一、背景

1.?????rancher、kubernetes-dashboard等應(yīng)用需要通過https方式訪問，所以此次部署將開啟traefik對https的支持。

公司主營業(yè)務(wù)：成都網(wǎng)站建設(shè)、成都做網(wǎng)站、移動網(wǎng)站開發(fā)等業(yè)務(wù)。幫助企業(yè)客戶真正實現(xiàn)互聯(lián)網(wǎng)宣傳，提高企業(yè)的競爭能力。成都創(chuàng)新互聯(lián)是一支青春激揚、勤奮敬業(yè)、活力青春激揚、勤奮敬業(yè)、活力澎湃、和諧高效的團(tuán)隊。公司秉承以“開放、自由、嚴(yán)謹(jǐn)、自律”為核心的企業(yè)文化，感謝他們對我們的高要求，感謝他們從不同領(lǐng)域給我們帶來的挑戰(zhàn)，讓我們激情的團(tuán)隊有機(jī)會用頭腦與智慧不斷的給客戶帶來驚喜。成都創(chuàng)新互聯(lián)推出梁河免費做網(wǎng)站回饋大家。

2.?????基于之前的rancher HA是部署在cattle-system命名空間下的，所以此次同樣將traefik部署在cattle-system命名空間下，并且使用同樣的tls證書。

二、traefik部署

1.?創(chuàng)建RBAC策略，為service account授權(quán)

????????????RBAC清單文件traefik-rbac.yaml如下：

---
apiVersion:?v1
kind:?ServiceAccount
metadata:
??name:?traefik-ingress-controller
??namespace:?cattle-system
---
kind:?ClusterRole
apiVersion:?rbac.authorization.k8s.io/v1
metadata:
??name:?traefik-ingress-controller
rules:
??-?apiGroups:
??????-?""
????resources:
??????-?services
??????-?endpoints
??????-?secrets
????verbs:
??????-?get
??????-?list
??????-?watch
??-?apiGroups:
??????-?extensions
????resources:
??????-?ingresses
????verbs:
??????-?get
??????-?list
??????-?watch
---
kind:?ClusterRoleBinding
apiVersion:?rbac.authorization.k8s.io/v1
metadata:
??name:?traefik-ingress-controller
roleRef:
??apiGroup:?rbac.authorization.k8s.io
??kind:?ClusterRole
??name:?traefik-ingress-controller
subjects:
-?kind:?ServiceAccount
??name:?traefik-ingress-controller
??namespace:?cattle-system

???????? ?應(yīng)用清單文件

[root@k8s-master03?traefik]#?kubectl?apply?-f?traefik-rbac.yaml
serviceaccount/traefik-ingress-controller?created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller?created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller?created

2.?使用DamonSet控制器部署traefik

????????????damonset清單文件traefik-ds.yaml如下：

---
kind:?ConfigMap
apiVersion:?v1
metadata:
??name:?traefik-conf
??namespace:?cattle-system
data:
??traefik.toml:?|
????insecureSkipVerify?=?true
????defaultEntryPoints?=?["http","https"]
????[entryPoints]
??????[entryPoints.http]
??????address?=?":80"
??????[entryPoints.https]
??????address?=?":443"
????????[entryPoints.https.tls]
??????????[[entryPoints.https.tls.certificates]]
??????????CertFile?=?"/ssl/tls.crt"
??????????KeyFile?=?"/ssl/tls.key"
---
kind:?DaemonSet
apiVersion:?extensions/v1beta1
metadata:
??name:?traefik-ingress-controller
??namespace:?cattle-system
??labels:
????k8s-app:?traefik-ingress-lb
spec:
??template:
????metadata:
??????labels:
????????k8s-app:?traefik-ingress-lb
????????name:?traefik-ingress-lb
????spec:
??????serviceAccountName:?traefik-ingress-controller
??????terminationGracePeriodSeconds:?60
??????hostNetwork:?true
??????volumes:
??????-?name:?ssl
????????secret:
??????????secretName:?tls-rancher-ingress
??????-?name:?config
????????configMap:
??????????name:?traefik-conf
??????containers:
??????-?image:?traefik
????????name:?traefik-ingress-lb
????????ports:
????????-?name:?http
??????????containerPort:?80
??????????hostPort:?80
????????-?name:?admin
??????????containerPort:?8080
????????securityContext:
??????????privileged:?true
????????args:
????????-?--configfile=/config/traefik.toml
????????-?-d
????????-?--web
????????-?--kubernetes
????????volumeMounts:
????????-?mountPath:?"/ssl"
??????????name:?"ssl"
????????-?mountPath:?"/config"
??????????name:?"config"
---
kind:?Service
apiVersion:?v1
metadata:
??name:?traefik-ingress-service
??namespace:?cattle-system
spec:
??selector:
????k8s-app:?traefik-ingress-lb
??ports:
????-?protocol:?TCP
??????port:?80
??????name:?web
????-?protocol:?TCP
??????port:?8080
??????name:?admin
????-?protocol:?TCP
??????port:?443
??????name:?https
??#type:?NodePort

????????????應(yīng)用清單文件

[root@k8s-master03?traefik]#?kubectl?apply?-f?traefik-ds.yaml
configmap/traefik-conf?created
daemonset.extensions/traefik-ingress-controller?created
service/traefik-ingress-service?created

3.?為traefik UI配置轉(zhuǎn)發(fā)

????????????ingress清單文件traefik-ui.yaml如下：

apiVersion:?v1
kind:?Service
metadata:
??name:?traefik-web-ui
??namespace:?cattle-system
spec:
??selector:
????k8s-app:?traefik-ingress-lb
??ports:
??-?name:?web
????port:?80
????targetPort:?8080
---
apiVersion:?extensions/v1beta1
kind:?Ingress
metadata:
??name:?traefik-web-ui
??namespace:?cattle-system
spec:
??rules:
??-?host:?traefik-ui.sumapay.com
????http:
??????paths:
??????-?path:?/
????????backend:
??????????serviceName:?traefik-web-ui
??????????servicePort:?web

????????????應(yīng)用清單文件

[root@k8s-master03?traefik]#?kubectl?apply?-f?traefik-ui.yaml
service/traefik-web-ui?created
ingress.extensions/traefik-web-ui?created

?4.查看

[root@k8s-master01?~]#?kubectl?get?pods?-n?cattle-system
NAME????????????????????????????????????READY???STATUS????RESTARTS???AGE
cattle-cluster-agent-594b8f79bb-pgmdt???1/1?????Running???5??????????11d
cattle-node-agent-lg44f?????????????????1/1?????Running???0??????????11d
cattle-node-agent-zgdms?????????????????1/1?????Running???5??????????11d
rancher2-9774897c-622sc?????????????????1/1?????Running???0??????????9d
rancher2-9774897c-czxxx?????????????????1/1?????Running???0??????????9d
rancher2-9774897c-sm2n5?????????????????1/1?????Running???1??????????9d
traefik-ingress-controller-hj9nc????????1/1?????Running???0??????????142m
traefik-ingress-controller-vxcgt????????1/1?????Running???0??????????142m
?
[root@k8s-master01?~]#?kubectl?get?svc?-n?cattle-system???
NAME??????????????????????TYPE????????CLUSTER-IP??????EXTERNAL-IP???PORT(S)???????????????????AGE
rancher2??????????????????ClusterIP???10.111.16.80????<none>????????80/TCP????????????????????9d
traefik-ingress-service???ClusterIP???10.111.121.27???<none>????????80/TCP,8080/TCP,443/TCP???143m
traefik-web-ui????????????ClusterIP???10.103.112.22???<none>????????80/TCP????????????????????136m
?
[root@k8s-master01?~]#?kubectl?get?ingress?-n?cattle-system??
NAME?????????????HOSTS????????????????????ADDRESS???PORTS?????AGE
rancher2?????????rancher.sumapay.com????????????????80,?443???9d
traefik-web-ui???traefik-ui.sumapay.com?????????????80????????137m

?

將域名映射到外部負(fù)載均衡IP后，就可以通過域名訪問traefik UI和rancher HA服務(wù)了。

網(wǎng)頁標(biāo)題：部署traefik并實現(xiàn)http和https訪問
轉(zhuǎn)載注明：http://jinyejixie.com/article14/gpgcge.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供關(guān)鍵詞優(yōu)化、網(wǎng)頁設(shè)計公司、商城網(wǎng)站、移動網(wǎng)站建設(shè)、品牌網(wǎng)站設(shè)計、網(wǎng)站設(shè)計公司

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源： 創(chuàng)新互聯(lián)