1、traefik简介与特性
1、什么是Traefik
官方文档
https://doc.traefik.io/traefik/
简介
Traefik是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。 它支持多种后台 (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) 来自动化、动态的应用它的配置文件设置。
流量示意图
2、Traefik特性
- 非常快
- 无需安装其他依赖,通过Go语言编写的单一可执行文件支持 Rest API
- 多种后台支持:Docker,Swarm,Kubernetes,Marathon,Mesos,Consul, Etcd,并且还会更多
- 后台监控,可以监听后台变化进而自动化应用新的配置文件设置
- 配置文件热更新。无需重启进程
- 正常结束http连接
- 后端断路器
- 轮询,rebalancer负载均衡
- Rest Metrics
- 支持最小化官方docker 镜像
- 前、后台支持SSL
- 清爽的Angularjs前端页面
- 支持Websocket
- 支持HTTP/2
- 网络错误重试
- 支持Let's Encrypt(自动更新HTTPS证书)
- 高可用集群模式
3、traefik组件与nginx类比
| 组件名称 | 功能 | nginx相同概念 |
|---|---|---|
| Providers | 监听路由信息变化,更新路由 | 修改nginx配置,reload服务。 |
| Entrypoints | 网络入口,监听传入的流量 | 配置文件listen指定监听端口 |
| Routers | 分析传入的请求,匹配规则 | 配置文件server_name+location |
| Middlewares | 中间件,修改请求或响应 | location配置段中添加的缓存、压缩、请求头等配置 |
| Service | 请求转发 | http配置段中的upstream |
Nginx和Traefik横向对比
| Nginx Ingress | Traefik ingress | |
|---|---|---|
| 协议 | http/https、http2、grpc、tcp/udp | http/https、http2、grpc、tcp、tcp+tls |
| 路由匹配 | host、path | host、path、headers、query、path prefix、method |
| 命名空间支持 | - | 共用或指定命名空间 |
| 部署策略 | - | 金丝雀部署、蓝绿部署、灰度部署 |
| upstream探测 | 重试、超时、心跳探测 | 重试、超时、心跳探测、熔断 |
| 负载均衡算法 | RR、会话保持、最小连接、最短时间、一致性hash | WRR、动态RR、会话保持 |
| 优点 | 简单易用,易接入 | Golang编写,部署容易,支持众多的后端,内置WebUI |
| 缺点 | 没有解决nginx reload,插件多,但是扩展性能查差 | 性能略逊于NGINX,但强于HAProxy |
4、核心概念
当请求Traefik时,请求首先到entrypoints,然后分析传入的请求,查看他们是否与定义的Routers匹配。如果匹配,则会通过一系列middlewares处理,再到traefikServices上做流量转发,最后请求到kubernetes的services上。
以下几个重要的核心组件
Providers用来自动发现平台上的服务,可以是编排工具、容器引擎云提供商或者键值存储。Traefik通过查询Providers的API来查询路由的相关信息,一旦检测到变化,就会动态的更新路由。Entrypoints监听传入的流量,是网络的入口点,定义了接受请求的端口(HTTP或者TCP)Routers分析请求(host,path,headers,SSL等),负责将传入的请求连接到可以处理这些请求的服务上去。Middlewares中间件,用来修改请求或者根据请求来做出判断,中间件被附件到路由上,是一种在请求发送到服务之前调整请求的一种方法。Service将请求转发给应用,负责配置如何最终将处理传入请求的实际服务,Traefik的Service介于Middlewares与KubernetesService之间,可以实现加权负载、流量复制等功能。
traefik优点
- 不需要安装其他依赖,使用 GO 语言编译可执行文件
- 支持多种后台,如 Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS 等等
- 支持 REST API
- 配置文件热重载,可自动监听配置改动、发现新服务,并自动更新无需人工重启
- 支持熔断、限流功能
- 支持轮训、负载均衡
- 提供简洁的 UI 界面
- 支持 Websocket, HTTP/2, GRPC
- 自动更新 HTTPS 证书
- 支持高可用集群模式
2.1、traefik部署CRD
1、部署CRD资源
本次Traefik 是部署在 kube-system Namespace 下,如果不想部署到配置的 Namespace,需要修改下面部署文件中的 Namespace 参数。此yaml资源清单文件可在traefik.io网站直接复制使用:https://doc.traefik.io/traefik/v2.5/reference/dynamic-configuration/kubernetes-crd/#definitions
[root@k8s-master01 traefik]# vim traefik_crd.yaml
##内容直接为以上链接复制的内容
2、应用部署
[root@k8s-master01 traefik]# kubectl apply -f traefik_crd.yaml
customresourcedefinition.apiextensions.k8s.io/ingressroutes.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressroutetcps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressrouteudps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/middlewares.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/middlewaretcps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/serverstransports.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsoptions.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsstores.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/traefikservices.traefik.containo.us created
2.2、traefik部署RBAC
基于角色的访问控制(RBAC)策略,方便对Kubernetes资源和API进行细粒度控制
traefik需要一定的权限,需要提前创建ServiceAccount并分配一定的权限。
1、创建资源清单文件
[root@k8s-master01 traefik]# cat traefik_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kube-system
name: traefik-ingress-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
2、应用部署
[root@k8s-master01 traefik]# kubectl apply -f traefik_rbac.yaml
serviceaccount/traefik-ingress-controller created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created
2.3、创建traefik配置文件
由traefik配置很多,通过CLI定义不方便,一般都通过配置文件对traefik进行参数配置,例如使用ConfigMap将配置挂载至traefik中
1、编写资源清单文件
[root@k8s-master01 traefik]# vim traefik-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik
namespace: kube-system
data:
traefik.yaml: |-
serversTransport:
insecureSkipVerify: true ## 略验证代理服务的 TLS 证书
api:
insecure: true ## 允许 HTTP 方式访问 API
dashboard: true ## 启用 Dashboard
debug: true ## 启用 Debug 调试模式
metrics:
prometheus: "" ## 配置 Prometheus 监控指标数据,并使用默认配置
entryPoints:
web:
address: ":80" ## 配置 80 端口,并设置入口名称为 web
websecure:
address: ":443" ## 配置 443 端口,并设置入口名称为 websecure
metrics:
address: ":8082" ## 配置 8082端口,并设置入口名称为 metrics
tcpep:
address: ":8083" ## 配置 8083端口,并设置入口名称为 tcpep,做为tcp入口
udpep:
address: ":8084/udp" ## 配置 8084端口,并设置入口名称为 udpep,做为udp入口
providers:
kubernetesCRD: "" ## 启用 Kubernetes CRD 方式来配置路由规则
kubernetesingress: "" ## 启用 Kubernetes Ingress 方式来配置路由规则
kubernetesGateway: "" ## 启用 Kubernetes Gateway API
experimental:
kubernetesGateway: true ## 允许使用 Kubernetes Gateway API
log:
filePath: "" ## 设置调试日志文件存储路径,如果为空则输出到控制台
level: error ## 设置调试日志级别
format: json ## 设置调试日志格式
accessLog:
filePath: "" ## 设置访问日志文件存储路径,如果为空则输出到控制台
format: json ## 设置访问调试日志格式
bufferingSize: 0 ## 设置访问日志缓存行数
filters:
retryAttempts: true ## 设置代理访问重试失败时,保留访问日志
minDuration: 20 ## 设置保留请求时间超过指定持续时间的访问日志
fields: ## 设置访问日志中的字段是否保留(keep 保留、drop 不保留)
defaultMode: keep ## 设置默认保留访问日志字段
names:
ClientUsername: drop
headers:
defaultMode: keep ## 设置 Header 中字段是否保留,设置默认保留 Header 中字段
names: ## 针对 Header 中特别字段特别配置保留模式
User-Agent: redact
Authorization: drop
Content-Type: keep
2、应用资源清单文件
[root@k8s-master01 traefik]# kubectl apply -f traefik-configmap.yaml
configmap/traefik created
3、相关验证
## 查看是否存在相关配置文件
[root@k8s-master01 traefik]# kubectl get configmaps -n kube-system
NAME DATA AGE
coredns 1 28d
extension-apiserver-authentication 6 28d
kube-proxy 2 28d
kube-root-ca.crt 1 28d
kubeadm-config 2 28d
kubelet-config-1.21 1 28d
traefik 1 35s # 存在
## 查看用户是否存在
[root@k8s-master01 traefik]# kubectl get serviceaccounts -n kube-system
NAME SECRETS AGE
attachdetach-controller 1 28d
bootstrap-signer 1 28d
certificate-controller 1 28d
clusterrole-aggregation-controller 1 28d
coredns 1 28d
cronjob-controller 1 28d
daemon-set-controller 1 28d
default 1 28d
deployment-controller 1 28d
disruption-controller 1 28d
endpoint-controller 1 28d
endpointslice-controller 1 28d
endpointslicemirroring-controller 1 28d
ephemeral-volume-controller 1 28d
expand-controller 1 28d
generic-garbage-collector 1 28d
horizontal-pod-autoscaler 1 28d
job-controller 1 28d
kube-proxy 1 28d
metrics-server 1 28d
namespace-controller 1 28d
node-controller 1 28d
persistent-volume-binder 1 28d
pod-garbage-collector 1 28d
pv-protection-controller 1 28d
pvc-protection-controller 1 28d
replicaset-controller 1 28d
replication-controller 1 28d
resourcequota-controller 1 28d
root-ca-cert-publisher 1 28d
service-account-controller 1 28d
service-controller 1 28d
statefulset-controller 1 28d
token-cleaner 1 28d
traefik-ingress-controller 1 7m36s # 用户存在且有相应的权限
ttl-after-finished-controller 1 28d
ttl-controller 1 28d
2.4、设置节点Label
由于使用DaemonSet方式部署Traefik,所以需要为节点设置label,当应用部署时会根据节点Label进行选择。
设置节点标签 kubectl label nodes --all IngressProxy=true
[root@k8s-master01 traefik]# kubectl label nodes --all IngressProxy=true
node/k8s-master01 labeled
node/k8s-master02 labeled
node/k8s-master03 labeled
node/k8s-worker01 labeled
node/k8s-worker02 labeled
node/k8s-worker03 labeled
node/k8s-worker04 labeled
查看节点标签 kubectl get nodes --show-labels
[root@k8s-master01 traefik]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
k8s-master01 Ready control-plane,master 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master01,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s-master02 Ready control-plane,master 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master02,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s-master03 Ready control-plane,master 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master03,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s-worker01 Ready <none> 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,env=test1,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-worker01,kubernetes.io/os=linux
k8s-worker02 Ready <none> 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,bussiness=game,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-worker02,kubernetes.io/os=linux
k8s-worker03 Ready <none> 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-worker03,kubernetes.io/os=linux
k8s-worker04 Ready <none> 28d v1.21.0 IngressProxy=true,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-worker04,kubernetes.io/os=linux
如需要取消时,可执行下述命令 kubectl label nodes --all IngressProxy-
[root@k8s-master01 traefik]# kubectl label nodes --all IngressProxy-
node/k8s-master01 labeled
node/k8s-master02 labeled
node/k8s-master03 labeled
node/k8s-worker01 labeled
node/k8s-worker02 labeled
node/k8s-worker03 labeled
node/k8s-worker04 labeled
3.1、Deploy资源清单文件准备
本次将用Daemonset方式部署traefik,便于后期扩展
本次部署通过hostport方式把Pod中容器内的80、443映射到物理机,方便集群外访问。当然你把service换Nodeport或者LB也行。
1、准备deploy资源清单文件
[root@k8s-master01 traefik]# vim traefik-deploy.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: traefik
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.5.7
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: /config
name: config
ports:
- name: web
containerPort: 80
hostPort: 80 ## 将容器端口绑定所在服务器的 80 端口
- name: websecure
containerPort: 443
hostPort: 443 ## 将容器端口绑定所在服务器的 443 端口
- name: admin
containerPort: 8080 ## Traefik Dashboard 端口
- name: tcpep
containerPort: 8083
hostPort: 8083 ## 将容器端口绑定所在服务器的 8083 端口
- name: udpep
containerPort: 8084
hostPort: 8084 ## 将容器端口绑定所在服务器的 8084 端口
protocol: UDP
volumes:
- name: config
configMap:
name: traefik
tolerations: ## 设置容忍所有污点,防止节点被设置污点
- operator: "Exists"
nodeSelector: ## 设置node筛选器,在特定label的节点上启动
IngressProxy: "true"
2、应用资源清单文件
[root@k8s-master01 traefik]# kubectl apply -f traefik-deploy.yaml
daemonset.apps/traefik created
3、验证pod
[root@k8s-master01 traefik]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-57d4cbf879-9xxfd 1/1 Running 4 28d
coredns-57d4cbf879-dq5kk 1/1 Running 4 28d
etcd-k8s-master01 1/1 Running 4 28d
etcd-k8s-master02 1/1 Running 4 28d
etcd-k8s-master03 1/1 Running 4 28d
kube-apiserver-k8s-master01 1/1 Running 5 28d
kube-apiserver-k8s-master02 1/1 Running 5 28d
kube-apiserver-k8s-master03 1/1 Running 6 28d
kube-controller-manager-k8s-master01 1/1 Running 4 28d
kube-controller-manager-k8s-master02 1/1 Running 4 28d
kube-controller-manager-k8s-master03 1/1 Running 4 28d
kube-proxy-8d4ms 1/1 Running 4 28d
kube-proxy-d2725 1/1 Running 3 28d
kube-proxy-ldmsj 1/1 Running 4 28d
kube-proxy-mcsqk 1/1 Running 3 28d
kube-proxy-slt7g 1/1 Running 3 28d
kube-proxy-tpsrq 1/1 Running 4 28d
kube-proxy-zfzd4 1/1 Running 3 28d
kube-scheduler-k8s-master01 1/1 Running 5 28d
kube-scheduler-k8s-master02 1/1 Running 4 28d
kube-scheduler-k8s-master03 1/1 Running 4 28d
metrics-server-6bf679fb9b-6wvhh 1/1 Running 4 28d
metrics-server-6bf679fb9b-q2z2f 1/1 Running 4 28d
traefik-5sdv9 1/1 Running 0 2m9s # 已运行
traefik-6fgh7 1/1 Running 0 2m9s
traefik-bk8jz 1/1 Running 0 2m9s
traefik-nwxbx 1/1 Running 0 2m9s
traefik-rz7bx 1/1 Running 0 2m9s
traefik-vzvcg 1/1 Running 0 2m9s
traefik-xbcvm 1/1 Running 0 2m9s
4、以yaml返回方式验证端口
[root@k8s-master01 traefik]# kubectl get daemonsets.apps traefik -n kube-system -o yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
deprecated.daemonset.template.generation: "1"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"DaemonSet","metadata":{"annotations":{},"labels":{"app":"traefik"},"name":"traefik","namespace":"kube-system"},"spec":{"selector":{"matchLabels":{"app":"traefik"}},"template":{"metadata":{"labels":{"app":"traefik"}},"spec":{"containers":[{"args":["--configfile=/config/traefik.yaml"],"image":"traefik:v2.5.7","name":"traefik","ports":[{"containerPort":80,"hostPort":80,"name":"web"},{"containerPort":443,"hostPort":443,"name":"websecure"},{"containerPort":8080,"name":"admin"},{"containerPort":8083,"hostPort":8083,"name":"tcpep"},{"containerPort":8084,"hostPort":8084,"name":"udpep","protocol":"UDP"}],"volumeMounts":[{"mountPath":"/config","name":"config"}]}],"nodeSelector":{"IngressProxy":"true"},"serviceAccountName":"traefik-ingress-controller","tolerations":[{"operator":"Exists"}],"volumes":[{"configMap":{"name":"traefik"},"name":"config"}]}}}}
creationTimestamp: "2024-02-28T02:39:49Z"
generation: 1
labels:
app: traefik
name: traefik
namespace: kube-system
resourceVersion: "7168441"
uid: a51e55a5-a257-411a-adcc-11d1a9722ea7
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: traefik
template:
metadata:
creationTimestamp: null
labels:
app: traefik
spec:
containers:
- args:
- --configfile=/config/traefik.yaml
image: traefik:v2.5.7
imagePullPolicy: IfNotPresent
name: traefik
ports:
- containerPort: 80
hostPort: 80
name: web
protocol: TCP
- containerPort: 443
hostPort: 443
name: websecure
protocol: TCP
- containerPort: 8080
name: admin
protocol: TCP
- containerPort: 8083
hostPort: 8083
name: tcpep
protocol: TCP
- containerPort: 8084
hostPort: 8084
name: udpep
protocol: UDP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /config
name: config
dnsPolicy: ClusterFirst
nodeSelector:
IngressProxy: "true"
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: traefik-ingress-controller
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
volumes:
- configMap:
defaultMode: 420
name: traefik
name: config
updateStrategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
status:
currentNumberScheduled: 7
desiredNumberScheduled: 7
numberAvailable: 7
numberMisscheduled: 0
numberReady: 7
observedGeneration: 1
updatedNumberScheduled: 7
3.2、Service资源清单文件准备
1、准备Service资源清单文件
[root@k8s-master01 traefik]# cat traefix-service.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
ports:
- protocol: TCP
name: web
port: 80
- protocol: TCP
name: admin
port: 8080
- protocol: TCP
name: websecure
port: 443
- protocol: TCP
name: tcpep
port: 8083
- protocol: UDP
name: udpep
port: 8084
selector:
app: traefik
2、应用
[root@k8s-master01 traefik]# kubectl apply -f traefix-service.yaml
service/traefik created
3、验证
[root@k8s-master01 traefik]# kubectl get service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 28d
metrics-server ClusterIP 10.96.197.146 <none> 443/TCP 28d
traefik ClusterIP 10.101.5.3 <none> 80/TCP,8080/TCP,443/TCP,8083/TCP,8084/UDP 66s
4、 配置访问traefik dashboard路由规则
Traefik 应用已经部署完成,但是想让外部访问 Kubernetes 内部服务,还需要配置路由规则,上面部署 Traefik 时开启了 Traefik Dashboard,这是 Traefik 提供的视图看板,所以,首先配置基于 HTTP 的 Traefik Dashboard 路由规则,使外部能够访问 Traefik Dashboard。这里使用 IngressRoute方式进行演示。
1、Traefik创建路由规则方法
- 原生ingress
- CRD IngressRoute
- Gateway API
4.1、通过原生ingress方式暴露traefik dashboard
1、通过原生ingress方式暴露traefik dashboard
[root@k8s-master01 traefik]# kubectl get service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 28d
metrics-server ClusterIP 10.96.197.146 <none> 443/TCP 28d
traefik ClusterIP 10.101.5.3 <none> 80/TCP,8080/TCP,443/TCP,8083/TCP,8084/UDP 66s
[root@k8s-master01 traefik]# kubectl get endpoints -n kube-system
NAME ENDPOINTS AGE
kube-dns 10.244.32.149:53,10.244.32.152:53,10.244.32.149:53 + 3 more... 28d
metrics-server 10.244.122.138:443,10.244.32.151:443 28d
traefik 10.244.122.139:80,10.244.195.26:80,10.244.203.240:80 + 32 more... 7m56s
编写ingress资源清单文件
[root@k8s-master01 traefik]# vim traefik-dashboard-native-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-dashboard-ingress
namespace: kube-system
annotations: #根据annotations来选择使用traefik
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: cs.tkdashboard.cn
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: traefik
port:
number: 8080
[root@k8s-master01 traefik]# kubectl apply -f traefik-dashboard-native-ingress.yaml
ingress.networking.k8s.io/traefik-dashboard-ingress created
[root@k8s-master01 traefik]# kubectl get ingress -n kube-system
NAME CLASS HOSTS ADDRESS PORTS AGE
traefik-dashboard-ingress <none> cs.tkdashboard.cn 80 17s
[root@k8s-master01 traefik]# echo "192.168.122.11 cs.tkdashboard.cn" >> /etc/hosts
[root@k8s-master01 traefik]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.11 k8s-master01
192.168.122.12 k8s-master02
192.168.122.13 k8s-master03
192.168.122.14 k8s-worker01
192.168.122.15 k8s-worker02
192.168.122.16 k8s-worker03
192.168.122.17 k8s-worker04
192.168.122.18 k8s-dockerHub
192.168.122.100 k8s-master-lb
192.168.122.110 www.cs.com
192.168.122.11 cs.tkdashboard.cn
[root@k8s-master01 ~]# kubectl describe ingress traefik-dashboard-ingress -n kube-system
Name: traefik-dashboard-ingress
Namespace: kube-system
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
cs.tkdashboard.cn
/ traefik:8080 (10.244.122.139:8080,10.244.195.26:8080,10.244.203.240:8080 + 4 more...)
Annotations: kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
Events: <none>
使用命令行调出浏览器测试访问
[root@k8s-master01 ~]# firefox http://cs.tkdashboard.cn &
4.2、通过CRD IngressRoute方式暴露traefik dashboard
1、创建dashboard ingress router资源清单文件
[root@k8s-master01 traefik]# cat traefik-dashboard-ingress-route.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: Host(`cs.tkdashboard.cn`) && PathPrefix(`/`)
kind: Rule
services:
- name: traefik
port: 8080
2、应用资源清单文件
[root@k8s-master01 traefik]# kubectl apply -f traefik-dashboard-ingress-route.yaml
ingressroute.traefik.containo.us/traefik created
3、查看相关信息
[root@k8s-master01 traefik]# kubectl describe ingressroute traefik -n kube-system
Name: traefik
Namespace: kube-system
Labels: <none>
Annotations: <none>
API Version: traefik.containo.us/v1alpha1
Kind: IngressRoute
Metadata:
Creation Timestamp: 2024-02-28T05:48:58Z
Generation: 1
Managed Fields:
API Version: traefik.containo.us/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:entryPoints:
f:routes:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-02-28T05:48:58Z
Resource Version: 7210154
UID: cad74168-a081-4e18-a242-78fc0cd7de79
Spec:
Entry Points:
web
Routes:
Kind: Rule
Match: Host(`cs.tkdashboard.cn`) && PathPrefix(`/`)
Services:
Name: traefik
Port: 8080
Events: <none>
5、测试访问
5.1、traefik通过ingressroute暴露kuboard-dashboard---有问题
1、查看kuboard的Service信息
[root@k8s-master01 ~]# kubectl get ns
NAME STATUS AGE
calico-apiserver Active 28d
calico-system Active 28d
default Active 28d
ingress-nginx Active 27h
kube-node-lease Active 28d
kube-public Active 28d
kube-system Active 28d
kuboard Active 28d # kuboard所在命名空间
metallb-system Active 27h
tigera-operator Active 28d
[root@k8s-master01 ~]# kubectl get svc -n kuboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kuboard-v3 NodePort 10.108.34.217 <none> 80:30080/TCP,10081:30081/TCP,10081:30081/UDP 28d # kuboard的Service信息,采用了nodeport类型
此时在集群内可以通过任意主机地址+端口即可访问
集群外也可以通过集群中任意地址+端口即可访问,前提是集群外网络可以访问集群主机
2、编写访问kuboard-dashboard路由规则
[root@k8s-master01 traefik-app]# vim kuboard-dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kuboard-dashboard
namespace: kuboard
spec:
entryPoints:
- web
routes:
- match: Host(`www.kuboarddashboard.com`)
kind: Rule
services:
- name: kuboard-v3
port: 30080
3、应用规则
[root@k8s-master01 traefik-app]# kubectl apply -f kuboard-dashboard.yaml
ingressroute.traefik.containo.us/traefik configured
4、验证及查看
[root@k8s-master01 traefik-app]# kubectl get ingressroute -n kuboard
NAME AGE
kuboard-dashboard 12s
# 对其中内容进行具体查看
[root@k8s-master01 traefik-app]# kubectl describe ingressroute kuboard-dashboard -n kuboard
Name: kuboard-dashboard
Namespace: kuboard
Labels: <none>
Annotations: <none>
API Version: traefik.containo.us/v1alpha1
Kind: IngressRoute
Metadata:
Creation Timestamp: 2024-02-28T06:37:19Z
Generation: 1
Managed Fields:
API Version: traefik.containo.us/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:entryPoints:
f:routes:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-02-28T06:37:19Z
Resource Version: 7220898
UID: a7e74057-4465-4894-9928-5dd0d73c94ff
Spec:
Entry Points:
web
Routes:
Kind: Rule
Match: Host(`www.kuboarddashboard.com`)
Services:
Name: kuboard-v3
Port: 30080
Events: <none>
配置本地解析测试web界面
[root@k8s-master01 traefik-app]# echo "192.168.122.11 www.kuboarddashboard.com" >> /etc/hosts
[root@k8s-master01 traefik-app]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.11 k8s-master01
192.168.122.12 k8s-master02
192.168.122.13 k8s-master03
192.168.122.14 k8s-worker01
192.168.122.15 k8s-worker02
192.168.122.16 k8s-worker03
192.168.122.17 k8s-worker04
192.168.122.18 k8s-dockerHub
192.168.122.100 k8s-master-lb
192.168.122.110 www.cs.com
192.168.122.11 cs.tkdashboard.cn
192.168.122.11 www.kuboarddashboard.com
5.2、traefik配置http路由规则
1、创建应用及服务资源清单文件并应用
[root@k8s-master01 traefik]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.24.0
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
spec:
selector:
app: nginx
ports:
- name: http
port: 80
2、创建应用,并查看
[root@k8s-master01 traefik]# kubectl apply -f nginx.yaml
deployment.apps/nginx created
service/nginx created
[root@k8s-master01 traefik]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nfs-client-provisioner-856696f4c-cmlgq 1/1 Running 1 6d23h
pod/nginx-5998fbf756-nb7j6 1/1 Running 0 15m
pod/nginx-5998fbf756-sj888 1/1 Running 0 15m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d
service/nginx ClusterIP 10.107.81.250 <none> 80/TCP 15m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nfs-client-provisioner 1/1 1 1 6d23h
deployment.apps/nginx 2/2 2 2 15m
NAME DESIRED CURRENT READY AGE
replicaset.apps/nfs-client-provisioner-856696f4c 1 1 1 6d23h
replicaset.apps/nginx-5998fbf756 2 2 2 15m
3、创建ingressrouter 实现http转发
[root@k8s-master01 traefik]# cat nginx-ingress.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-ingress
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`http.whoami.com`)
kind: Rule
services:
- name: nginx
port: 80
相关验证
[root@k8s-master01 traefik]# kubectl get ingressroute
NAME AGE
kuboard-ingress 8m47s
nginx-ingress 14m
[root@k8s-master01 traefik]# kubectl describe ingressroute nginx-ingress
Name: nginx-ingress
Namespace: default
Labels: <none>
Annotations: <none>
API Version: traefik.containo.us/v1alpha1
Kind: IngressRoute
Metadata:
Creation Timestamp: 2024-02-28T09:04:34Z
Generation: 1
Managed Fields:
API Version: traefik.containo.us/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:entryPoints:
f:routes:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-02-28T09:04:34Z
Resource Version: 7254723
UID: 31f8500f-fd38-4360-a06e-85946d5a4547
Spec:
Entry Points:
web
Routes:
Kind: Rule
Match: Host(`http.whoami.com`)
Services:
Name: nginx
Port: 80
Events: <none>
4、配置解析并测试
[root@k8s-master01 traefik]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.11 k8s-master01
192.168.122.12 k8s-master02
192.168.122.13 k8s-master03
192.168.122.14 k8s-worker01
192.168.122.15 k8s-worker02
192.168.122.16 k8s-worker03
192.168.122.17 k8s-worker04
192.168.122.18 k8s-dockerHub
192.168.122.100 k8s-master-lb
192.168.122.110 www.cs.com
192.168.122.11 cs.tkdashboard.cn
192.168.122.11 www.kuboarddashboard.com
192.168.122.11 http.whoami.com #对应的域名
在dashboard中查看
浏览器测试
5.3、traefik配置https路由规则
1、准备自签证书
[root@k8s-master01 traefik-app]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=https.whoami.com"
Generating a RSA private key
...............................................+++++
............................................+++++
writing new private key to 'tls.key'
-----
[root@k8s-master01 traefik-app]# ll
total 28
-rw-r--r-- 1 root root 291 Feb 28 14:52 kuboard-dashboard.yaml
-rw------- 1 root root 1679 Feb 28 14:20 nginx.key
-rw-r--r-- 1 root root 1399 Feb 28 14:22 nginx.pem
-rw-r--r-- 1 root root 1131 Feb 29 10:30 tls.crt # crt文件
-rw------- 1 root root 1704 Feb 29 10:30 tls.key # key文件
-rw-r--r-- 1 root root 464 Feb 28 16:35 whoami-http.yaml
-rw-r--r-- 1 root root 1724 Feb 28 16:13 whoami.yaml
2、创建secret
[root@k8s-master01 traefik-app]# kubectl create secret tls who-tls --cert=tls.crt --key=tls.key
secret/who-tls created
[root@k8s-master01 traefik-app]# kubectl get secrets
NAME TYPE DATA AGE
default-token-7g6m2 kubernetes.io/service-account-token 3 29d
my-nginx-token-qzfc5 kubernetes.io/service-account-token 3 26d
nfs-client-provisioner-token-pcbv4 kubernetes.io/service-account-token 3 7d17h
sh.helm.release.v1.my-nginx.v1 helm.sh/release.v1 1 26d
who-tls kubernetes.io/tls 2 7s
3、创建https应用路由规则
[root@k8s-master01 traefik-app]# cat nginx-https.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami-https
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`https.whoami.com`)
kind: Rule
services:
- name: nginx
port: 80
tls:
secretName: who-tls
应用
[root@k8s-master01 traefik-app]# kubectl apply -f nginx-https.yaml
ingressroute.traefik.containo.us/whoami-https created
4、在traefik的dashboard查看
5、本地添加解析,测试
[root@k8s-master01 traefik-app]# echo "192.168.122.11 https.whoami.com" >> /etc/hosts
[root@k8s-master01 traefik-app]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.11 k8s-master01
192.168.122.12 k8s-master02
192.168.122.13 k8s-master03
192.168.122.14 k8s-worker01
192.168.122.15 k8s-worker02
192.168.122.16 k8s-worker03
192.168.122.17 k8s-worker04
192.168.122.18 k8s-dockerHub
192.168.122.100 k8s-master-lb
192.168.122.110 www.cs.com
192.168.122.11 cs.tkdashboard.cn
192.168.122.11 www.kuboarddashboard.com
192.168.122.11 http.whoami.com
192.168.122.11 https.whoami.com
5.4、traefik配置TCP路由规则
SNI为服务名称标识,是TLS协议的扩展。因此,只有TLS路由才能使用该规则指定域名。但是,非TLS 路由必须使用带有*的规则
(每个域)来声明每个非 TLS 请求都将由路由进行处理。
1、实验案例
[root@k8s-master01 traefik-app]# cat nginx-tcp.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: whoami-tcp
namespace: default
spec:
entryPoints:
- tcpep
routes:
- match: HostSNI(`*`)
services:
- name: nginx
port: 80
[root@k8s-master01 traefik-app]# kubectl apply -f nginx-tcp.yaml
ingressroutetcp.traefik.containo.us/whoami-tcp created
[root@k8s-master01 traefik-app]# kubectl get ingressroutetcps
NAME AGE
whoami-tcp 85s
5.5、mysql部署及使用traefik代理实现
修改traekix配置文件,添加mysql 代理端口,也可以使用8083代理,不影响服务就行。这里添加一个msyql代理端口
1、修改相关配置文件,开发msyql对应端口,本例讲通过3312端口代理mysql
[root@k8s-master01 traefik]# cat traefik-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik
namespace: kube-system
data:
traefik.yaml: |-
serversTransport:
insecureSkipVerify: true ## 略验证代理服务的 TLS 证书
api:
insecure: true ## 允许 HTTP 方式访问 API
dashboard: true ## 启用 Dashboard
debug: true ## 启用 Debug 调试模式
metrics:
prometheus: "" ## 配置 Prometheus 监控指标数据,并使用默认配置
entryPoints:
web:
address: ":80" ## 配置 80 端口,并设置入口名称为 web
websecure:
address: ":443" ## 配置 443 端口,并设置入口名称为 websecure
metrics:
address: ":8082" ## 配置 8082端口,并设置入口名称为 metrics
tcpep:
address: ":8083" ## 配置 8083端口,并设置入口名称为 tcpep,做为tcp入口
udpep:
address: ":8084/udp" ## 配置 8084端口,并设置入口名称为 udpep,做为udp入口
mysql:
address: ":3312" ## 配置 3312端口,并设置入口名称为 mysql,做为mysql代理入口
providers:
kubernetesCRD: "" ## 启用 Kubernetes CRD 方式来配置路由规则
kubernetesingress: "" ## 启用 Kubernetes Ingress 方式来配置路由规则
kubernetesGateway: "" ## 启用 Kubernetes Gateway API
experimental:
kubernetesGateway: true ## 允许使用 Kubernetes Gateway API
log:
filePath: "" ## 设置调试日志文件存储路径,如果为空则输出到控制台
level: error ## 设置调试日志级别
format: json ## 设置调试日志格式
accessLog:
filePath: "" ## 设置访问日志文件存储路径,如果为空则输出到控制台
format: json ## 设置访问调试日志格式
bufferingSize: 0 ## 设置访问日志缓存行数
filters:
retryAttempts: true ## 设置代理访问重试失败时,保留访问日志
minDuration: 20 ## 设置保留请求时间超过指定持续时间的访问日志
fields: ## 设置访问日志中的字段是否保留(keep 保留、drop 不保留)
defaultMode: keep ## 设置默认保留访问日志字段
names:
ClientUsername: drop
headers:
defaultMode: keep ## 设置 Header 中字段是否保留,设置默认保留 Header 中字段
names: ## 针对 Header 中特别字段特别配置保留模式
User-Agent: redact
Authorization: drop
Content-Type: keep
[root@k8s-master01 traefik]# kubectl delete -f traefik-configmap.yaml
configmap "traefik" deleted
[root@k8s-master01 traefik]# kubectl apply -f traefik-configmap.yaml
configmap/traefik created
修改部署文件
[root@k8s-master01 traefik]# cat traefik-deploy.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: traefik
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.5.7
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: /config
name: config
ports:
- name: web
containerPort: 80
hostPort: 80 ## 将容器端口绑定所在服务器的 80 端口
- name: websecure
containerPort: 443
hostPort: 443 ## 将容器端口绑定所在服务器的 443 端口
- name: admin
containerPort: 8080 ## Traefik Dashboard 端口
- name: tcpep
containerPort: 8083
hostPort: 8083 ## 将容器端口绑定所在服务器的 8083 端口
- name: udpep
containerPort: 8084
hostPort: 8084 ## 将容器端口绑定所在服务器的 8084 端口
protocol: UDP
- name: mysql-------------------------> 添加mysql信息
containerPort: 3312
hostPort: 3312 ## 将容器端口绑定所在服务器的 3312 端口
protocol: TCP
volumes:
- name: config
configMap:
name: traefik
tolerations: ## 设置容忍所有污点,防止节点被设置污点
- operator: "Exists"
nodeSelector: ## 设置node筛选器,在特定label的节点上启动
IngressProxy: "true"
[root@k8s-master01 traefik]# kubectl delete -f traefik-deploy.yaml
daemonset.apps "traefik" deleted
[root@k8s-master01 traefik]# kubectl apply -f traefik-deploy.yaml
daemonset.apps/traefik created
[root@k8s-master01 traefik]#
修改Service文件
[root@k8s-master01 traefik]# cat traefix-service.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
ports:
- protocol: TCP
name: web
port: 80
- protocol: TCP
name: admin
port: 8080
- protocol: TCP
name: websecure
port: 443
- protocol: TCP
name: tcpep
port: 8083
- protocol: UDP
name: udpep
port: 8084
- protocol: TCP
name: mysql
port: 3312
selector:
app: traefik
[root@k8s-master01 traefik]# kubectl delete -f traefix-service.yaml
service "traefik" deleted
[root@k8s-master01 traefik]# kubectl apply -f traefix-service.yaml
service/traefik created
验证一下
[root@k8s-master01 traefik]# kubectl get service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 29d
metrics-server ClusterIP 10.96.197.146 <none> 443/TCP 29d
traefik ClusterIP 10.99.208.185 <none> 80/TCP,8080/TCP,443/TCP,8083/TCP,8084/UDP,3312/TCP 86s
dashboard验证
2、部署mysql应用
编写mysql配置文件、应用yaml文件、Service等
[root@k8s-master01 traefik]# cat app-mysql.yaml
---
# 编写mysql的配置信息
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql
namespace: default
data:
my.cnf: |
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
skip-character-set-client-handshake = 1
default-storage-engine = INNODB
max_allowed_packet = 500M
explicit_defaults_for_timestamp = 1
long_query_time = 10
---
# 编写mysql应用
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
namespace: default
spec:
selector:
matchLabels:
app: mysql
serviceName: "mysql"
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_ROOT_PASSWORD
value: "abc123"
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-data
mountPath: "/var/lib/mysql"
- name: cm
subPath: my.cnf
mountPath: /etc/mysql/conf.d/my.cnf
volumes:
- name: cm
configMap:
name: mysql
- name: mysql-data
persistentVolumeClaim:
claimName: mysql-data
volumeClaimTemplates:
- metadata:
name: mysql-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "nfs-client"
resources:
requests:
storage: 10Gi
---
# 编写msyql的Service
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: default
spec:
ports:
- port: 3306
protocol: TCP
targetPort: 3306
selector:
app: mysql
应用、查看
[root@k8s-master01 traefik]# kubectl apply -f app-mysql.yaml
configmap/mysql created
statefulset.apps/db created
service/mysql created
[root@k8s-master01 traefik]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d
mysql ClusterIP 10.107.195.210 <none> 3306/TCP 43s
nginx ClusterIP 10.107.81.250 <none> 80/TCP 21h
[root@k8s-master01 traefik]# kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-0 1/1 Running 0 47s
nfs-client-provisioner-856696f4c-cmlgq 1/1 Running 1 7d20h
nginx-5998fbf756-nb7j6 1/1 Running 0 21h
nginx-5998fbf756-sj888 1/1 Running 0 21h
[root@k8s-master01 traefik]# kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
mysql-data-mysql-0 Bound pvc-0ac0c76b-899b-458f-b67b-0610c748882e 10Gi RWO nfs-client 8m53s
[root@k8s-master01 traefik]# kubectl get configmaps
NAME DATA AGE
kube-root-ca.crt 1 29d
mysql 1 7m48s
[root@k8s-master01 traefik]# kubectl get endpoints
NAME ENDPOINTS AGE
k8s-sigs.io-nfs-subdir-external-provisioner <none> 7d20h
kubernetes 192.168.122.11:6443,192.168.122.12:6443,192.168.122.13:6443 29d
mysql 10.244.39.199:3306 6m1s
nfs.provisioner <none> 7d21h
nginx 10.244.203.248:80,10.244.79.119:80 21h
3、为mysql创建ingressroute
[root@k8s-master01 traefik]# cat mysql-ingressroute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: mysql
namespace: default
spec:
entryPoints:
- mysql
routes:
- match: HostSNI(`*`)
services:
- name: mysql
port: 3306
[root@k8s-master01 traefik]# kubectl apply -f mysql-ingressroute.yaml
ingressroutetcp.traefik.containo.us/mysql created
[root@k8s-master01 traefik]# kubectl get ingressroutetcps.traefik.containo.us
NAME AGE
mysql 13s
whoami-tcp 3h5m
4、验证
在集群外主机使用管理工具测试验证,注意配置解析
5.6、redis部署及traefix代理
修改traekix配置文件,添加redis 代理端口,添加代理端口6379
1、修改相关配置文件,开放redis对应端口,本例将6379端口代理redis
[root@k8s-master01 traefik]# cat traefik-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik
namespace: kube-system
data:
traefik.yaml: |-
serversTransport:
insecureSkipVerify: true ## 略验证代理服务的 TLS 证书
api:
insecure: true ## 允许 HTTP 方式访问 API
dashboard: true ## 启用 Dashboard
debug: true ## 启用 Debug 调试模式
metrics:
prometheus: "" ## 配置 Prometheus 监控指标数据,并使用默认配置
entryPoints:
web:
address: ":80" ## 配置 80 端口,并设置入口名称为 web
websecure:
address: ":443" ## 配置 443 端口,并设置入口名称为 websecure
metrics:
address: ":8082" ## 配置 8082端口,并设置入口名称为 metrics
tcpep:
address: ":8083" ## 配置 8083端口,并设置入口名称为 tcpep,做为tcp入口
udpep:
address: ":8084/udp" ## 配置 8084端口,并设置入口名称为 udpep,做为udp入口
mysql:
address: ":3312" ## 配置 3312端口,并设置入口名称为 mysql,做为mysql代理入口
redis:
address: ":6379" ## 配置 6379端口,并设置入口名称为 redis,做为redis代理入口
providers:
kubernetesCRD: "" ## 启用 Kubernetes CRD 方式来配置路由规则
kubernetesingress: "" ## 启用 Kubernetes Ingress 方式来配置路由规则
kubernetesGateway: "" ## 启用 Kubernetes Gateway API
experimental:
kubernetesGateway: true ## 允许使用 Kubernetes Gateway API
log:
filePath: "" ## 设置调试日志文件存储路径,如果为空则输出到控制台
level: error ## 设置调试日志级别
format: json ## 设置调试日志格式
accessLog:
filePath: "" ## 设置访问日志文件存储路径,如果为空则输出到控制台
format: json ## 设置访问调试日志格式
bufferingSize: 0 ## 设置访问日志缓存行数
filters:
retryAttempts: true ## 设置代理访问重试失败时,保留访问日志
minDuration: 20 ## 设置保留请求时间超过指定持续时间的访问日志
fields: ## 设置访问日志中的字段是否保留(keep 保留、drop 不保留)
defaultMode: keep ## 设置默认保留访问日志字段
names:
ClientUsername: drop
headers:
defaultMode: keep ## 设置 Header 中字段是否保留,设置默认保留 Header 中字段
names: ## 针对 Header 中特别字段特别配置保留模式
User-Agent: redact
Authorization: drop
Content-Type: keep
[root@k8s-master01 traefik]# kubectl delete -f traefik-configmap.yaml
configmap "traefik" deleted
[root@k8s-master01 traefik]# kubectl apply -f traefik-configmap.yaml
configmap/traefik created
修改部署文件
[root@k8s-master01 traefik]# cat traefik-deploy.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: traefik
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.5.7
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: /config
name: config
ports:
- name: web
containerPort: 80
hostPort: 80 ## 将容器端口绑定所在服务器的 80 端口
- name: websecure
containerPort: 443
hostPort: 443 ## 将容器端口绑定所在服务器的 443 端口
- name: admin
containerPort: 8080 ## Traefik Dashboard 端口
- name: tcpep
containerPort: 8083
hostPort: 8083 ## 将容器端口绑定所在服务器的 8083 端口
- name: udpep
containerPort: 8084
hostPort: 8084 ## 将容器端口绑定所在服务器的 8084 端口
protocol: UDP
- name: mysql-------------------------> 添加mysql信息
containerPort: 3312
hostPort: 3312 ## 将容器端口绑定所在服务器的 3312 端口
protocol: TCP
- name: redis-------------------------> 添加redis信息
containerPort: 6379
hostPort: 6379 ## 将容器端口绑定所在服务器的 3312 端口
protocol: TCP
volumes:
- name: config
configMap:
name: traefik
tolerations: ## 设置容忍所有污点,防止节点被设置污点
- operator: "Exists"
nodeSelector: ## 设置node筛选器,在特定label的节点上启动
IngressProxy: "true"
[root@k8s-master01 traefik]# kubectl delete -f traefik-deploy.yaml
daemonset.apps "traefik" deleted
[root@k8s-master01 traefik]# kubectl apply -f traefik-deploy.yaml
daemonset.apps/traefik created
[root@k8s-master01 traefik]#
修改Service文件
[root@k8s-master01 traefik]# cat traefix-service.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
ports:
- protocol: TCP
name: web
port: 80
- protocol: TCP
name: admin
port: 8080
- protocol: TCP
name: websecure
port: 443
- protocol: TCP
name: tcpep
port: 8083
- protocol: UDP
name: udpep
port: 8084
- protocol: TCP
name: mysql
port: 3312
- protocol: TCP
name: redis
port: 6379
selector:
app: traefik
[root@k8s-master01 traefik]# kubectl delete -f traefix-service.yaml
service "traefik" deleted
[root@k8s-master01 traefik]# kubectl apply -f traefix-service.yaml
service/traefik created
验证一下
[root@k8s-master01 traefik]# kubectl get service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 29d
metrics-server ClusterIP 10.96.197.146 <none> 443/TCP 29d
traefik ClusterIP 10.96.97.174 <none> 80/TCP,8080/TCP,443/TCP,8083/TCP,8084/UDP,3312/TCP,6379/TCP 15s
dashboard验证
2、创建redis应用、Service等
[root@k8s-master01 traefik]# cat app-redis.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: default
spec:
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:6.2.6
ports:
- containerPort: 6379
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
app: redis
[root@k8s-master01 traefik]# kubectl apply -f app-redis.yaml
deployment.apps/redis created
service/redis created
查看验证
[root@k8s-master01 traefik]# kubectl get pod,service
NAME READY STATUS RESTARTS AGE
pod/mysql-0 1/1 Running 0 41m
pod/nfs-client-provisioner-856696f4c-cmlgq 1/1 Running 1 7d21h
pod/nginx-5998fbf756-nb7j6 1/1 Running 0 21h
pod/nginx-5998fbf756-sj888 1/1 Running 0 21h
pod/redis-6db6859ddc-wxcnm 1/1 Running 0 94s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d
service/mysql ClusterIP 10.107.195.210 <none> 3306/TCP 41m
service/nginx ClusterIP 10.107.81.250 <none> 80/TCP 21h
service/redis ClusterIP 10.108.136.162 <none> 6379/TCP 94s
3、使用traefik代理
[root@k8s-master01 traefik]# cat redis-ingressroute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: redis
namespace: default
spec:
entryPoints:
- redis
routes:
- match: HostSNI(`*`)
services:
- name: redis
port: 6379
[root@k8s-master01 traefik]# kubectl apply -f redis-ingressroute.yaml
ingressroutetcp.traefik.containo.us/redis created
[root@k8s-master01 traefik]# kubectl get ingressroutetcps.traefik.containo.us
NAME AGE
mysql 33m
redis 9s
whoami-tcp 3h38m
[root@k8s-master01 traefik]#
4、验证查看,使用管理工具连接时,注意网络连通和配置解析
使用dashboard查看
使用redis管理软件连接
5.7、traefik配置UDP路由规则
目前没找到UPD应用做实验,以下是UDP代理yaml文件格式,有了照着改就行了😅
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP # 注意改这个地方
metadata:
name: <name>
namespace: default
spec:
entryPoints:
- udpep # 入口要和你的配置文件中UDP代理名称一致
routes:
- match: HostSNI(`*`)
services:
- name: <name>
port: <port>
如果有了,在dashboard会看到的
6、traefix中间件
什么是Traefik Middlewares中间件 中间件是 Traefik2.0 中一个非常有特色的功能,可以根据自己的各种需求去选择不同的中间件来满足服务,Traefik 官方已经内置了许多不同功能的中间件,其中一些可以修改请求,头信息,一些负责重定向,一些添加身份验证等等,而且中间件还可以通过链式组合的方式来适用各种情况。 Traefik Middlewares支持的功能如下 重试、压缩、缓冲、断路器 header 管理、错误页、中间件链 服务限流、同一主机并发请求限制 基本认证、IP 白名单、摘要认证、转发鉴权验证 regex 请求重定向、scheme 请求重定向、请求 URL 替换、regex 请求 URL 替换、删除 URL 前缀、regex 删除 URL 前缀、添加 URL 前缀
1、traekix中间件应用案例:ipWhiteList
在工作 中,有一些URL并不希望对外暴露,比如prometheus、grafana等,我们就可以通过白名单|P来过到要求,可以使用Traefix中的ipWhiteList中间件来完成。
运行一个应用,例如:nginx
[root@k8s-master01 ~]# mkdir ipwhitelist
[root@k8s-master01 ~]# cd ipwhitelist/
[root@k8s-master01 ipwhitelist]# cat nginx-web-c.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-web-c
namespace: default
spec:
selector:
matchLabels:
app: nginx-web-c
template:
metadata:
labels:
app: nginx-web-c
spec:
containers:
- name: nginx-web-c
image: nginx:1.24.0
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: nginx-web-c
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-web-c
[root@k8s-master01 ipwhitelist]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/mysql-0 1/1 Running 0 86m
pod/nfs-client-provisioner-856696f4c-cmlgq 1/1 Running 1 7d22h
pod/nginx-5998fbf756-nb7j6 1/1 Running 0 22h
pod/nginx-5998fbf756-sj888 1/1 Running 0 22h
pod/nginx-web-c-6b876c776b-z2b6n 1/1 Running 0 18s
pod/redis-6db6859ddc-wxcnm 1/1 Running 0 45m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d
service/mysql ClusterIP 10.107.195.210 <none> 3306/TCP 86m
service/nginx ClusterIP 10.107.81.250 <none> 80/TCP 22h
service/nginx-web-c ClusterIP 10.96.159.239 <none> 80/TCP 18s
service/redis ClusterIP 10.108.136.162 <none> 6379/TCP 45m
2、创建中间件
[root@k8s-master01 ipwhitelist]# cat nginx-ipw.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nginx-web-c
namespace: default
spec:
ipWhiteList: # 白名单
sourceRange:
- 127.0.0.1
- 10.244.0.0/16
- 10.96.0.0/12
- 192.168.0.61
[root@k8s-master01 ipwhitelist]# kubectl apply -f nginx-ipw.yaml
middleware.traefik.containo.us/nginx-web-c created
[root@k8s-master01 ipwhitelist]# kubectl get middleware
NAME AGE
nginx-web-c 21s
3、使用traefik代理
[root@k8s-master01 ipwhitelist]# cat nginx-ingree.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-web-c
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nc.whoami.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: nginx-web-c
port: 80
namespace: default
middlewares:
- name: nginx-web-c
[root@k8s-master01 ipwhitelist]# kubectl apply -f nginx-ingree.yaml
ingressroute.traefik.containo.us/nginx-web-c created
[root@k8s-master01 ipwhitelist]# kubectl get ingressroute
NAME AGE
kuboard-ingress 22h
nginx-ingress 22h
nginx-web-c 7s
whoami-https 5h
4、验证
使用k8s-master01节点主机测试,注意配置解析
使用k8s-master02节点主机测试,注意配置解析
7、traefix高级应用
在实际的生产环境,除了上线业务之外,还有更复杂的使用要求。
在开始traefik的高级用法之前,还需要了解一个TraefikService,通过把TraefikService注册到CRD来实现更复杂的请求设置。
TraefikService 目前能用于以下功能
servers load balancing.(负载均衡)
services weighted Round Robin load balancing.(权重轮询)
services mirroring.(镜像)
7.1、traefix高级应用之负载均衡
1、创建Deployment类型应用nginx
[root@k8s-master01 ~]# mkdir 2024-2-29
[root@k8s-master01 ~]# cd 2024-2-29/
[root@k8s-master01 2024-2-29]# mkdir trafik_senior--Gao_Ji_Ying_Yong
[root@k8s-master01 2024-2-29]# cd trafik_senior--Gao_Ji_Ying_Yong/
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-web.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-web1
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-web1
template:
metadata:
labels:
app: nginx-web1
spec:
containers:
- name: nginx-web1
image: nginx:1.24.0
lifecycle:
postStart:
exec:
command: ["/bin/bash", "-c", "echo web01 > /usr/share/nginx/html/index.html"]
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-web2
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx-web2
template:
metadata:
labels:
app: nginx-web2
spec:
containers:
- name: nginx-web2
image: nginx:1.24.0
lifecycle:
postStart:
exec:
command: ["/bin/bash", "-c", "echo web02 > /usr/share/nginx/html/index.html"]
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: nginx-web1
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-web1
---
apiVersion: v1
kind: Service
metadata:
name: nginx-web2
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-web2
应用查看
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-web.yaml
deployment.apps/nginx-web1 created
deployment.apps/nginx-web2 created
service/nginx-web1 created
service/nginx-web2 created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl get pod,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nfs-client-provisioner-856696f4c-cmlgq 1/1 Running 1 7d22h 10.244.39.234 k8s-worker03 <none> <none>
pod/nginx-web1-588b7f6669-9w2z2 1/1 Running 0 9s 10.244.39.201 k8s-worker03 <none> <none>
pod/nginx-web2-79cb84ffd-b4nq2 1/1 Running 0 9s 10.244.203.252 k8s-worker04 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d <none>
service/nginx-web1 ClusterIP 10.98.247.9 <none> 80/TCP 9s app=nginx-web1
service/nginx-web2 ClusterIP 10.105.78.48 <none> 80/TCP 9s app=nginx-web2
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl get endpoints
NAME ENDPOINTS AGE
k8s-sigs.io-nfs-subdir-external-provisioner <none> 7d22h
kubernetes 192.168.122.11:6443,192.168.122.12:6443,192.168.122.13:6443 29d
nfs.provisioner <none> 7d23h
nginx-web1 10.244.39.201:80 3m48s
nginx-web2 10.244.203.252:80 3m48s
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://10.244.39.201
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://10.244.203.252
web02
2、创建ingressroute
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-ingressroute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-web
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nc.whoami.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: nginx-web1
port: 80
namespace: default
- name: nginx-web2
port: 80
namespace: default
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-ingressroute.yaml
ingressroute.traefik.containo.us/nginx-web created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl get ingressroute
NAME AGE
nginx-web 30s
3、验证
使用dashboard查看
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web02
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web02
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web02
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
7.2、traefix高级应用之灰色发布
基于上述负载均衡案例基础之上实施。
灰度发布也称为金丝雀发布,让一部分即将上线的服务发布到线上,观察是否达到上线要求,主要通过权重轮询的方式实现。
1、创建TraefikService
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-traefikservice.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: nginx-web
namespace: default
spec:
weighted:
services:
- name: nginx-web1
port: 80
weight: 3 # 定义权重
kind: Service # 默认
- name: nginx-web2
port: 80
weight: 1
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-traefikservice.yaml
traefikservice.traefik.containo.us/nginx-web created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl get traefikservices
NAME AGE
nginx-web 54s
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl describe traefikservices.traefik.containo.us nginx-web
Name: nginx-web
Namespace: default
Labels: <none>
Annotations: <none>
API Version: traefik.containo.us/v1alpha1
Kind: TraefikService
Metadata:
Creation Timestamp: 2024-02-29T08:46:22Z
Generation: 1
Managed Fields:
API Version: traefik.containo.us/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:weighted:
.:
f:services:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-02-29T08:46:22Z
Resource Version: 7571214
UID: 96c2061e-b49c-438e-a46e-38e75d952b6a
Spec:
Weighted:
Services:
Kind: Service
Name: nginx-web1
Port: 80
Weight: 3
Name: nginx-web2
Port: 80
Weight: 1
Events: <none>
2、创建ingressroute
需要注意的是现在我们配置的 Service 不再是直接的 Kubernetes 对象了,而是上面我们定义的 TraefikService 对象
## 修改ingressroute
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-ingressroute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-web
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nc.whoami.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: nginx-web # 注意这里关联TraefikService的名称
port: 80
namespace: default
kind: TraefikService # kind类型为TraefikService
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl delete -f 01-nginx-ingressroute.yaml
ingressroute.traefik.containo.us "nginx-web" deleted
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-ingressroute.yaml
ingressroute.traefik.containo.us/nginx-web created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl describe ingressroute nginx-web
Name: nginx-web
Namespace: default
Labels: <none>
Annotations: <none>
API Version: traefik.containo.us/v1alpha1
Kind: IngressRoute
Metadata:
Creation Timestamp: 2024-02-29T08:51:42Z
Generation: 1
Managed Fields:
API Version: traefik.containo.us/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:entryPoints:
f:routes:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-02-29T08:51:42Z
Resource Version: 7572381
UID: db45a0cb-58a1-4971-bd82-cbfe5810f77e
Spec:
Entry Points:
web
Routes:
Kind: Rule
Match: Host(`nc.whoami.com`) && PathPrefix(`/`)
Services:
Kind: TraefikService
Name: nginx-web
Namespace: default
Port: 80
Events: <none>
3、测试,访问12次,观察访问web01和web02出现的次数,web02访问了9次,web01访问了3次。
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web02
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web02
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web02
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# curl http://nc.whoami.com
web01
7.3、traefix高级应用之流量复制
在负责均衡案例基础之上实施
所谓的流量复制,也称为镜像服务是指将请求的流量按规则复制一份发送给其它服务,并且会忽略这部分请求的响应,这个功能在做一些压测或者问题复现的时候很有用。
1、指定流量来自己于Kubernetes Service对象
1.1、创建traefikservice
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-mirror-from-service.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: mirror-from-service
namespace: default
spec:
mirroring:
name: nginx-web1 # 发送100% 的请求到Server "nginx-web1"
port: 80
mirrors:
- name: nginx-web2
port: 80
percent: 20 # 然后复制20%的请求到 "nginx-web2"
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-mirror-from-service.yaml
traefikservice.traefik.containo.us/mirror-from-service created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl get traefikservices.traefik.containo.us
NAME AGE
mirror-from-service 19s
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl describe traefikservices.traefik.containo.us mirror-from-service
Name: mirror-from-service
Namespace: default
Labels: <none>
Annotations: <none>
API Version: traefik.containo.us/v1alpha1
Kind: TraefikService
Metadata:
Creation Timestamp: 2024-03-01T02:09:13Z
Generation: 1
Managed Fields:
API Version: traefik.containo.us/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:mirroring:
.:
f:mirrors:
f:name:
f:port:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-03-01T02:09:13Z
Resource Version: 7802780
UID: 584e1f31-ca3d-49e1-b6fa-d153ea3cdc90
Spec:
Mirroring:
Mirrors:
Name: nginx-web2
Percent: 20
Port: 80
Name: nginx-web1
Port: 80
Events: <none>
1.2、创建ingressroute对象
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-ingressroute-mirror-from-service.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-web
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nc.whoami.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: mirror-from-service
namespace: default
kind: TraefikService
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-ingressroute-mirror-from-service.yaml
ingressroute.traefik.containo.us/nginx-web created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl get ingressroute
NAME AGE
nginx-web 25s
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]#
1.3、验证
dashboard查看
通过pod日志来验证
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl logs nginx-web1-588b7f6669-9w2z2
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/02/29 08:20:44 [notice] 1#1: using the "epoll" event method
2024/02/29 08:20:44 [notice] 1#1: nginx/1.24.0
2024/02/29 08:20:44 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2024/02/29 08:20:44 [notice] 1#1: OS: Linux 6.7.2-1.el8.elrepo.x86_64
2024/02/29 08:20:44 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 52706963:52706963
2024/02/29 08:20:44 [notice] 1#1: start worker processes
2024/02/29 08:20:44 [notice] 1#1: start worker process 30
2024/02/29 08:20:44 [notice] 1#1: start worker process 31
2024/02/29 08:20:44 [notice] 1#1: start worker process 32
2024/02/29 08:20:44 [notice] 1#1: start worker process 33
2024/02/29 08:20:44 [notice] 1#1: start worker process 34
2024/02/29 08:20:44 [notice] 1#1: start worker process 35
192.168.122.11 - - [29/Feb/2024:08:25:44 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "-"
10.244.32.157 - - [29/Feb/2024:08:32:18 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:28 +0000] "GET / HTTP/1.1" 200 6 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:52 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:53 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:53 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:07 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:07 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:11 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:26 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:26 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:28 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:28 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:29 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:29 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:31 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:31 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:32 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:32 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:33 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:33 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:33 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:38 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:40 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:53 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:55 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:56 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:57 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:58 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:58 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:53:00 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:53:00 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:53:01 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:12 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:12 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:13 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:13 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:13 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:13 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:15 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl logs nginx-web2-79cb84ffd-b4nq2
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/02/29 08:20:44 [notice] 1#1: using the "epoll" event method
2024/02/29 08:20:44 [notice] 1#1: nginx/1.24.0
2024/02/29 08:20:44 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2024/02/29 08:20:44 [notice] 1#1: OS: Linux 6.7.2-1.el8.elrepo.x86_64
2024/02/29 08:20:44 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 52706963:52706963
2024/02/29 08:20:44 [notice] 1#1: start worker processes
2024/02/29 08:20:44 [notice] 1#1: start worker process 30
2024/02/29 08:20:44 [notice] 1#1: start worker process 31
2024/02/29 08:20:44 [notice] 1#1: start worker process 32
2024/02/29 08:20:44 [notice] 1#1: start worker process 33
2024/02/29 08:20:44 [notice] 1#1: start worker process 34
2024/02/29 08:20:44 [notice] 1#1: start worker process 35
192.168.122.11 - - [29/Feb/2024:08:25:52 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "-"
10.244.32.157 - - [29/Feb/2024:08:32:22 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:29 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:53 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:32:53 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:07 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:07 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:08 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:10 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:13 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:26 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:26 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:27 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:28 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:28 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:28 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:29 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:30 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:31 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:31 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:32 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:32 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:32 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:33 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:33 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:37 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:33:39 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:55 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:52:59 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
10.244.32.157 - - [29/Feb/2024:08:53:01 +0000] "GET / HTTP/1.1" 200 6 "-" "curl/7.61.1" "192.168.122.11"
## 下面访问了3次,第一个pod访问了13次,13的百分之20是2.6,进1取整则是3
10.244.32.157 - - [01/Mar/2024:02:17:09 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:13 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
10.244.32.157 - - [01/Mar/2024:02:17:14 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0" "192.168.122.11"
2、通过traefikservice导入流量
注意:在上一步的基础上,配置,先有01-nginx-mirror-from-service.yaml,在创建01-nginx-mirror-from-traefix-service.yaml
1、编写相关yaml文件
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-mirror-from-traefix-service.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: mirror-from-traefikservice
namespace: default
spec:
mirroring:
name: mirror-from-service # 流量入口从TraefikService 来
kind: TraefikService
mirrors:
- name: nginx-web2
port: 80
percent: 20 # 然后复制20%的请求到 "nginx-web2"
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-mirror-from-traefix-service.yaml
traefikservice.traefik.containo.us/mirror-from-traefikservice created
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# cat 01-nginx-ingressroute-mirror-from-service.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx-web
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nc.whoami.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: mirror-from-traefikservice # 注意这里的service名称发生改变
namespace: default
kind: TraefikService
[root@k8s-master01 trafik_senior--Gao_Ji_Ying_Yong]# kubectl apply -f 01-nginx-ingressroute-mirror-from-service.yaml
ingressroute.traefik.containo.us/nginx-web created
2.1、验证
dashboard验证
3、小结
通过上述的演示我们会发现所有的流量100%发送了svc1,有20%的流量被复制到svc2,且用户收到响应均来自svc1,svc2并没有响应,可通过查看svc1及svc2应用日志获取访问日志。
评论区