干货 | 京东云Kubernetes集群+Traefik实战
摘要
Traefik支持丰富的annotations配置,可配置众多出色的特性,例如:自动熔断、负载均衡策略、黑名单、白名单。所以Traefik对于微服务来说简直就是一神器。
利用Traefik,并结合京东云Kubernetes集群及其他云服务(RDS,NAS,OSS,块存储等),可快速构建弹性扩展的微服务集群。
Traefik是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。它支持多种后台(Kubernetes,Docker,Swarm,Marathon,Mesos,Consul,Etcd,Zookeeper等)。
本文大致步骤如下:
Kubernetes权限配置(RBAC);
Traefik部署;
创建三个实例服务;
生成Ingress规则,并通过PATH测试通过Traefik访问各个服务;
Traefik配置域名及TLS证书,并实现HTTP重定向到HTTS。
本文部署Traefik使用到的Yaml文件均基于Traefik官方实例,并为适配京东云Kubernetes集群做了相关修改:
https://github.com/containous/traefik/tree/master/examples/k8s
基本概念
1 Ingress边界路由
虽然Kubernetes集群内部署的pod、server都有自己的IP,但是却无法提供外网访问,虽然我们可以通过监听NodePort的方式暴露服务,但是这种方式并不灵活,生产环境也不建议使用。
Ingresss是k8s集群中的一个API资源对象,扮演边缘路由器(edge router)的角色,也可以理解为集群防火墙、集群网关,我们可以自定义路由规则来转发、管理、暴露服务(一组Pod),非常灵活,生产环境建议使用这种方式。
什么是Ingress?
在Kubernetes中,Service和Pod的IP地址仅可以在集群网络内部使用,对于集群外的应用是不可见的。为了使外部的应用能够访问集群内的服务,在Kubernetes中可以通过NodePort和LoadBalancer这两种类型的Service,或者使用Ingress。
Ingress本质是通过http代理服务器将外部的http请求转发到集群内部的后端服务。通过Ingress,外部应用访问群集内容服务的过程如下所示:
Ingress 就是为进入集群的请求提供路由规则的集合。
Ingress 可以给 Service 提供集群外部访问的URL、负载均衡、SSL终止、HTTP路由等。为了配置这些 Ingress 规则,集群管理员需要部署一个 Ingress controller,它监听 Ingress 和 Service 的变化,并根据规则配置负载均衡并提供访问入口。
2 Traefik是什么?
Traefik在Github上Star数超19K:
Traefik is a modern HTTP reverse proxy and load balancer designed for deploying microservices.
Traefik是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。
Traefik是一个用Golang开发的轻量级的Http反向代理和负载均衡器,虽然相比于Nginx,它是后起之秀,但是它天然拥抱Kubernetes,直接与集群K8s的Api Server通信,反应非常迅速,同时还提供了友好的控制面板和监控界面,不仅可以方便地查看Traefik根据Ingress生成的路由配置信息,还可以查看统计的一些性能指标数据,如:总响应时间、平均响应时间、不同的响应码返回的总次数等。
不仅如此,Traefik还支持丰富的annotations配置,可配置众多出色的特性,例如:自动熔断、负载均衡策略、黑名单、白名单。所以Traefik对于微服务来说简直就是一神器。
Traefik User Guide for Kubernetes:
3 京东云Kubernetes集群
京东云Kubernetes整合京东云虚拟化、存储和网络能力,提供高性能可伸缩的容器应用管理能力,简化集群的搭建和扩容等工作,让用户专注于容器化的应用的开发与管理。
用户可以在京东云创建一个安全高可用的 Kubernetes 集群,并由京东云完全托管 Kubernetes 服务,并保证集群的稳定性和可靠性。让用户可以方便地在京东云上使用 Kubernetes 管理容器应用。
京东云Kubernetes集群:
前置条件
1 创建京东云Kubernetes集群
创建Kubernetes集群
请参考:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/create-to-cluster
2 Kubernetes客户端配置
集群创建完成后,需要配置kubectl客户端以连接Kubernetes集群。
请参考:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/connect-to-cluster
Traefik部署
1 权限配置
创建响应的Cluster Role和Cluster Role Binding,以赋予Traefik足够的权限。
Yaml文件如下:
1$ cat traefik-rbac.yaml
2---
3kind: ClusterRole
4apiVersion: rbac.authorization.k8s.io/v1beta1
5metadata:
6 name: traefik-ingress-controller
7rules:
8 - apiGroups:
9 - ""
10 resources:
11 - services
12 - endpoints
13 - secrets
14 verbs:
15 - get
16 - list
17 - watch
18 - apiGroups:
19 - extensions
20 resources:
21 - ingresses
22 verbs:
23 - get
24 - list
25 - watch
26---
27kind: ClusterRoleBinding
28apiVersion: rbac.authorization.k8s.io/v1beta1
29metadata:
30 name: traefik-ingress-controller
31roleRef:
32 apiGroup: rbac.authorization.k8s.io
33 kind: ClusterRole
34 name: traefik-ingress-controller
35subjects:
36- kind: ServiceAccount
37 name: traefik-ingress-controller
38 namespace: kube-system
开始创建
1$ kubectl create -f traefik-rbac.yaml
2clusterrole "traefik-ingress-controller" created
3clusterrolebinding "traefik-ingress-controller" created
创建成功
1$ kubectl get clusterrole -n kube-system | grep traefik
2traefik-ingress-controller 25s
3
4$ kubectl get clusterrolebinding -n kube-system | grep traefik
5traefik-ingress-controller 35s
** 2 部署Traefik**
本文选择使用Deployment部署Traefik。除此之外,Traefik还提供了DaemonSet的部署方式:
https://github.com/containous/traefik/blob/master/examples/k8s/traefik-ds.yaml
Traefik的80端口为接收HTTP请求,8080端口为Dashboard访问端口;通过Load Balancer类型的Service创建京东云负载均衡SLB,来作为K8s集群的统一入口。
Yaml文件如下:
1$ cat traefik-deployment.yaml
2---
3apiVersion: v1
4kind: ServiceAccount
5metadata:
6 name: traefik-ingress-controller
7 namespace: kube-system
8---
9kind: Deployment
10apiVersion: extensions/v1beta1
11metadata:
12 name: traefik-ingress-controller
13 namespace: kube-system
14 labels:
15 k8s-app: traefik-ingress-lb
16spec:
17 replicas: 1
18 selector:
19 matchLabels:
20 k8s-app: traefik-ingress-lb
21 template:
22 metadata:
23 labels:
24 k8s-app: traefik-ingress-lb
25 name: traefik-ingress-lb
26 spec:
27 serviceAccountName: traefik-ingress-controller
28 terminationGracePeriodSeconds: 60
29 containers:
30 - image: traefik
31 name: traefik-ingress-lb
32 ports:
33 - name: http
34 containerPort: 80
35 - name: admin
36 containerPort: 8080
37 args:
38 - --api
39 - --kubernetes
40 - --logLevel=INFO
41---
42kind: Service
43apiVersion: v1
44metadata:
45 name: traefik-ingress-service
46 namespace: kube-system
47spec:
48 selector:
49 k8s-app: traefik-ingress-lb
50 ports:
51 - protocol: TCP
52 port: 80
53 name: web
54 - protocol: TCP
55 port: 8080
56 name: admin
57 type: LoadBalancer
开始创建
1$ kubectl create -f traefik-deployment.yaml
2serviceaccount "traefik-ingress-controller" created
3deployment "traefik-ingress-controller" created
4service "traefik-ingress-service" created
Pod正常运行
<pre style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; font-size: inherit; color: inherit; line-height: inherit;">
1$ kubectl get pod -n kube-system | grep traefik
2traefik-ingress-controller-668679b744-jvmbg 1/1 Running 0 57s
查看Pod日志
1$ kubectl logs traefik-ingress-controller-668679b744-jvmbg -n kube-system 2time="2018-12-15T16:58:49Z" level=info msg="Traefik version v1.7.6 built on 2018-12-14_06:43:37AM" 3time="2018-12-15T16:58:49Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n" 4time="2018-12-15T16:58:49Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e20} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" 5time="2018-12-15T16:58:49Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" 6time="2018-12-15T16:58:49Z" level=info msg="Starting provider configuration.ProviderAggregator {}" 7time="2018-12-15T16:58:49Z" level=info msg="Starting server on :80" 8time="2018-12-15T16:58:49Z" level=info msg="Starting server on :8080" 9time="2018-12-15T16:58:49Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"10time="2018-12-15T16:58:49Z" level=info msg="ingress label selector is: \"\""11time="2018-12-15T16:58:49Z" level=info msg="Creating in-cluster Provider client"12time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :80"13time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :8080"
查看Traefik对应的SLB Service
1$ kubectl get svc/traefik-ingress-service -n kube-system2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE3traefik-ingress-service LoadBalancer 10.0.58.175 114.67.95.167 80:30331/TCP,8080:30232/TCP 2m
京东云负载均衡的公网IP为114.67.95.167。
如果需要通过域名访问K8s内的服务,则可以通过将域名解析至该公网IP。
此时,通过“公网IP:8080”便可以访问Traefik的Dashboard。
** 3 Traefik使用示例**
创建服务
创建3个Deployment对外提供HTTP服务,分别名为:Stilton、Cheddar、Wensleydale。
1$ cat cheese-deployments.yaml 2--- 3kind: Deployment 4apiVersion: extensions/v1beta1 5metadata: 6 name: stilton 7 labels: 8 app: cheese 9 cheese: stilton 10spec: 11 replicas: 2 12 selector: 13 matchLabels: 14 app: cheese 15 task: stilton 16 template: 17 metadata: 18 labels: 19 app: cheese 20 task: stilton 21 version: v0.0.1 22 spec: 23 containers: 24 - name: cheese 25 image: errm/cheese:stilton 26 resources: 27 requests: 28 cpu: 100m 29 memory: 50Mi 30 limits: 31 cpu: 100m 32 memory: 50Mi 33 ports: 34 - containerPort: 80 35--- 36kind: Deployment 37apiVersion: extensions/v1beta1 38metadata: 39 name: cheddar 40 labels: 41 app: cheese 42 cheese: cheddar 43spec: 44 replicas: 2 45 selector: 46 matchLabels: 47 app: cheese 48 task: cheddar 49 template: 50 metadata: 51 labels: 52 app: cheese 53 task: cheddar 54 version: v0.0.1 55 spec: 56 containers: 57 - name: cheese 58 image: errm/cheese:cheddar 59 resources: 60 requests: 61 cpu: 100m 62 memory: 50Mi 63 limits: 64 cpu: 100m 65 memory: 50Mi 66 ports: 67 - containerPort: 80 68--- 69kind: Deployment 70apiVersion: extensions/v1beta1 71metadata: 72 name: wensleydale 73 labels: 74 app: cheese 75 cheese: wensleydale 76spec: 77 replicas: 2 78 selector: 79 matchLabels: 80 app: cheese 81 task: wensleydale 82 template: 83 metadata: 84 labels: 85 app: cheese 86 task: wensleydale 87 version: v0.0.1 88 spec: 89 containers: 90 - name: cheese 91 image: errm/cheese:wensleydale 92 resources: 93 requests: 94 cpu: 100m 95 memory: 50Mi 96 limits: 97 cpu: 100m 98 memory: 50Mi 99 ports:100 - containerPort: 80
1$ kubectl create -f cheese-deployments.yaml 2deployment "stilton" created3deployment "cheddar" created4deployment "wensleydale" created
对应的Service
1$ cat cheese-services.yaml 2--- 3apiVersion: v1 4kind: Service 5metadata: 6 name: stilton 7spec: 8 ports: 9 - name: http10 targetPort: 8011 port: 8012 selector:13 app: cheese14 task: stilton15---16apiVersion: v117kind: Service18metadata:19 name: cheddar20spec:21 ports:22 - name: http23 targetPort: 8024 port: 8025 selector:26 app: cheese27 task: cheddar28---29apiVersion: v130kind: Service31metadata:32 name: wensleydale33spec:34 ports:35 - name: http36 targetPort: 8037 port: 8038 selector:39 app: cheese40 task: wensleydale
1$ kubectl create -f cheese-services.yaml 2service "stilton" created3service "cheddar" created4service "wensleydale" created
创建Ingress
Ingress Yaml文件如下:
1$ cat my-cheeses-ingress.yaml 2apiVersion: extensions/v1beta1 3kind: Ingress 4metadata: 5 name: cheeses 6 annotations: 7 traefik.frontend.rule.type: PathPrefixStrip 8spec: 9 rules:10 - host: www.<your-domain-name>.com 11 http:12 paths:13 - path: /stilton14 backend:15 serviceName: stilton16 servicePort: http17 - path: /cheddar18 backend:19 serviceName: cheddar20 servicePort: http21 - path: /wensleydale22 backend:23 serviceName: wensleydale24 servicePort: http
创建Ingress
1$ kubectl create -f my-cheeses-ingress.yaml 2ingress "cheeses" created
创建成功
1$ kubectl describe ingress/cheeses 2Name: cheeses 3Namespace: default 4Address: 5Default backend: default-http-backend:80 (<none>) 6Rules: 7 Host Path Backends 8 ---- ---- -------- 9 www.<your-domain-name>.com 10 /stilton stilton:http (<none>)11 /cheddar cheddar:http (<none>)12 /wensleydale wensleydale:http (<none>)13Annotations:14Events: <none>
访问服务
直接通过ELB IP+PATH访问:
1$ curl 114.67.95.167/stilton2404 page not found
访问失败,因为Ingress规则里指定了host。
请求Header中指定host:
1$ curl -H "Host:www.<your-domain-name>.com" 114.67.95.167/stilton
2<html>
3 <head>
4 <style>
5 html {
6 background: url(./bg.png) no-repeat center center fixed;
7 -webkit-background-size: cover;
8 -moz-background-size: cover;
9 -o-background-size: cover;
10 background-size: cover;
11 }
12
13 h1 {
14 font-family: Arial, Helvetica, sans-serif;
15 background: rgba(187, 187, 187, 0.5);
16 width: 3em;
17 padding: 0.5em 1em;
18 margin: 1em;
19 }
20 </style>
21 </head>
22 <body>
23 <h1>Stilton</h1>
24 </body>
25</html>
访问成功。
但是由于域名未备案,这种方式会被京东云拦截。
两种方式:
一****、Ingress里移除指定host;
二、****注册域名,并绑定证书及私钥。
从Ingress中移除host
将host字段注释掉:
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10# - host: www.<your-domain-name>.com
11 - http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
2ingress "cheeses" replaced
3$ kubectl get ingress
4NAME HOSTS ADDRESS PORTS AGE
5cheeses * 80 18m
Ingress更新成功,通过公网IP+PATH访问。
Stilton服务
1$ curl -I 114.67.95.167/stilton
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 517
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:19:15 GMT
7Etag: "5784f6c9-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:21 GMT
9Server: nginx/1.11.1
Cheddar服务
1$ curl -I 114.67.95.167/cheddar
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 517
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:19:54 GMT
7Etag: "5784f6e1-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:45 GMT
9Server: nginx/1.11.1
Wensleydale服务
1$ curl -I 114.67.95.167/wensleydale
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 521
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:20:00 GMT
7Etag: "5784f6fb-209"
8Last-Modified: Tue, 12 Jul 2016 13:56:11 GMT
9Server: nginx/1.11.1
三个服务均可通过/正常访问。
配置域名及证书
申请域名:.com,并在京东云上备案,并解析到SLB公网IP:114.67.95.167
证书和私钥
1$ ll *.pem
2-rw-r--r-- 1 pmo_jd_a pmo_jd_a 3554 Dec 20 16:04 fullchain.pem
3-rw------- 1 pmo_jd_a pmo_jd_a 1708 Dec 20 16:04 privkey.pem
创建Secret保存证书和私钥:
1$ kubectl create secret generic traefik-cert --from-file=fullchain.pem --from-file=privkey.pem -n kube-system
2secret "traefik-cert" created
Traefik配置文件(HTTP访问重定向到HTTPS,证书及私钥存放在/ssl/目录下,需要Secret挂载到该目录以供Traefik读取):
1# cat traefik.toml
2defaultEntryPoints = ["http","https"]
3[entryPoints]
4 [entryPoints.http]
5 address = ":80"
6 [entryPoints.http.redirect]
7 entryPoint = "https"
8 [entryPoints.https]
9 address = ":443"
10 [entryPoints.https.tls]
11 [[entryPoints.https.tls.certificates]]
12 CertFile = "/ssl/fullchain.pem"
13 KeyFile = "/ssl/privkey.pem"
创建ConfigMap用于保存配置文件traefik.toml:
1$ kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system
2configmap "traefik-conf" created
需要重新部署Traefik,新的Yaml文件如下:
1$ cat traefik-deployment-new.yaml
2kind: Deployment
3apiVersion: extensions/v1beta1
4metadata:
5 name: traefik-ingress-controller
6 namespace: kube-system
7 labels:
8 k8s-app: traefik-ingress-lb
9spec:
10 replicas: 1
11 selector:
12 matchLabels:
13 k8s-app: traefik-ingress-lb
14 template:
15 metadata:
16 labels:
17 k8s-app: traefik-ingress-lb
18 name: traefik-ingress-lb
19 spec:
20 serviceAccountName: traefik-ingress-controller
21 terminationGracePeriodSeconds: 60
22 containers:
23 - image: traefik
24 name: traefik-ingress-lb
25 ports:
26 - name: http
27 containerPort: 80
28 - name: admin
29 containerPort: 8080
30 args:
31 - --api
32 - --kubernetes
33 - --logLevel=INFO
34 - --configfile=/config/traefik.toml
35 volumeMounts:
36 - mountPath: "/ssl"
37 name: "ssl"
38 - mountPath: "/config"
39 name: "config"
40 volumes:
41 - name: ssl
42 secret:
43 secretName: traefik-cert
44 - name: config
45 configMap:
46 name: traefik-conf
重新部署:
1$ kubectl replace -f traefik-deployment-new.yaml
2deployment "traefik-ingress-controller" replaced
3$ kubectl get pod -n kube-system | grep traefik
4traefik-ingress-controller-668679b744-jvmbg 0/1 Terminating 0 4d
5traefik-ingress-controller-7d6cd769c9-2p57t 0/1 ContainerCreating 0 3s
6$ kubectl get pod -n kube-system | grep traefik
7traefik-ingress-controller-7d6cd769c9-2p57t 1/1 Running 0 19s
重新部署的Pod正常running。
查看Pod日志
$ kubectl logs traefik-ingress-controller-7d6cd769c9-2p57t -n kube-system
2time="2018-12-20T09:29:30Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dbc0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
3time="2018-12-20T09:29:30Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00059de40 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072db80} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
4time="2018-12-20T09:29:30Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000216c60 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dba0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
5time="2018-12-20T09:29:30Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
6time="2018-12-20T09:29:30Z" level=info msg="Starting server on :8080"
7time="2018-12-20T09:29:30Z" level=info msg="Starting server on :80"
8time="2018-12-20T09:29:30Z" level=info msg="Starting server on :443"
9time="2018-12-20T09:29:30Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-20T09:29:30Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-20T09:29:30Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :8080"
13time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :80"
14time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :443"
更新Ingress
$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
更新Traefik Service,开放443端口:
1$ kubectl apply -f traefik-service.yaml -n kube-system
2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
3service "traefik-ingress-service" configured
应用Service更新:
1$ kubectl apply -f traefik-service.yaml -n kube-system2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply3service "traefik-ingress-service" configured
HTTPS访问:
https://www.your-domain-name.com/stilton
以及HTTP:
http://www.your-domain-name.com/stilton
均可正常访问,且HTTP访问会被重定向到HTTPS。
总结:
本文仅测试了traefik的路由分发,当然traefik的功能远远不止于此,其大致特性如下:
它非常快~~~
无需安装其他依赖,通过Go语言编写的单一可执行文件
支持 Rest API
多种后台支持:Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, 并且还会更多
后台监控, 可以监听后台变化进而自动化应用新的配置文件设置
配置文件热更新,无需重启进程
正常结束http连接
后端断路器
轮询,rebalancer 负载均衡
Rest Metrics
支持最小化 官方 docker 镜像
后台支持SSL
前台支持SSL(包括SNI)
清爽的AngularJS前端页面
支持Websocket
支持HTTP/2
网络错误重试
支持Let’s Encrypt (自动更新HTTPS证书)
高可用集群模式
欢迎点击“链接”了解更多精彩内容
·END·
RECOMMEND
推荐阅读
干货 | 基于Keepalived实现京东云内网服务组件高可用
产品发布 | 京东云发布地域级高可用Kubernetes集群服务
点击阅读原文, 了解更多京东云K8s集群
干货 | 京东云Kubernetes集群+Traefik实战的更多相关文章
- 5000+字硬核干货!Redis 分布式集群部署实战
原理: Redis集群采用一致性哈希槽的方式将集群中每个主节点都分配一定的哈希槽,对写入的数据进行哈希后分配到某个主节点进行存储. 集群使用公式(CRC16 key)& 16384计算键key ...
- 阿里云kubernetes集群被xmrig挖矿程序入侵
原因是由于Kubernetes Apiserver不安全配置所致,Apiserver提供了资源操作的唯一入口,并提供认证.授权.访问控制.API注册和发现等机制,所以apiserver的安全至关重要. ...
- kubeadm搭建kubernetes集群之三:加入node节点
在上一章<kubeadm搭建kubernetes集群之二:创建master节点>的实战中,我们把kubernetes的master节点搭建好了,本章我们将加入node节点,使得整个环境可以 ...
- Traefik实现Kubernetes集群服务外部https访问
转载请注明出处:http://www.cnblogs.com/wayneiscoming/p/7707942.html traefik 是一个前端http反向代理服务器以及负载均衡器,支持多种微服务后 ...
- Docker&Kubernetes沙龙干货集锦:容器集群管理利器kubernetes详谈-CSDN.NET
Docker&Kubernetes沙龙干货集锦:容器集群管理利器kubernetes详谈-CSDN.NET undefined Package - crawler undefined 科学网- ...
- 初试 Kubernetes 集群中使用 Traefik 反向代理
初试 Kubernetes 集群中使用 Traefik 反向代理 2017年11月17日 09:47:20 哎_小羊_168 阅读数:12308 版权声明:本文为博主原创文章,未经博主允许不得转 ...
- 阿里云上万个 Kubernetes 集群大规模管理实践
点击下载<不一样的 双11 技术:阿里巴巴经济体云原生实践> 本文节选自<不一样的 双11 技术:阿里巴巴经济体云原生实践>一书,点击上方图片即可下载! 作者 | 汤志敏,阿里 ...
- (转)实验文档2:实战交付一套dubbo微服务到kubernetes集群
基础架构 主机名 角色 ip HDSS7-11.host.com k8s代理节点1,zk1 10.4.7.11 HDSS7-12.host.com k8s代理节点2,zk2 10.4.7.12 HDS ...
- 使用Minikube运行一个本地单节点Kubernetes集群(阿里云)
使用Minikube运行一个本地单节点Kubernetes集群中使用谷歌官方镜像由于某些原因导致镜像拉取失败以及很多人并没有代理无法开展相关实验. 因此本文使用阿里云提供的修改版Minikube创建一 ...
随机推荐
- 看完本文,Essay写作再也不需要凑字数
很多同学都说过自己写论文的时候出现“词穷”的情况,无奈只能靠“胡编乱造”来凑字数写出开头段,这其实是大家的阅读量没有达到要求.但不能因为出现这种情况就对自己的论文不负责任,否则你的论文分数可能就不会对 ...
- Python中pandas透视表pivot_table功能详解(非常简单易懂)
一文看懂pandas的透视表pivot_table 一.概述 1.1 什么是透视表? 透视表是一种可以对数据动态排布并且分类汇总的表格格式.或许大多数人都在Excel使用过数据透视表,也体会到它的强大 ...
- POJ 2142:The Balance
The Balance Time Limit: 5000MS Memory Limit: 65536K Total Submissions: 4781 Accepted: 2092 Descr ...
- JS - 查找字符串中的某个值,截取其之前。和之后的值
var str = "11:222"; /* * 截取 “ :”之前和之后的值 */document.write(str.split(':')[0]) //输出11doc ...
- redis主从遇到的问题
rendis安装 主从切换 Redis的HA方案 Redis高可用架构(1)—Keepalive+VIP 还是配置的问题 从一直无法连接上主 redis.conf配置 # Examples:# 1 ...
- Python基础笔记:函数:调用函数、定义函数、函数的参数、递归函数
一.定义一个求二元一次方程的根的函数 #Sublime Text import math def ee(a,b,c): delta=b*b-4*a*c if delta<0: return 'n ...
- OpenJudge - NOI - 1.1编程基础之输入输出(C语言 全部题解)
01:Hello, World! #include <stdio.h> int main(void) { printf("Hello, World!"); return ...
- PGSQL基本操作语句
; --更新数据 ,,) ; --插入数据 ORDER BY app_name,flag asc/desc ; --查询数据并且排序 offset ; --查询起点0开始查询,返回5条数据 ORDER ...
- 【LeetCode】160. 相交链表
题目 输入两个链表,找出它们的第一个公共节点. 如下面的两个链表: 在节点 c1 开始相交. 示例 1: 输入:intersectVal = 8, listA = [4,1,8,4,5], listB ...
- Codeforces 392 B Blown Garland
题意:输入是由连续的RYGB和字符!组成的字符串,R代表红灯,Y代表黄灯,G代表绿灯,B代表蓝灯.简而言之,就是给定的字符串保证了下标对4取余相同的灯颜色都相同,但是有的地方为‘!’代表这个灯坏了,然 ...