官网地址:https://doc.traefik.io/traefik/user-guides/crd-acme/
参考目录:/Traefik/User Guides/Kubernetes and Let’s Encrypt/Cluster Resources/IngressRoute Definition

资源准备

  • k8s 集群;【节点信息:192.168.159.138 master01;192.168.159.142 node01】
  • 设定虚拟域名:zhiboqingyun.com,
  • 配置192.168.159.138 zhiboqingyun.com 到本地C:\Windows\System32\drivers\etc\hosts【注意用的是master01节点,192.168.159.138,因为nginx安装在此,故选择此节点】
  • 安装nginx【在节点192.168.159.138 master01】

若没有集群,请参考:kubeadm创建kubernetes集群【centos】

https://blog.csdn.net/zhiboqingyun/article/details/119256511

若没有nginx,请参考:Nginx的安装和部署

https://blog.csdn.net/zhiboqingyun/article/details/122914778

mkdir -p /root/traefik
cd /root/traefik

一、IngressRoute Definition

vi traefik.yaml #添加一下内容

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: ingressroutes.traefik.containo.us
spec:group: traefik.containo.usnames:kind: IngressRoutelistKind: IngressRouteListplural: ingressroutessingular: ingressroutescope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: IngressRoute is an Ingress CRD specification.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: IngressRouteSpec is a specification for a IngressRouteSpecresource.properties:entryPoints:items:type: stringtype: arrayroutes:items:description: Route contains the set of routes.properties:kind:enum:- Ruletype: stringmatch:type: stringmiddlewares:items:description: MiddlewareRef is a ref to the Middleware resources.properties:name:type: stringnamespace:type: stringrequired:- nametype: objecttype: arraypriority:type: integerservices:items:description: Service defines an upstream to proxy traffic.properties:kind:enum:- Service- TraefikServicetype: stringname:description: Name is a reference to a Kubernetes Serviceobject (for a load-balancer of servers), or to a TraefikServiceobject (service load-balancer, mirroring, etc). Thedifferentiation between the two is specified in theKind field.type: stringnamespace:type: stringpassHostHeader:type: booleanport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueresponseForwarding:description: ResponseForwarding holds configuration forthe forward of the response.properties:flushInterval:type: stringtype: objectscheme:type: stringserversTransport:type: stringsticky:description: Sticky holds the sticky configuration.properties:cookie:description: Cookie holds the sticky configurationbased on cookie.properties:httpOnly:type: booleanname:type: stringsameSite:type: stringsecure:type: booleantype: objecttype: objectstrategy:type: stringweight:description: Weight should only be specified when Namereferences a TraefikService object (and to be precise,one that embeds a Weighted Round Robin).type: integerrequired:- nametype: objecttype: arrayrequired:- kind- matchtype: objecttype: arraytls:description: "TLS contains the TLS certificates configuration of theroutes. To enable Let's Encrypt, use an empty TLS struct, e.g. inYAML: \n \t tls: {} # inline format \n \t tls: \t   secretName:# block format"properties:certResolver:type: stringdomains:items:description: Domain holds a domain name with SANs.properties:main:type: stringsans:items:type: stringtype: arraytype: objecttype: arrayoptions:description: Options is a reference to a TLSOption, that specifiesthe parameters of the TLS connection.properties:name:type: stringnamespace:type: stringrequired:- nametype: objectsecretName:description: SecretName is the name of the referenced KubernetesSecret to specify the certificate details.type: stringstore:description: Store is a reference to a TLSStore, that specifiesthe parameters of the TLS store.properties:name:type: stringnamespace:type: stringrequired:- nametype: objecttype: objectrequired:- routestype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: ingressroutetcps.traefik.containo.us
spec:group: traefik.containo.usnames:kind: IngressRouteTCPlistKind: IngressRouteTCPListplural: ingressroutetcpssingular: ingressroutetcpscope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: IngressRouteTCP is an Ingress CRD specification.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpecresource.properties:entryPoints:items:type: stringtype: arrayroutes:items:description: RouteTCP contains the set of routes.properties:match:type: stringmiddlewares:description: Middlewares contains references to MiddlewareTCPresources.items:description: ObjectReference is a generic reference to a Traefikresource.properties:name:type: stringnamespace:type: stringrequired:- nametype: objecttype: arrayservices:items:description: ServiceTCP defines an upstream to proxy traffic.properties:name:type: stringnamespace:type: stringport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueproxyProtocol:description: ProxyProtocol holds the ProxyProtocol configuration.properties:version:type: integertype: objectterminationDelay:type: integerweight:type: integerrequired:- name- porttype: objecttype: arrayrequired:- matchtype: objecttype: arraytls:description: "TLSTCP contains the TLS certificates configuration ofthe routes. To enable Let's Encrypt, use an empty TLS struct, e.g.in YAML: \n \t tls: {} # inline format \n \t tls: \t   secretName:# block format"properties:certResolver:type: stringdomains:items:description: Domain holds a domain name with SANs.properties:main:type: stringsans:items:type: stringtype: arraytype: objecttype: arrayoptions:description: Options is a reference to a TLSOption, that specifiesthe parameters of the TLS connection.properties:name:type: stringnamespace:type: stringrequired:- nametype: objectpassthrough:type: booleansecretName:description: SecretName is the name of the referenced KubernetesSecret to specify the certificate details.type: stringstore:description: Store is a reference to a TLSStore, that specifiesthe parameters of the TLS store.properties:name:type: stringnamespace:type: stringrequired:- nametype: objecttype: objectrequired:- routestype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: ingressrouteudps.traefik.containo.us
spec:group: traefik.containo.usnames:kind: IngressRouteUDPlistKind: IngressRouteUDPListplural: ingressrouteudpssingular: ingressrouteudpscope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: IngressRouteUDP is an Ingress CRD specification.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpecresource.properties:entryPoints:items:type: stringtype: arrayroutes:items:description: RouteUDP contains the set of routes.properties:services:items:description: ServiceUDP defines an upstream to proxy traffic.properties:name:type: stringnamespace:type: stringport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueweight:type: integerrequired:- name- porttype: objecttype: arraytype: objecttype: arrayrequired:- routestype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: middlewares.traefik.containo.us
spec:group: traefik.containo.usnames:kind: MiddlewarelistKind: MiddlewareListplural: middlewaressingular: middlewarescope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: Middleware is a specification for a Middleware resource.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: MiddlewareSpec holds the Middleware configuration.properties:addPrefix:description: AddPrefix holds the AddPrefix configuration.properties:prefix:type: stringtype: objectbasicAuth:description: BasicAuth holds the HTTP basic authentication configuration.properties:headerField:type: stringrealm:type: stringremoveHeader:type: booleansecret:type: stringtype: objectbuffering:description: Buffering holds the request/response buffering configuration.properties:maxRequestBodyBytes:format: int64type: integermaxResponseBodyBytes:format: int64type: integermemRequestBodyBytes:format: int64type: integermemResponseBodyBytes:format: int64type: integerretryExpression:type: stringtype: objectchain:description: Chain holds a chain of middlewares.properties:middlewares:items:description: MiddlewareRef is a ref to the Middleware resources.properties:name:type: stringnamespace:type: stringrequired:- nametype: objecttype: arraytype: objectcircuitBreaker:description: CircuitBreaker holds the circuit breaker configuration.properties:expression:type: stringtype: objectcompress:description: Compress holds the compress configuration.properties:excludedContentTypes:items:type: stringtype: arrayminResponseBodyBytes:type: integertype: objectcontentType:description: ContentType middleware - or rather its unique `autoDetect`option - specifies whether to let the `Content-Type` header, ifit has not been set by the backend, be automatically set to a valuederived from the contents of the response. As a proxy, the defaultbehavior should be to leave the header alone, regardless of whatthe backend did with it. However, the historic default was to alwaysauto-detect and set the header if it was nil, and it is going tobe kept that way in order to support users currently relying onit. This middleware exists to enable the correct behavior untilat least the default one can be changed in a future version.properties:autoDetect:type: booleantype: objectdigestAuth:description: DigestAuth holds the Digest HTTP authentication configuration.properties:headerField:type: stringrealm:type: stringremoveHeader:type: booleansecret:type: stringtype: objecterrors:description: ErrorPage holds the custom error page configuration.properties:query:type: stringservice:description: Service defines an upstream to proxy traffic.properties:kind:enum:- Service- TraefikServicetype: stringname:description: Name is a reference to a Kubernetes Service object(for a load-balancer of servers), or to a TraefikServiceobject (service load-balancer, mirroring, etc). The differentiationbetween the two is specified in the Kind field.type: stringnamespace:type: stringpassHostHeader:type: booleanport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueresponseForwarding:description: ResponseForwarding holds configuration for theforward of the response.properties:flushInterval:type: stringtype: objectscheme:type: stringserversTransport:type: stringsticky:description: Sticky holds the sticky configuration.properties:cookie:description: Cookie holds the sticky configuration basedon cookie.properties:httpOnly:type: booleanname:type: stringsameSite:type: stringsecure:type: booleantype: objecttype: objectstrategy:type: stringweight:description: Weight should only be specified when Name referencesa TraefikService object (and to be precise, one that embedsa Weighted Round Robin).type: integerrequired:- nametype: objectstatus:items:type: stringtype: arraytype: objectforwardAuth:description: ForwardAuth holds the http forward authentication configuration.properties:address:type: stringauthRequestHeaders:items:type: stringtype: arrayauthResponseHeaders:items:type: stringtype: arrayauthResponseHeadersRegex:type: stringtls:description: ClientTLS holds TLS specific configurations as client.properties:caOptional:type: booleancaSecret:type: stringcertSecret:type: stringinsecureSkipVerify:type: booleantype: objecttrustForwardHeader:type: booleantype: objectheaders:description: Headers holds the custom header configuration.properties:accessControlAllowCredentials:description: AccessControlAllowCredentials is only valid if true.false is ignored.type: booleanaccessControlAllowHeaders:description: AccessControlAllowHeaders must be used in responseto a preflight request with Access-Control-Request-Headers set.items:type: stringtype: arrayaccessControlAllowMethods:description: AccessControlAllowMethods must be used in responseto a preflight request with Access-Control-Request-Method set.items:type: stringtype: arrayaccessControlAllowOriginList:description: AccessControlAllowOriginList is a list of allowableorigins. Can also be a wildcard origin "*".items:type: stringtype: arrayaccessControlAllowOriginListRegex:description: AccessControlAllowOriginListRegex is a list of allowableorigins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).items:type: stringtype: arrayaccessControlExposeHeaders:description: AccessControlExposeHeaders sets valid headers forthe response.items:type: stringtype: arrayaccessControlMaxAge:description: AccessControlMaxAge sets the time that a preflightrequest may be cached.format: int64type: integeraddVaryHeader:description: AddVaryHeader controls if the Vary header is automaticallyadded/updated when the AccessControlAllowOriginList is set.type: booleanallowedHosts:items:type: stringtype: arraybrowserXssFilter:type: booleancontentSecurityPolicy:type: stringcontentTypeNosniff:type: booleancustomBrowserXSSValue:type: stringcustomFrameOptionsValue:type: stringcustomRequestHeaders:additionalProperties:type: stringtype: objectcustomResponseHeaders:additionalProperties:type: stringtype: objectfeaturePolicy:description: 'Deprecated: use PermissionsPolicy instead.'type: stringforceSTSHeader:type: booleanframeDeny:type: booleanhostsProxyHeaders:items:type: stringtype: arrayisDevelopment:type: booleanpermissionsPolicy:type: stringpublicKey:type: stringreferrerPolicy:type: stringsslForceHost:description: 'Deprecated: use RedirectRegex instead.'type: booleansslHost:description: 'Deprecated: use RedirectRegex instead.'type: stringsslProxyHeaders:additionalProperties:type: stringtype: objectsslRedirect:description: 'Deprecated: use EntryPoint redirection or RedirectSchemeinstead.'type: booleansslTemporaryRedirect:description: 'Deprecated: use EntryPoint redirection or RedirectSchemeinstead.'type: booleanstsIncludeSubdomains:type: booleanstsPreload:type: booleanstsSeconds:format: int64type: integertype: objectinFlightReq:description: InFlightReq limits the number of requests being processedand served concurrently.properties:amount:format: int64type: integersourceCriterion:description: SourceCriterion defines what criterion is used togroup requests as originating from a common source. If noneare set, the default is to use the request's remote addressfield. All fields are mutually exclusive.properties:ipStrategy:description: IPStrategy holds the ip strategy configuration.properties:depth:type: integerexcludedIPs:items:type: stringtype: arraytype: objectrequestHeaderName:type: stringrequestHost:type: booleantype: objecttype: objectipWhiteList:description: IPWhiteList holds the ip white list configuration.properties:ipStrategy:description: IPStrategy holds the ip strategy configuration.properties:depth:type: integerexcludedIPs:items:type: stringtype: arraytype: objectsourceRange:items:type: stringtype: arraytype: objectpassTLSClientCert:description: PassTLSClientCert holds the TLS client cert headers configuration.properties:info:description: TLSClientCertificateInfo holds the client TLS certificateinfo configuration.properties:issuer:description: TLSClientCertificateIssuerDNInfo holds the clientTLS certificate distinguished name info configuration. cfhttps://tools.ietf.org/html/rfc3739properties:commonName:type: booleancountry:type: booleandomainComponent:type: booleanlocality:type: booleanorganization:type: booleanprovince:type: booleanserialNumber:type: booleantype: objectnotAfter:type: booleannotBefore:type: booleansans:type: booleanserialNumber:type: booleansubject:description: TLSClientCertificateSubjectDNInfo holds the clientTLS certificate distinguished name info configuration. cfhttps://tools.ietf.org/html/rfc3739properties:commonName:type: booleancountry:type: booleandomainComponent:type: booleanlocality:type: booleanorganization:type: booleanorganizationalUnit:type: booleanprovince:type: booleanserialNumber:type: booleantype: objecttype: objectpem:type: booleantype: objectplugin:additionalProperties:x-kubernetes-preserve-unknown-fields: truetype: objectrateLimit:description: RateLimit holds the rate limiting configuration for agiven router.properties:average:format: int64type: integerburst:format: int64type: integerperiod:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: truesourceCriterion:description: SourceCriterion defines what criterion is used togroup requests as originating from a common source. If noneare set, the default is to use the request's remote addressfield. All fields are mutually exclusive.properties:ipStrategy:description: IPStrategy holds the ip strategy configuration.properties:depth:type: integerexcludedIPs:items:type: stringtype: arraytype: objectrequestHeaderName:type: stringrequestHost:type: booleantype: objecttype: objectredirectRegex:description: RedirectRegex holds the redirection configuration.properties:permanent:type: booleanregex:type: stringreplacement:type: stringtype: objectredirectScheme:description: RedirectScheme holds the scheme redirection configuration.properties:permanent:type: booleanport:type: stringscheme:type: stringtype: objectreplacePath:description: ReplacePath holds the ReplacePath configuration.properties:path:type: stringtype: objectreplacePathRegex:description: ReplacePathRegex holds the ReplacePathRegex configuration.properties:regex:type: stringreplacement:type: stringtype: objectretry:description: Retry holds the retry configuration.properties:attempts:type: integerinitialInterval:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: truetype: objectstripPrefix:description: StripPrefix holds the StripPrefix configuration.properties:forceSlash:type: booleanprefixes:items:type: stringtype: arraytype: objectstripPrefixRegex:description: StripPrefixRegex holds the StripPrefixRegex configuration.properties:regex:items:type: stringtype: arraytype: objecttype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: middlewaretcps.traefik.containo.us
spec:group: traefik.containo.usnames:kind: MiddlewareTCPlistKind: MiddlewareTCPListplural: middlewaretcpssingular: middlewaretcpscope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: MiddlewareTCP is a specification for a MiddlewareTCP resource.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.properties:inFlightConn:description: TCPInFlightConn holds the TCP in flight connection configuration.properties:amount:format: int64type: integertype: objectipWhiteList:description: TCPIPWhiteList holds the TCP ip white list configuration.properties:sourceRange:items:type: stringtype: arraytype: objecttype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: serverstransports.traefik.containo.us
spec:group: traefik.containo.usnames:kind: ServersTransportlistKind: ServersTransportListplural: serverstransportssingular: serverstransportscope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: ServersTransport is a specification for a ServersTransport resource.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: ServersTransportSpec options to configure communication betweenTraefik and the servers.properties:certificatesSecrets:description: Certificates for mTLS.items:type: stringtype: arraydisableHTTP2:description: Disable HTTP/2 for connections with backend servers.type: booleanforwardingTimeouts:description: Timeouts for requests forwarded to the backend servers.properties:dialTimeout:anyOf:- type: integer- type: stringdescription: DialTimeout is the amount of time to wait until aconnection to a backend server can be established. If zero,no timeout exists.x-kubernetes-int-or-string: trueidleConnTimeout:anyOf:- type: integer- type: stringdescription: IdleConnTimeout is the maximum period for which anidle HTTP keep-alive connection will remain open before closingitself.x-kubernetes-int-or-string: truepingTimeout:anyOf:- type: integer- type: stringdescription: PingTimeout is the timeout after which the HTTP/2connection will be closed if a response to ping is not received.x-kubernetes-int-or-string: truereadIdleTimeout:anyOf:- type: integer- type: stringdescription: ReadIdleTimeout is the timeout after which a healthcheck using ping frame will be carried out if no frame is receivedon the HTTP/2 connection. If zero, no health check is performed.x-kubernetes-int-or-string: trueresponseHeaderTimeout:anyOf:- type: integer- type: stringdescription: ResponseHeaderTimeout is the amount of time to waitfor a server's response headers after fully writing the request(including its body, if any). If zero, no timeout exists.x-kubernetes-int-or-string: truetype: objectinsecureSkipVerify:description: Disable SSL certificate verification.type: booleanmaxIdleConnsPerHost:description: If non-zero, controls the maximum idle (keep-alive) tokeep per-host. If zero, DefaultMaxIdleConnsPerHost is used.type: integerpeerCertURI:description: URI used to match against SAN URI during the peer certificateverification.type: stringrootCAsSecrets:description: Add cert file for self-signed certificate.items:type: stringtype: arrayserverName:description: ServerName used to contact the server.type: stringtype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: tlsoptions.traefik.containo.us
spec:group: traefik.containo.usnames:kind: TLSOptionlistKind: TLSOptionListplural: tlsoptionssingular: tlsoptionscope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: TLSOption is a specification for a TLSOption resource.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: TLSOptionSpec configures TLS for an entry point.properties:alpnProtocols:items:type: stringtype: arraycipherSuites:items:type: stringtype: arrayclientAuth:description: ClientAuth defines the parameters of the client authenticationpart of the TLS connection, if any.properties:clientAuthType:description: ClientAuthType defines the client authenticationtype to apply.enum:- NoClientCert- RequestClientCert- RequireAnyClientCert- VerifyClientCertIfGiven- RequireAndVerifyClientCerttype: stringsecretNames:description: SecretName is the name of the referenced KubernetesSecret to specify the certificate details.items:type: stringtype: arraytype: objectcurvePreferences:items:type: stringtype: arraymaxVersion:type: stringminVersion:type: stringpreferServerCipherSuites:type: booleansniStrict:type: booleantype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: tlsstores.traefik.containo.us
spec:group: traefik.containo.usnames:kind: TLSStorelistKind: TLSStoreListplural: tlsstoressingular: tlsstorescope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: TLSStore is a specification for a TLSStore resource.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: TLSStoreSpec configures a TLSStore resource.properties:defaultCertificate:description: DefaultCertificate holds a secret name for the TLSOptionresource.properties:secretName:description: SecretName is the name of the referenced KubernetesSecret to specify the certificate details.type: stringrequired:- secretNametype: objectrequired:- defaultCertificatetype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:annotations:controller-gen.kubebuilder.io/version: v0.6.2creationTimestamp: nullname: traefikservices.traefik.containo.us
spec:group: traefik.containo.usnames:kind: TraefikServicelistKind: TraefikServiceListplural: traefikservicessingular: traefikservicescope: Namespacedversions:- name: v1alpha1schema:openAPIV3Schema:description: TraefikService is the specification for a service (that an IngressRouterefers to) that is usually not a terminal service (i.e. not a pod of servers),as opposed to a Kubernetes Service. That is to say, it usually refers toother (children) services, which themselves can be TraefikServices or Services.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: ServiceSpec defines whether a TraefikService is a load-balancerof services or a mirroring service.properties:mirroring:description: Mirroring defines a mirroring service, which is composedof a main load-balancer, and a list of mirrors.properties:kind:enum:- Service- TraefikServicetype: stringmaxBodySize:format: int64type: integermirrors:items:description: MirrorService defines one of the mirrors of a Mirroringservice.properties:kind:enum:- Service- TraefikServicetype: stringname:description: Name is a reference to a Kubernetes Serviceobject (for a load-balancer of servers), or to a TraefikServiceobject (service load-balancer, mirroring, etc). The differentiationbetween the two is specified in the Kind field.type: stringnamespace:type: stringpassHostHeader:type: booleanpercent:type: integerport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueresponseForwarding:description: ResponseForwarding holds configuration forthe forward of the response.properties:flushInterval:type: stringtype: objectscheme:type: stringserversTransport:type: stringsticky:description: Sticky holds the sticky configuration.properties:cookie:description: Cookie holds the sticky configuration basedon cookie.properties:httpOnly:type: booleanname:type: stringsameSite:type: stringsecure:type: booleantype: objecttype: objectstrategy:type: stringweight:description: Weight should only be specified when Name referencesa TraefikService object (and to be precise, one that embedsa Weighted Round Robin).type: integerrequired:- nametype: objecttype: arrayname:description: Name is a reference to a Kubernetes Service object(for a load-balancer of servers), or to a TraefikService object(service load-balancer, mirroring, etc). The differentiationbetween the two is specified in the Kind field.type: stringnamespace:type: stringpassHostHeader:type: booleanport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueresponseForwarding:description: ResponseForwarding holds configuration for the forwardof the response.properties:flushInterval:type: stringtype: objectscheme:type: stringserversTransport:type: stringsticky:description: Sticky holds the sticky configuration.properties:cookie:description: Cookie holds the sticky configuration based oncookie.properties:httpOnly:type: booleanname:type: stringsameSite:type: stringsecure:type: booleantype: objecttype: objectstrategy:type: stringweight:description: Weight should only be specified when Name referencesa TraefikService object (and to be precise, one that embedsa Weighted Round Robin).type: integerrequired:- nametype: objectweighted:description: WeightedRoundRobin defines a load-balancer of services.properties:services:items:description: Service defines an upstream to proxy traffic.properties:kind:enum:- Service- TraefikServicetype: stringname:description: Name is a reference to a Kubernetes Serviceobject (for a load-balancer of servers), or to a TraefikServiceobject (service load-balancer, mirroring, etc). The differentiationbetween the two is specified in the Kind field.type: stringnamespace:type: stringpassHostHeader:type: booleanport:anyOf:- type: integer- type: stringx-kubernetes-int-or-string: trueresponseForwarding:description: ResponseForwarding holds configuration forthe forward of the response.properties:flushInterval:type: stringtype: objectscheme:type: stringserversTransport:type: stringsticky:description: Sticky holds the sticky configuration.properties:cookie:description: Cookie holds the sticky configuration basedon cookie.properties:httpOnly:type: booleanname:type: stringsameSite:type: stringsecure:type: booleantype: objecttype: objectstrategy:type: stringweight:description: Weight should only be specified when Name referencesa TraefikService object (and to be precise, one that embedsa Weighted Round Robin).type: integerrequired:- nametype: objecttype: arraysticky:description: Sticky holds the sticky configuration.properties:cookie:description: Cookie holds the sticky configuration based oncookie.properties:httpOnly:type: booleanname:type: stringsameSite:type: stringsecure:type: booleantype: objecttype: objecttype: objecttype: objectrequired:- metadata- spectype: objectserved: truestorage: true
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: traefik-ingress-controllerrules:- apiGroups:- ""resources:- services- endpoints- secretsverbs:- get- list- watch- apiGroups:- extensions- networking.k8s.ioresources:- ingresses- ingressclassesverbs:- get- list- watch- apiGroups:- extensionsresources:- ingresses/statusverbs:- update- apiGroups:- traefik.containo.usresources:- middlewares- middlewaretcps- ingressroutes- traefikservices- ingressroutetcps- ingressrouteudps- tlsoptions- tlsstores- serverstransportsverbs:- get- list- watch---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: traefik-ingress-controllerroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: traefik-ingress-controller
subjects:- kind: ServiceAccountname: traefik-ingress-controllernamespace: default
kubectl apply -f traefik.yaml

二、Services

vi traefik-svc.yaml #添加以下内容

apiVersion: v1
kind: Service
metadata:name: traefikspec:type: NodePort   #此处新增,暴露端口,提供外部访问方式ports:- protocol: TCPname: webport: 8000- protocol: TCPname: adminport: 8080- protocol: TCPname: websecureport: 4443selector:app: traefik

kubectl apply -f traefik-svc.yaml

三、Deployments

vi traefik-deploy.yaml #添加以下内容

apiVersion: v1
kind: ServiceAccount
metadata:namespace: defaultname: traefik-ingress-controller---
kind: Deployment
apiVersion: apps/v1
metadata:namespace: defaultname: traefiklabels:app: traefikspec:replicas: 1selector:matchLabels:app: traefiktemplate:metadata:labels:app: traefikspec:serviceAccountName: traefik-ingress-controllercontainers:- name: traefikimage: traefik:v2.6args:- --api.insecure- --accesslog- --entrypoints.web.Address=:8000- --entrypoints.websecure.Address=:4443- --providers.kubernetescrd- --certificatesresolvers.myresolver.acme.tlschallenge- --certificatesresolvers.myresolver.acme.email=foo@you.com- --certificatesresolvers.myresolver.acme.storage=acme.json# Please note that this is the staging Let's Encrypt server.# Once you get things working, you should remove that whole line altogether.- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directoryports:- name: webcontainerPort: 8000- name: websecurecontainerPort: 4443- name: admincontainerPort: 8080
kubectl apply -f traefik-deploy.yaml

四、安装nginx

# 一、安装编译工具及库文件yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel# 二、安装 PCRE让 Nginx 支持 Rewrite 功能cd /usr/local/src/wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz# 解压安装包tar -zxvf pcre-8.35.tar.gz# 进入安装包目录cd pcre-8.35# 编译安装./configuremake && make install# 查看pcre版本pcre-config --version# 三、安装 Nginxcd /usr/local/src/wget http://nginx.org/download/nginx-1.20.2.tar.gz# 解压安装包tar -zxvf nginx-1.20.2.tar.gz# 进入安装包目录cd nginx-1.20.2# 编译安装./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35makemake install# 到此,nginx安装完成
  • nginx安装结束。目录结构
  • 配置文件:/usr/local/webserver/nginx/conf/nginx.conf
  • 启动目录:/usr/local/webserver/nginx/sbin/nginx
[root@nginx nginx]# pwd
/usr/local/webserver/nginx[root@nginx nginx]# ll
总用量 4
drwx------. 2 nobody root    6 215 21:54 client_body_temp
drwxr-xr-x. 2 root   root 4096 215 21:51 conf
drwx------. 2 nobody root    6 213 21:39 fastcgi_temp
drwxr-xr-x. 2 root   root   40 213 17:18 html
drwxr-xr-x. 2 root   root   58 214 08:49 logs
drwx------. 2 nobody root    6 213 21:39 proxy_temp
drwxr-xr-x. 2 root   root   36 215 21:31 sbin
drwx------. 2 nobody root    6 213 21:39 scgi_temp
drwx------. 2 nobody root    6 213 21:39 uwsgi_temp

  • 修改配置文件:/usr/local/webserver/nginx/conf/nginx.conf

  • 此处设定虚拟域名:zhiboqingyun.com

    server {listen       80;server_name  zhiboqingyun.com;location / {proxy_pass http://127.0.0.1:31910; # traefik 服务映射端口8000:31910/TCproxy_set_header Host $http_host;}
}

  • 启动nginx

    cd /usr/local/webserver/nginx
./sbin/nginx  -c ./conf/nginx.conf #指定配置文件,启动方式
./sbin/nginx  -c ./conf/nginx.conf -s reload #修改配置文件,重新加载

五、Traefik Routers

vi ingressroutes.yml

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:name: simpleingressroutenamespace: default
spec:entryPoints:- webroutes:- match: Host(`zhiboqingyun.com`) #此处使用设定的虚拟域名
# - match: Host(`your.example.com`) && PathPrefix(`/notls`)kind: Ruleservices:- name: whoamiport: 80

kubectl apply -f ingressroutes.yml

六、部署测试服务

  • 创建测试service

    vi test-svc.yaml

    apiVersion: v1
kind: Service
metadata:name: whoamispec:ports:- protocol: TCPname: webport: 80selector:app: whoami

    kubectl apply -f test-svc.yaml

  • 创建测试deployment

    kind: Deployment
apiVersion: apps/v1
metadata:namespace: defaultname: whoamilabels:app: whoamispec:replicas: 2selector:matchLabels:app: whoamitemplate:metadata:labels:app: whoamispec:containers:- name: whoamiimage: traefik/whoamiports:- name: webcontainerPort: 80

七、开启访问模式

  • 访问地址:http://zhiboqingyun.com:80

  • 访问流程:浏览器输入zhiboqingyun.com 【本地域名解析 192.168.159.138】,在nginx中
    经过proxy_pass请求转发http://127.0.0.1:31910即http://192.168.159.138:31910;请求到达集群内,然后通过31910:8000端口映射找到 traefik内部服务,请求在 IngressRoute,去匹配域名match:
    Host(zhiboqingyun.com),找到域名指向的services即name: whoami, port: 80

  • Taefik控制台访问:http://zhiboqingyun.com:30022/

K8S 配置域名访问 Ingress【Traefik】相关推荐

  1. thinkphp5/phpstudy分析入口文件index.php及localhost和配置域名访问网站根目录www

    文章目录 1.thinkphp5入口文件简介 2.访问网站根目录www (1)localhost访问网站根目录www (2)配置域名访问网站根目录www 第一步:点击站点域名管理 第二步:站点域名设置 ...

  2. APACHE局域网配置域名访问

    转载来源:APACHE局域网配置域名访问 :https://www.cnblogs.com/jthb/p/3214229.html 1.打开APACHE的目录 \Apache2\conf\extra\ ...

  3. 快速通过nginx配置域名访问

    配置nginx进行域名访问文件 在nginx安装目录下的conf目录下新建一个配置文件,比如你新加的域名为admin.hello.com,你希望通过这个域名访问admin项目,那么新建一个admin. ...

  4. nginx配置域名访问/禁止ip访问

    一 背景 为什么要禁止ip访问? 为了避免其他人把未备案的域名解析到自己的服务器IP,而导致服务器被断网,我们可以通过禁止使用ip访问的方法,防止此类事情的发生. 二 解决方法 修改配置文件nginx ...

  5. 【java】tomcat配置域名访问并修改端口号

    首先修改ip地址访问 打开tomcat安装目录,找到conf文件夹 进入后找到server.xml文件,用文本编辑器打开后如下: 找到<Engine name="Catalina&qu ...

  6. 小程序配置域名访问出现ios可以正常访问但是android无法正常访问的问题排查

    1.具体问题描述 小程序在开发环境下使用IP+端口的方式开发测试完成,但是在切换到域名并且配置了https之后,出现一种特别诡异的事情,小程序发布体验版之后,IOS系统的小程序可以正常访问小程序体验版 ...

  7. 阿里云ECS部署Nginx配置域名访问

    目录 前言 环境 具体步骤 服务器 域名 SSL证书 Nginx配置 前言 记录下阿里云服务器建站的过程(回回建,回回忘,尴尬...) 环境 ECS(Centos7.6)+ Nginx 具体步骤 服务 ...

  8. 服务器php网站配置域名访问,phpstudy在服务器上配置域名

    phpstudy在服务器上配置域名 内容精选 换一换 可以.一个服务器上可以同时配置多个证书.证书是与域名或IP绑定的,对服务器的数量没有限制.如果您购买的证书绑定的域名用于多台服务器,则购买的证书需 ...

  9. Django的web项目部署至Centos7服务器并配置域名访问

    配置服务器 本教程使用的本地环境为 Windows 10,服务器环境为 CentOS 7(64 位).(如果你还不知道服务器是什么的话,我简单解释一下服务器其实就是一台在其他地方运行的主机.这台主机可 ...

最新文章

  1. 行业发展之关于有用信息和无用信息的思考
  2. 释放数据价值,大数据分析如何助力电商获客又增收?
  3. Codeforces 235B Let's Play Osu!
  4. java 单例模式打包jar_在 Spark 中实现单例模式的技巧
  5. pandas基础操作
  6. bootstrap table 分页只显示分页不显示总页数等数据
  7. ie6,ie7兼容性总结(转)
  8. 十进制转任意进制-数论
  9. 谈谈Web Workers
  10. Amazon SP API注册申请和授权
  11. MySQL下载和安装教程
  12. multisim14安装与卸载
  13. 数学分析教程(科大)——2.4笔记+习题
  14. HKC PG27P3Q 评测
  15. python提取图片中的数字_用Python-OpenCV从车牌图像中提取数字和字母
  16. Spark中Map和Json字符串相互转换
  17. 计算机无法u盘启动,用u盘启动不了电脑没反应,教你用u盘启动不了电脑没反应怎么办...
  18. android软件版本升级时,安装新版本后,没有出现安装成功界面或直接回到桌面
  19. 防火墙添加ip白名单_防火墙白名单设置方法firewalld
  20. 8,xilinx 7系列FPGA理论篇——slice篇简介

热门文章

  1. 【高效程序员系列】3、别碰鼠标------让键盘飞起来
  2. 关于OSPF的五种报文类型介绍、OSPF八种状态机变化与报文交互介绍。
  3. 2018上交软科计算机科学排名,2018年上海软科世界一流学科排名出炉!
  4. 在html中写响应式布局的代码,CSS实现响应式布局的方法
  5. 天猫高管全面解读大快消2018新零售打法
  6. 深度长文:我对CQRS/EventSourcing架构的思考
  7. 页面表单数据返显方法
  8. 乐视:基于Docker的RDS,我们是这样做的
  9. 编辑精选 | 每周为你推荐Github热门项目、学习资源等优质内容!
  10. 计算机管理 未分配磁盘,电脑磁盘显示未分配怎么办?磁盘数据如何恢复?