Traefik-v2.x快速入门

2023-12-13 23:38
文章标签 入门 快速 v2 traefik

本文主要是介绍Traefik-v2.x快速入门,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

一、概述

traefik 与 nginx 一样,是一款优秀的反向代理工具,或者叫 Edge Router。至于使用它的原因则基于以下几点

  • 无须重启即可更新配置
  • 自动的服务发现与负载均衡
  • 与 docker 的完美集成,基于 container label 的配置
  • 漂亮的 dashboard 界面
  • metrics 的支持,对 prometheus 和 k8s 的集成

接下来讲一下它的安装,基本功能以及配置。traefik 在 v1 与 v2 版本间差异过大,本篇文章采用了 v2

traefik官方文档:https://docs.traefik.io/

注意:Traefikv2.0之后的版本在修改了很多bug之后也增加了新的特性,比如增加了TCP的支持,并且更换了新的WEB UI界面

 

二、快速开始

环境介绍

操作系统:centos7.6

数量:1台

docker版本:19.03.6

docker版本:1.24.1

ip地址:192.168.28.218

 

docker-compose启动

新建yaml文件

vi traefik-v2.1.yaml

内容如下:

version: '3'
services:reverse-proxy:image: traefik:2.1.6# Enables the web UI and tells Traefik to listen to docker# 启用webUI 并告诉Traefile去监听docker的容器实例command: --api.insecure=true --providers.dockerports:# traefik暴露的http端口- "80:80"# webUI暴露的端口(必须制定--api.insecure=true才可以访问)- "8080:8080"volumes:# 指定docker的sock文件来让traefik获取docker的事件,从而实现动态负载均衡- /var/run/docker.sock:/var/run/docker.sock

 

使用docker-compose创建集群

# docker-compose -f traefik-v2.1.yaml up -d reverse-proxy
Creating network "opt_default" with the default driver
Creating opt_reverse-proxy_1 ... done

 

查看使用docker-compose启动的应用

# docker-compose -f traefik-v2.1.yaml psName                      Command               State                     Ports                   
---------------------------------------------------------------------------------------------------------
opt_reverse-proxy_1   /entrypoint.sh --api.insec ...   Up      0.0.0.0:80->80/tcp, 0.0.0.0:8080->8080/tcp

 

直接访问traefik对外暴露的http接口

curl -s  "http://localhost:8080/api/rawdata" | python -m json.tool

输出如下:

{"middlewares": {"dashboard_redirect@internal": {"redirectRegex": {"permanent": true,"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$","replacement": "${1}/dashboard/"},"status": "enabled","usedBy": ["dashboard@internal"]},"dashboard_stripprefix@internal": {"status": "enabled","stripPrefix": {"prefixes": ["/dashboard/","/dashboard"]},"usedBy": ["dashboard@internal"]}},"routers": {"api@internal": {"entryPoints": ["traefik"],"priority": 2147483646,"rule": "PathPrefix(`/api`)","service": "api@internal","status": "enabled","using": ["traefik"]},"dashboard@internal": {"entryPoints": ["traefik"],"middlewares": ["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority": 2147483645,"rule": "PathPrefix(`/`)","service": "dashboard@internal","status": "enabled","using": ["traefik"]},"reverse-proxy-opt@docker": {"rule": "Host(`reverse-proxy-opt`)","service": "reverse-proxy-opt","status": "enabled","using": ["http","traefik"]}},"services": {"api@internal": {"status": "enabled","usedBy": ["api@internal"]},"dashboard@internal": {"status": "enabled","usedBy": ["dashboard@internal"]},"reverse-proxy-opt@docker": {"loadBalancer": {"passHostHeader": true,"servers": [{"url": "http://172.18.0.2:80"}]},"serverStatus": {"http://172.18.0.2:80": "UP"},"status": "enabled","usedBy": ["reverse-proxy-opt@docker"]}}
}
View Code

 

查看Traefik官方Dashboard

http://192.168.28.218:8080/

效果如下:

 

 

三、创建一个路由

Traefik来检测新服务并为你创建一个路由

创建一个新服务

vi test-service.yaml

内容如下:

version: '3'
services:whoami:image: containous/whoamilabels:- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"

 

创建服务

# docker-compose -f test-service.yaml up -d whoami
WARNING: Found orphan containers (opt_reverse-proxy_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating opt_whoami_1 ... done

 

查看新创建的服务

# docker-compose  -f test-service.yaml psName       Command   State   Ports 
---------------------------------------
opt_whoami_1   /whoami   Up      80/tcp

 

 

再次查看traefik中的路由信息(就会发现服务自动加载进去了)
其实有点儿类似kong 的路由,只是traefik会自动监听docker的事件

curl -s  "http://localhost:8080/api/rawdata" | python -m json.tool

输出如下:

{"middlewares": {"dashboard_redirect@internal": {"redirectRegex": {"permanent": true,"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$","replacement": "${1}/dashboard/"},"status": "enabled","usedBy": ["dashboard@internal"]},"dashboard_stripprefix@internal": {"status": "enabled","stripPrefix": {"prefixes": ["/dashboard/","/dashboard"]},"usedBy": ["dashboard@internal"]}},"routers": {"api@internal": {"entryPoints": ["traefik"],"priority": 2147483646,"rule": "PathPrefix(`/api`)","service": "api@internal","status": "enabled","using": ["traefik"]},"dashboard@internal": {"entryPoints": ["traefik"],"middlewares": ["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority": 2147483645,"rule": "PathPrefix(`/`)","service": "dashboard@internal","status": "enabled","using": ["traefik"]},"reverse-proxy-opt@docker": {"rule": "Host(`reverse-proxy-opt`)","service": "reverse-proxy-opt","status": "enabled","using": ["http","traefik"]},"whoami@docker": {"rule": "Host(`whoami.docker.localhost`)","service": "whoami-opt","status": "enabled","using": ["http","traefik"]}},"services": {"api@internal": {"status": "enabled","usedBy": ["api@internal"]},"dashboard@internal": {"status": "enabled","usedBy": ["dashboard@internal"]},"reverse-proxy-opt@docker": {"loadBalancer": {"passHostHeader": true,"servers": [{"url": "http://172.19.0.2:80"}]},"serverStatus": {"http://172.19.0.2:80": "UP"},"status": "enabled","usedBy": ["reverse-proxy-opt@docker"]},"whoami-opt@docker": {"loadBalancer": {"passHostHeader": true,"servers": [{"url": "http://172.19.0.3:80"}]},"serverStatus": {"http://172.19.0.3:80": "UP"},"status": "enabled","usedBy": ["whoami@docker"]}}
}
View Code

 

查看http反向代理记录

查看Traefik中的http反向代理记录,点击HTTP

 

测试traefik相关功能

 测试访问

# curl -H Host:whoami.docker.localhost http://localhost
Hostname: c334de4bc3c8
IP: 127.0.0.1
IP: 172.19.0.3
RemoteAddr: 172.19.0.2:57632
GET / HTTP/1.1
Host: whoami.docker.localhost
User-Agent: curl/7.29.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.19.0.1
X-Forwarded-Host: whoami.docker.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 1ee8d25b3aac
X-Real-Ip: 172.19.0.1

 

单机扩容

# docker-compose -f test-service.yaml up -d --scale whoami=2
WARNING: Found orphan containers (opt_reverse-proxy_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting opt_whoami_1 ... done
Creating opt_whoami_2 ... done

 

再次访问(就会发现自动负载到两个不同的实例上去了)

# curl -H Host:whoami.docker.localhost http://localhost
Hostname: c334de4bc3c8
IP: 127.0.0.1
IP: 172.19.0.3
RemoteAddr: 172.19.0.2:57632
GET / HTTP/1.1
Host: whoami.docker.localhost
User-Agent: curl/7.29.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.19.0.1
X-Forwarded-Host: whoami.docker.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 1ee8d25b3aac
X-Real-Ip: 172.19.0.1

 

查看Traefike后端每个service的详情信息:

 

 

 就会看到2个service

 

 

四、Traefik配置介绍

traefik配置结构图

 

在traefik中的配置,会涉及到两方面内容:

  • 动态的路由配置(即由k8s-api或docker相关api来自动发现服务的endpoint而进行路由的配置描述)
  • 静态的启动配置(即traefik标准的启动配置参数)

注意:使用docker run traefik[:version] --help可查看traefik的配置参数

 

五、k8s部署Traefik

环境介绍

操作系统ip主机名配置备注
centos 7.6192.168.31.150 k8s-master2核4GKubernetes1.16.3
centos 7.6192.168.31.178 k8s-node012核8GKubernetes1.16.3

 

 

 

 

yaml文件介绍

mkdir /opt/traefik

目录结构如下:

./
├── traefik-config.yaml
├── traefik-ds-v2.1.6.yaml
├── traefik-rbac.yaml
└── ui.yaml

 

traefik-config.yaml

apiVersion: v1
kind: ConfigMap
metadata:name: traefik-confignamespace: kube-system
data:traefik.toml: |defaultEntryPoints = ["http","https"]debug = falselogLevel = "INFO"# Do not verify backend certificates (use https backends)InsecureSkipVerify = true[entryPoints][entryPoints.http]address = ":80"compress = true[entryPoints.https]address = ":443"[entryPoints.https.tls]#Config to redirect http to https#[entryPoints]#  [entryPoints.http]#  address = ":80"#  compress = true#    [entryPoints.http.redirect]#    entryPoint = "https"#  [entryPoints.https]#  address = ":443"#    [entryPoints.https.tls][web]address = ":8080"[kubernetes][metrics][metrics.prometheus]buckets=[0.1,0.3,1.2,5.0]entryPoint = "traefik"[ping]entryPoint = "http"
View Code

 

traefik-ds-v2.1.6.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:name: traefik-ingress-controllernamespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
#apiVersion: extensions/v1beta1
metadata:name: traefik-ingress-controller-v2namespace: kube-systemlabels:k8s-app: traefik-ingress-lb
spec:selector:matchLabels:name: traefik-ingress-lb-v2template:metadata:labels:k8s-app: traefik-ingress-lbname: traefik-ingress-lb-v2spec:serviceAccountName: traefik-ingress-controllerterminationGracePeriodSeconds: 60containers:- image: traefik:2.1.6name: traefik-ingress-lb-v2ports:- name: httpcontainerPort: 80hostPort: 80- name: admincontainerPort: 8080hostPort: 8080securityContext:capabilities:drop:- ALLadd:- NET_BIND_SERVICEargs:- --api- --api.insecure=true- --providers.kubernetesingress=true- --log.level=INFO#- --configfile=/config/traefik.toml#volumeMounts:#- mountPath: /config#  name: configvolumes:- configMap:name: traefik-configname: config
---
kind: Service
apiVersion: v1
metadata:name: traefik-ingress-service-v2namespace: kube-systemlabels:k8s-app: traefik-ingress-lb-v2
spec:selector:k8s-app: traefik-ingress-lb-v2ports:- protocol: TCPport: 80name: web- protocol: TCPport: 8080name: admin
View Code

 

traefik-rbac.yaml

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: traefik-ingress-controller
rules:- apiGroups:- ""resources:- services- endpoints- secretsverbs:- get- list- watch- apiGroups:- extensionsresources:- ingressesverbs:- get- list- watch- apiGroups:- extensionsresources:- ingresses/statusverbs:- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: traefik-ingress-controller
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: traefik-ingress-controller
subjects:
- kind: ServiceAccountname: traefik-ingress-controllernamespace: kube-system
View Code

 

ui.yaml

---
apiVersion: v1
kind: Service
metadata:name: traefik-web-uinamespace: kube-system
spec:selector:k8s-app: traefik-ingress-lbports:- name: webport: 80targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: traefik-web-uinamespace: kube-system
spec:rules:- host: prod-traefik-ui.bgbiao.cnhttp:paths:- path: /backend:serviceName: traefik-web-uiservicePort: web
View Code

 

部署

cd /opt/traefik
kubectl apply -f .

 

查看pod

# kubectl get pods -n kube-system | grep traefik
traefik-ingress-controller-v2-hz82b        1/1     Running   0          8m4s

 

 查看svc

# kubectl get svc -n kube-system | grep traefik
traefik-ingress-service-v2   ClusterIP   10.1.188.71    <none>        80/TCP,8080/TCP          8m56s
traefik-web-ui               ClusterIP   10.1.239.107   <none>        80/TCP                   46m

 

查看ingresses

# kubectl get ingresses.extensions -n kube-system
NAME             HOSTS                       ADDRESS   PORTS   AGE
traefik-web-ui   prod-traefik-ui.bgbiao.cn             80      48m

 

查看traefik的dashboard

域名访问

由于没有dns服务器,这里直接修改hosts来测试。windows 10添加一条hosts记录

192.168.31.178 prod-traefik-ui.bgbiao.cn 

注意:这里的192.168.31.178是node节点ip

 

效果如下:

 

 

ip方式

直接通过node ip+8080方式,比如:

http://192.168.31.178:8080

效果同上!

 

点击http

 

 查看 http service

 

 效果如下:

 

 

注意:虽然traefikv2.x改动了很多,但是还是向下兼容一些内容的,比如我重新创建traefik-v2.0.1之后,之前创建的ingress规则会自动导入

 

 

本文参考链接:

https://www.jianshu.com/p/0fc6df85d00d

https://zhuanlan.zhihu.com/p/97420459

这篇关于Traefik-v2.x快速入门的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/490364

相关文章

Spring Security 从入门到进阶系列教程

Spring Security 入门系列 《保护 Web 应用的安全》 《Spring-Security-入门(一):登录与退出》 《Spring-Security-入门(二):基于数据库验证》 《Spring-Security-入门(三):密码加密》 《Spring-Security-入门(四):自定义-Filter》 《Spring-Security-入门(五):在 Sprin

电脑桌面文件删除了怎么找回来?别急,快速恢复攻略在此

在日常使用电脑的过程中,我们经常会遇到这样的情况:一不小心,桌面上的某个重要文件被删除了。这时,大多数人可能会感到惊慌失措,不知所措。 其实,不必过于担心,因为有很多方法可以帮助我们找回被删除的桌面文件。下面,就让我们一起来了解一下这些恢复桌面文件的方法吧。 一、使用撤销操作 如果我们刚刚删除了桌面上的文件,并且还没有进行其他操作,那么可以尝试使用撤销操作来恢复文件。在键盘上同时按下“C

数论入门整理(updating)

一、gcd lcm 基础中的基础,一般用来处理计算第一步什么的,分数化简之类。 LL gcd(LL a, LL b) { return b ? gcd(b, a % b) : a; } <pre name="code" class="cpp">LL lcm(LL a, LL b){LL c = gcd(a, b);return a / c * b;} 例题:

Java 创建图形用户界面(GUI)入门指南(Swing库 JFrame 类)概述

概述 基本概念 Java Swing 的架构 Java Swing 是一个为 Java 设计的 GUI 工具包,是 JAVA 基础类的一部分,基于 Java AWT 构建,提供了一系列轻量级、可定制的图形用户界面(GUI)组件。 与 AWT 相比,Swing 提供了许多比 AWT 更好的屏幕显示元素,更加灵活和可定制,具有更好的跨平台性能。 组件和容器 Java Swing 提供了许多

【IPV6从入门到起飞】5-1 IPV6+Home Assistant(搭建基本环境)

【IPV6从入门到起飞】5-1 IPV6+Home Assistant #搭建基本环境 1 背景2 docker下载 hass3 创建容器4 浏览器访问 hass5 手机APP远程访问hass6 更多玩法 1 背景 既然电脑可以IPV6入站,手机流量可以访问IPV6网络的服务,为什么不在电脑搭建Home Assistant(hass),来控制你的设备呢?@智能家居 @万物互联

poj 2104 and hdu 2665 划分树模板入门题

题意: 给一个数组n(1e5)个数,给一个范围(fr, to, k),求这个范围中第k大的数。 解析: 划分树入门。 bing神的模板。 坑爹的地方是把-l 看成了-1........ 一直re。 代码: poj 2104: #include <iostream>#include <cstdio>#include <cstdlib>#include <al

hdu 4565 推倒公式+矩阵快速幂

题意 求下式的值: Sn=⌈ (a+b√)n⌉%m S_n = \lceil\ (a + \sqrt{b}) ^ n \rceil\% m 其中: 0<a,m<215 0< a, m < 2^{15} 0<b,n<231 0 < b, n < 2^{31} (a−1)2<b<a2 (a-1)^2< b < a^2 解析 令: An=(a+b√)n A_n = (a +

MySQL-CRUD入门1

文章目录 认识配置文件client节点mysql节点mysqld节点 数据的添加(Create)添加一行数据添加多行数据两种添加数据的效率对比 数据的查询(Retrieve)全列查询指定列查询查询中带有表达式关于字面量关于as重命名 临时表引入distinct去重order by 排序关于NULL 认识配置文件 在我们的MySQL服务安装好了之后, 会有一个配置文件, 也就

v0.dev快速开发

探索v0.dev:次世代开发者之利器 今之技艺日新月异,开发者之工具亦随之进步不辍。v0.dev者,新兴之开发者利器也,迅速引起众多开发者之瞩目。本文将引汝探究v0.dev之基本功能与优势,助汝速速上手,提升开发之效率。 何谓v0.dev? v0.dev者,现代化之开发者工具也,旨在简化并加速软件开发之过程。其集多种功能于一体,助开发者高效编写、测试及部署代码。无论汝为前端开发者、后端开发者

音视频入门基础:WAV专题(10)——FFmpeg源码中计算WAV音频文件每个packet的pts、dts的实现

一、引言 从文章《音视频入门基础:WAV专题(6)——通过FFprobe显示WAV音频文件每个数据包的信息》中我们可以知道,通过FFprobe命令可以打印WAV音频文件每个packet(也称为数据包或多媒体包)的信息,这些信息包含该packet的pts、dts: 打印出来的“pts”实际是AVPacket结构体中的成员变量pts,是以AVStream->time_base为单位的显