寧津網(wǎng)站制作公司哪家好，找創(chuàng)新互聯(lián)！從網(wǎng)頁設(shè)計(jì)、網(wǎng)站建設(shè)、微信開發(fā)、APP開發(fā)、響應(yīng)式網(wǎng)站建設(shè)等網(wǎng)站項(xiàng)目制作，到程序開發(fā)，運(yùn)營(yíng)維護(hù)。創(chuàng)新互聯(lián)2013年開創(chuàng)至今到現(xiàn)在10年的時(shí)間，我們擁有了豐富的建站經(jīng)驗(yàn)和運(yùn)維經(jīng)驗(yàn)，來保證我們的工作的順利進(jìn)行。專注于網(wǎng)站建設(shè)就選創(chuàng)新互聯(lián)。

2.?????基于之前的rancher HA是部署在cattle-system命名空間下的，所以此次同樣將traefik部署在cattle-system命名空間下，并且使用同樣的tls證書。

二、traefik部署

1.?創(chuàng)建RBAC策略，為service account授權(quán)

RBAC清單文件traefik-rbac.yaml如下：

--- apiVersion:?v1 kind:?ServiceAccount metadata: ??name:?traefik-ingress-controller ??namespace:?cattle-system --- kind:?ClusterRole apiVersion:?rbac.authorization.k8s.io/v1 metadata: ??name:?traefik-ingress-controller rules: ??-?apiGroups: ??????-?"" ????resources: ??????-?services ??????-?endpoints ??????-?secrets ????verbs: ??????-?get ??????-?list ??????-?watch ??-?apiGroups: ??????-?extensions ????resources: ??????-?ingresses ????verbs: ??????-?get ??????-?list ??????-?watch --- kind:?ClusterRoleBinding apiVersion:?rbac.authorization.k8s.io/v1 metadata: ??name:?traefik-ingress-controller roleRef: ??apiGroup:?rbac.authorization.k8s.io ??kind:?ClusterRole ??name:?traefik-ingress-controller subjects: -?kind:?ServiceAccount ??name:?traefik-ingress-controller ??namespace:?cattle-system

?應(yīng)用清單文件

[root@k8s-master03?traefik]#?kubectl?apply?-f?traefik-rbac.yaml serviceaccount/traefik-ingress-controller?created clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller?created clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller?created

2.?使用DamonSet控制器部署traefik

damonset清單文件traefik-ds.yaml如下：

--- kind:?ConfigMap apiVersion:?v1 metadata: ??name:?traefik-conf ??namespace:?cattle-system data: ??traefik.toml:?| ????insecureSkipVerify?=?true ????defaultEntryPoints?=?["http","https"] ????[entryPoints] ??????[entryPoints.http] ??????address?=?":80" ??????[entryPoints.https] ??????address?=?":443" ????????[entryPoints.https.tls] ??????????[[entryPoints.https.tls.certificates]] ??????????CertFile?=?"/ssl/tls.crt" ??????????KeyFile?=?"/ssl/tls.key" --- kind:?DaemonSet apiVersion:?extensions/v1beta1 metadata: ??name:?traefik-ingress-controller ??namespace:?cattle-system ??labels: ????k8s-app:?traefik-ingress-lb spec: ??template: ????metadata: ??????labels: ????????k8s-app:?traefik-ingress-lb ????????name:?traefik-ingress-lb ????spec: ??????serviceAccountName:?traefik-ingress-controller ??????terminationGracePeriodSeconds:?60 ??????hostNetwork:?true ??????volumes: ??????-?name:?ssl ????????secret: ??????????secretName:?tls-rancher-ingress ??????-?name:?config ????????configMap: ??????????name:?traefik-conf ??????containers: ??????-?image:?traefik ????????name:?traefik-ingress-lb ????????ports: ????????-?name:?http ??????????containerPort:?80 ??????????hostPort:?80 ????????-?name:?admin ??????????containerPort:?8080 ????????securityContext: ??????????privileged:?true ????????args: ????????-?--configfile=/config/traefik.toml ????????-?-d ????????-?--web ????????-?--kubernetes ????????volumeMounts: ????????-?mountPath:?"/ssl" ??????????name:?"ssl" ????????-?mountPath:?"/config" ??????????name:?"config" --- kind:?Service apiVersion:?v1 metadata: ??name:?traefik-ingress-service ??namespace:?cattle-system spec: ??selector: ????k8s-app:?traefik-ingress-lb ??ports: ????-?protocol:?TCP ??????port:?80 ??????name:?web ????-?protocol:?TCP ??????port:?8080 ??????name:?admin ????-?protocol:?TCP ??????port:?443 ??????name:?https ??#type:?NodePort

應(yīng)用清單文件

[root@k8s-master03?traefik]#?kubectl?apply?-f?traefik-ds.yaml configmap/traefik-conf?created daemonset.extensions/traefik-ingress-controller?created service/traefik-ingress-service?created

3.?為traefik UI配置轉(zhuǎn)發(fā)

ingress清單文件traefik-ui.yaml如下：

apiVersion:?v1 kind:?Service metadata: ??name:?traefik-web-ui ??namespace:?cattle-system spec: ??selector: ????k8s-app:?traefik-ingress-lb ??ports: ??-?name:?web ????port:?80 ????targetPort:?8080 --- apiVersion:?extensions/v1beta1 kind:?Ingress metadata: ??name:?traefik-web-ui ??namespace:?cattle-system spec: ??rules: ??-?host:?traefik-ui.sumapay.com ????http: ??????paths: ??????-?path:?/ ????????backend: ??????????serviceName:?traefik-web-ui ??????????servicePort:?web

應(yīng)用清單文件

[root@k8s-master03?traefik]#?kubectl?apply?-f?traefik-ui.yaml service/traefik-web-ui?created ingress.extensions/traefik-web-ui?created

?4.查看

[root@k8s-master01?~]#?kubectl?get?pods?-n?cattle-system NAME????????????????????????????????????READY???STATUS????RESTARTS???AGE cattle-cluster-agent-594b8f79bb-pgmdt???1/1?????Running???5??????????11d cattle-node-agent-lg44f?????????????????1/1?????Running???0??????????11d cattle-node-agent-zgdms?????????????????1/1?????Running???5??????????11d rancher2-9774897c-622sc?????????????????1/1?????Running???0??????????9d rancher2-9774897c-czxxx?????????????????1/1?????Running???0??????????9d rancher2-9774897c-sm2n5?????????????????1/1?????Running???1??????????9d traefik-ingress-controller-hj9nc????????1/1?????Running???0??????????142m traefik-ingress-controller-vxcgt????????1/1?????Running???0??????????142m ? [root@k8s-master01?~]#?kubectl?get?svc?-n?cattle-system??? NAME??????????????????????TYPE????????CLUSTER-IP??????EXTERNAL-IP???PORT(S)???????????????????AGE rancher2??????????????????ClusterIP???10.111.16.80????<none>????????80/TCP????????????????????9d traefik-ingress-service???ClusterIP???10.111.121.27???<none>????????80/TCP,8080/TCP,443/TCP???143m traefik-web-ui????????????ClusterIP???10.103.112.22???<none>????????80/TCP????????????????????136m ? [root@k8s-master01?~]#?kubectl?get?ingress?-n?cattle-system?? NAME?????????????HOSTS????????????????????ADDRESS???PORTS?????AGE rancher2?????????rancher.sumapay.com????????????????80,?443???9d traefik-web-ui???traefik-ui.sumapay.com?????????????80????????137m

將域名映射到外部負(fù)載均衡IP后，就可以通過域名訪問traefik UI和rancher HA服務(wù)了。

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

分享題目：部署traefik并實(shí)現(xiàn)http和https訪問-創(chuàng)新互聯(lián)
本文地址：http://chinadenli.net/article34/desjse.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供小程序開發(fā)、網(wǎng)站制作、自適應(yīng)網(wǎng)站、App開發(fā)、面包屑導(dǎo)航、軟件開發(fā)

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源： 創(chuàng)新互聯(lián)