中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

K8S 之 服務暴露Ingress Traefik 安裝

發布時間:2020-03-06 01:21:47 來源:網絡 閱讀:462 作者:wx592bc92b285c7 欄目:系統運維

一、POD服務暴露Ingress Traefik的理解

K8S  之  服務暴露Ingress Traefik 安裝

二、Ingress 數據流向

K8S  之  服務暴露Ingress Traefik 安裝

三、Ingress Traefik安裝

在運維主機上運行
[root@test-operator traefik]# cd /data/k8s-yaml/
k8s-yaml]# mkdir traefik
k8s-yaml]# cd traefik/
traefik]# docker pull traefik:v1.7.2-alpine
traefik]# docker images|grep traefik
traefik]# docker tag add5fac61ae5 traefik]# harbor.od.com/public/traefik:v1.7.2
traefik]# docker push test-harbor.cedarhd.com/public/traefik:v1.7.2

#創建四個資源配置清單
traefik]# vi rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system

------------------------------------------------------------------------------------------

traefik]# vi ds.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: traefik-ingress
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress
        name: traefik-ingress
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: test-harbor.cedarhd.com/public/traefik:v1.7.2
        name: traefik-ingress
        ports:
        - name: controller
          containerPort: 80
          hostPort: 81
        - name: admin-web
          containerPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
        - --insecureskipverify=true
        - --kubernetes.endpoint=https://10.3.153.240:7443
        - --accesslog
        - --accesslog.filepath=/var/log/traefik_access.log
        - --traefiklog
        - --traefiklog.filepath=/var/log/traefik.log
        - --metrics.prometheus

------------------------------------------------------------------------------------------

traefik]# vi svc.yaml
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress
  ports:
    - protocol: TCP
      port: 80
      name: controller
    - protocol: TCP
      port: 8080
      name: admin-web

------------------------------------------------------------------------------------------
traefik]# vi ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: test-traefik.cedarhd.com
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-ingress-service
          servicePort: 8080
在任意運算節點主機上運行
[root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/rbac.yaml
serviceaccount/traefik-ingress-controller created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created
[root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/ds.yaml
daemonset.extensions/traefik-ingress created
[root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/svc.yaml
service/traefik-ingress-service created
[root@test-nodes1 ~]# kubectl apply -f http://k8s-yaml.cedarhd.com/traefik/ingress.yaml
ingress.extensions/traefik-web-ui created
[root@test-nodes1 ~]# systemctl restart docker.service      #重啟兩臺運算節點的docker
[root@test-nodes2 ~]# kubectl get pods -n kube-system     #檢查運行情況
NAME                       READY   STATUS    RESTARTS   AGE
coredns-6c69fbcc6c-6vqgr   1/1     Running   0          18h
traefik-ingress-44ptk      1/1     Running   0          22m
traefik-ingress-vrvr4      1/1     Running   0          22m

四、分別在master/standby proxy做域名解釋跳轉

[root@test-master ~]# vi /etc/nginx/conf.d/cedarhd.com.conf
upstream default_backend_traefik {
    server 10.3.153.221:81    max_fails=3 fail_timeout=10s;
    server 10.3.153.222:81    max_fails=3 fail_timeout=10s;
}
server {
    server_name *.cedarhd.com;

    location / {
        proxy_pass http://default_backend_traefik;
        proxy_set_header Host       $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}
[root@test-master ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test-master ~]# nginx -s reload

#備注,在DNS主機上把test-traefik.cedarhd.com的域名解釋到VIP地址(10.3.153.240)上。

K8S  之  服務暴露Ingress Traefik 安裝

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

恩施市| 岗巴县| 都安| 化德县| 吴旗县| 乌拉特后旗| 手游| 邢台市| 刚察县| 大姚县| 大邑县| 汶上县| 鹤岗市| 历史| 若尔盖县| 海丰县| 永年县| 罗田县| 舟山市| 民乐县| 商城县| 南京市| 南雄市| 岚皋县| 绍兴市| 广东省| 宝兴县| 台中县| 武邑县| 阳高县| 平山县| 西乌珠穆沁旗| 黔西县| 礼泉县| 射洪县| 仁寿县| 南漳县| 汨罗市| 太湖县| 贵南县| 长宁区|