0
点赞
收藏
分享

微信扫一扫

k8s使用traefik暴露http服务和tcp服务


traefik官网:​​Traefik Proxy Documentation - Traefik​​

1、下载chart包

helm repo add traefik https://helm.traefik.io/traefik

helm repo update

helm pull traefik/traefik

2、下载镜像

docker pull docker.io/library/traefik:2.8

3、修改values.yaml

3.1、几个重要的端口配置

将traefik、web、websecure、metrics下的expose都改为true。

ports:
traefik:
port: 9000
expose: false
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
port: 8000
# hostPort: 8000
expose: true
exposedPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
websecure:
port: 8443
# hostPort: 8443
expose: true
exposedPort: 443
# The port protocol (TCP/UDP)
protocol: TCP
tls:
enabled: false
# this is the name of a TLSOption definition
options: ""
certResolver: ""
domains: []
# - main: example.com
# sans:
# - foo.example.com
# - bar.example.com
metrics:
port: 9100
# hostPort: 9100
expose: false
# The exposed port for this service
exposedPort: 9100
# The port protocol (TCP/UDP)
protocol: TCP

tlsOptions: {}

3.2、service配置:

配置使用何种方式将traefik的相关服务暴露出去,使得在集群外可以访问,我这里使用NodePort暴露。

# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
enabled: true
type: NodePort
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
annotations: {}
# Additional annotations for TCP service only
annotationsTCP: {}
# Additional annotations for UDP service only
annotationsUDP: {}
# Additional service labels (e.g. for filtering Service by custom labels)
labels: {}
# Additional entries here will be added to the service spec.
# Cannot contain type, selector or ports entries.
spec: {}
# externalTrafficPolicy: Cluster
# loadBalancerIP: "1.2.3.4"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges: []
# - 192.168.0.1/32
# - 172.16.0.0/16
externalIPs: []

3.3、使用hostNetwork

必须将hostNetwork的值设为true。

hostNetwork: true

3.4、配置traefik ingressClass

我这里将ingressClass设为mytraefik(建议将ingressClass的值设为和部署实例名称一样)。

providers:
kubernetesIngress:
enabled: true
allowExternalNameServices: false
allowEmptyServices: false
ingressClass: mytraefik

3.5、 添加自定义端口

在traefik中,暴露TCP服务需要在部署traefik时定义好需要使用的端口,不同于nginx-ingress可以动态修改TCP端口,traefik不支持动态增加TCP端口。

这里,我配置了两个端口:32000和32001,这两个端口的别名分别为myport32000和myport32001如果需要使用traefik暴露TCP服务,我就可以使用这两个端口。

additionalArguments:
- --entrypoints.myport32000.Address=:32000
- --entrypoints.myport32001.Address=:32001

4、部署traefik

改好参数后,就可以直接部署traefik了。

helm install mytraefik .

5、访问traefik

部署完成后,查看创建的service

k8s使用traefik暴露http服务和tcp服务_sed

使用浏览器访问traefik的dashboard(9000端口对应的服务就是dashboard)

# 千万注意,这个地址不能错。必须是 服务器ip:NodePort端口/dashboard/#/
http://10.10.101.140:30332/dashboard/#/

k8s使用traefik暴露http服务和tcp服务_kubernetes_02

6、使用traefik暴露http服务

6.1:创建ingress

traefik暴露HTTP服务和nginx ingress的方式是一样的,就是创建一个Ingress资源,在annotations中指定tkubernetes.io/ingress.class为mytraefik(在步骤3.4中配置的)。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: mytraefik
name: es-log-elasticsearch-http-ehcth3
namespace: zeus-test
spec:
rules:
- host: hces.hclyl.com
http:
paths:
- backend:
serviceName: es-log-kibana
servicePort: 5200
path: /

6、使用traefik暴露tcp服务

6.1 创建ingressroutetcp

match的值都默认为: HostSNI('*')

entryPoints: entryPoints的值即为步骤3.5中配置的端口别名,我这里使用myport32000。

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: mysql
namespace: zeus-test
spec:
entryPoints:
- myport32000
routes:
- match: HostSNI(`*`)
services:
- name: test-mysql
port: 3306

创建完ingressroutetcp cr后,就可以使用32000端口访问mysql服务了。

举报

相关推荐

0 条评论