京东云Kubernetes集群+Traefik实战
Traefik支持丰富的annotations配置,可配置众多出色的特性,例如:自动熔断、负载均衡策略、黑名单、白名单。所以Traefik对于微服务来说简直就是一神器。
利用Traefik,并结合京东云Kubernetes集群及其他云服务(RDS,NAS,OSS,块存储等),可快速构建弹性扩展的微服务集群。
Traefik是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。它支持多种后台(Kubernetes,Docker,Swarm,Marathon,Mesos,Consul,Etcd,Zookeeper等)。
本文大致步骤如下:
Kubernetes权限配置(RBAC);
Traefik部署;
创建三个实例服务;
生成Ingress规则,并通过PATH测试通过Traefik访问各个服务;
Traefik配置域名及TLS证书,并实现HTTP重定向到HTTS。
本文部署Traefik使用到的Yaml文件均基于Traefik官方实例,并为适配京东云Kubernetes集群做了相关修改:
https://github.com/containous/traefik/tree/master/examples/k8s
基本概念
1
Ingress边界路由
虽然Kubernetes集群内部署的pod、server都有自己的IP,但是却无法提供外网访问,虽然我们可以通过监听NodePort的方式暴露服务,但是这种方式并不灵活,生产环境也不建议使用。
Ingresss是k8s集群中的一个API资源对象,扮演边缘路由器(edge router)的角色,也可以理解为集群防火墙、集群网关,我们可以自定义路由规则来转发、管理、暴露服务(一组Pod),非常灵活,生产环境建议使用这种方式。
什么是Ingress?
在Kubernetes中,Service和Pod的IP地址仅可以在集群网络内部使用,对于集群外的应用是不可见的。为了使外部的应用能够访问集群内的服务,在Kubernetes中可以通过NodePort和LoadBalancer这两种类型的Service,或者使用Ingress。
Ingress本质是通过http代理服务器将外部的http请求转发到集群内部的后端服务。通过Ingress,外部应用访问群集内容服务的过程如下所示:
Ingress 就是为进入集群的请求提供路由规则的集合。
Ingress 可以给 Service 提供集群外部访问的URL、负载均衡、SSL终止、HTTP路由等。为了配置这些 Ingress 规则,集群管理员需要部署一个 Ingress controller,它监听 Ingress 和 Service 的变化,并根据规则配置负载均衡并提供访问入口。
2
Traefik是什么?
Traefik在Github上Star数超19K:
https://github.com/containous/traefik
Traefik是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。
Traefik是一个用Golang开发的轻量级的Http反向代理和负载均衡器,虽然相比于Nginx,它是后起之秀,但是它天然拥抱Kubernetes,直接与集群K8s的Api Server通信,反应非常迅速,同时还提供了友好的控制面板和监控界面,不仅可以方便地查看Traefik根据Ingress生成的路由配置信息,还可以查看统计的一些性能指标数据,如:总响应时间、平均响应时间、不同的响应码返回的总次数等。
不仅如此,Traefik还支持丰富的annotations配置,可配置众多出色的特性,例如:自动熔断、负载均衡策略、黑名单、白名单。所以Traefik对于微服务来说简直就是一神器。
Traefik User Guide for Kubernetes:
https://docs.traefik.io/user-guide/kubernetes/
3
京东云Kubernetes集群
京东云Kubernetes整合京东云虚拟化、存储和网络能力,提供高性能可伸缩的容器应用管理能力,简化集群的搭建和扩容等工作,让用户专注于容器化的应用的开发与管理。
用户可以在京东云创建一个安全高可用的 Kubernetes 集群,并由京东云完全托管 Kubernetes 服务,并保证集群的稳定性和可靠性。让用户可以方便地在京东云上使用 Kubernetes 管理容器应用。
京东云Kubernetes集群:
https://3.cn/C5KdrKa
前置条件
1
创建京东云Kubernetes集群
创建Kubernetes集群
请参考:
docs.jdcloud.com/cn/jcs-for-…
2
Kubernetes客户端配置
集群创建完成后,需要配置kubectl客户端以连接Kubernetes集群。
请参考:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/connect-to-cluster
Traefik部署
1
权限配置
创建响应的Cluster Role和Cluster Role Binding,以赋予Traefik足够的权限。
Yaml文件如下:
1$ cat traefik-rbac.yaml2---3kind: ClusterRole4apiVersion: rbac.authorization.k8s.io/v1beta15metadata:6 name: traefik-ingress-controller7rules:8 - apiGroups:9 - ""
10 resources:
11 - services
12 - endpoints
13 - secrets
14 verbs:
15 - get
16 - list
17 - watch
18 - apiGroups:
19 - extensions
20 resources:
21 - ingresses
22 verbs:
23 - get
24 - list
25 - watch
26---
27kind: ClusterRoleBinding
28apiVersion: rbac.authorization.k8s.io/v1beta1
29metadata:
30 name: traefik-ingress-controller
31roleRef:
32 apiGroup: rbac.authorization.k8s.io
33 kind: ClusterRole
34 name: traefik-ingress-controller
35subjects:
36- kind: ServiceAccount
37 name: traefik-ingress-controller
38 namespace: kube-system
复制代码开始创建
1$ kubectl create -f traefik-rbac.yaml
2clusterrole "traefik-ingress-controller" created
3clusterrolebinding "traefik-ingress-controller" created
复制代码创建成功
1$ kubectl get clusterrole -n kube-system | grep traefik
2traefik-ingress-controller 25s
3
4$ kubectl get clusterrolebinding -n kube-system | grep traefik
5traefik-ingress-controller 35s
复制代码2
部署Traefik
本文选择使用Deployment部署Traefik。除此之外,Traefik还提供了DaemonSet的部署方式:
https://github.com/containous/traefik/blob/master/examples/k8s/traefik-ds.yaml
Traefik的80端口为接收HTTP请求,8080端口为Dashboard访问端口;通过Load Balancer类型的Service创建京东云负载均衡SLB,来作为K8s集群的统一入口。
Yaml文件如下:
1$ cat traefik-deployment.yaml 2---3apiVersion: v14kind: ServiceAccount5metadata:6 name: traefik-ingress-controller7 namespace: kube-system8---9kind: Deployment
10apiVersion: extensions/v1beta1
11metadata:
12 name: traefik-ingress-controller
13 namespace: kube-system
14 labels:
15 k8s-app: traefik-ingress-lb
16spec:
17 replicas: 1
18 selector:
19 matchLabels:
20 k8s-app: traefik-ingress-lb
21 template:
22 metadata:
23 labels:
24 k8s-app: traefik-ingress-lb
25 name: traefik-ingress-lb
26 spec:
27 serviceAccountName: traefik-ingress-controller
28 terminationGracePeriodSeconds: 60
29 containers:
30 - image: traefik
31 name: traefik-ingress-lb
32 ports:
33 - name: http
34 containerPort: 80
35 - name: admin
36 containerPort: 8080
37 args:
38 - --api
39 - --kubernetes
40 - --logLevel=INFO
41---
42kind: Service
43apiVersion: v1
44metadata:
45 name: traefik-ingress-service
46 namespace: kube-system
47spec:
48 selector:
49 k8s-app: traefik-ingress-lb
50 ports:
51 - protocol: TCP
52 port: 80
53 name: web
54 - protocol: TCP
55 port: 8080
56 name: admin
57 type: LoadBalancer
复制代码开始创建
复制代码1$ kubectl create -f traefik-deployment.yaml
2serviceaccount "traefik-ingress-controller" created
3deployment "traefik-ingress-controller" created
4service "traefik-ingress-service" created
Pod正常运行
复制代码1$ kubectl get pod -n kube-system | grep traefik
2traefik-ingress-controller-668679b744-jvmbg 1/1 Running 0 57s
查看Pod日志
1$ kubectl logs traefik-ingress-controller-668679b744-jvmbg -n kube-system2time="2018-12-15T16:58:49Z" level=info msg="Traefik version v1.7.6 built on 2018-12-14_06:43:37AM"3time="2018-12-15T16:58:49Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"4time="2018-12-15T16:58:49Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e20} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"5time="2018-12-15T16:58:49Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"6time="2018-12-15T16:58:49Z" level=info msg="Starting provider configuration.ProviderAggregator {}"7time="2018-12-15T16:58:49Z" level=info msg="Starting server on :80"8time="2018-12-15T16:58:49Z" level=info msg="Starting server on :8080"9time="2018-12-15T16:58:49Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-15T16:58:49Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-15T16:58:49Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :80"
13time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :8080"
复制代码查看Traefik对应的SLB Service
1$ kubectl get svc/traefik-ingress-service -n kube-system
2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
3traefik-ingress-service LoadBalancer 10.0.58.175 114.67.95.167 80:30331/TCP,8080:30232/TCP 2m
复制代码京东云负载均衡的公网IP为114.67.95.167。
如果需要通过域名访问K8s内的服务,则可以通过将域名解析至该公网IP。
此时,通过“公网IP:8080”便可以访问Traefik的Dashboard。
3
Traefik使用示例
创建服务
创建3个Deployment对外提供HTTP服务,分别名为:Stilton、Cheddar、Wensleydale。
1$ cat cheese-deployments.yaml2---3kind: Deployment4apiVersion: extensions/v1beta15metadata:6 name: stilton7 labels:8 app: cheese9 cheese: stilton10spec:11 replicas: 212 selector:13 matchLabels:14 app: cheese15 task: stilton16 template:17 metadata:18 labels:19 app: cheese20 task: stilton21 version: v0.0.122 spec:23 containers:24 - name: cheese25 image: errm/cheese:stilton26 resources:27 requests:28 cpu: 100m29 memory: 50Mi30 limits:31 cpu: 100m32 memory: 50Mi33 ports:34 - containerPort: 8035---36kind: Deployment37apiVersion: extensions/v1beta138metadata:39 name: cheddar40 labels:41 app: cheese42 cheese: cheddar43spec:44 replicas: 245 selector:46 matchLabels:47 app: cheese48 task: cheddar49 template:50 metadata:51 labels:52 app: cheese53 task: cheddar54 version: v0.0.155 spec:56 containers:57 - name: cheese58 image: errm/cheese:cheddar59 resources:60 requests:61 cpu: 100m62 memory: 50Mi63 limits:64 cpu: 100m65 memory: 50Mi66 ports:67 - containerPort: 8068---69kind: Deployment70apiVersion: extensions/v1beta171metadata:72 name: wensleydale73 labels:74 app: cheese75 cheese: wensleydale76spec:77 replicas: 278 selector:79 matchLabels:80 app: cheese81 task: wensleydale82 template:83 metadata:84 labels:85 app: cheese86 task: wensleydale87 version: v0.0.188 spec:89 containers:90 - name: cheese91 image: errm/cheese:wensleydale92 resources:93 requests:94 cpu: 100m95 memory: 50Mi96 limits:97 cpu: 100m98 memory: 50Mi99 ports:
100 - containerPort: 80
复制代码1$ kubectl create -f cheese-deployments.yaml
2deployment "stilton" created
3deployment "cheddar" created
4deployment "wensleydale" created
复制代码对应的Service
1$ cat cheese-services.yaml2---3apiVersion: v14kind: Service5metadata:6 name: stilton7spec:8 ports:9 - name: http
10 targetPort: 80
11 port: 80
12 selector:
13 app: cheese
14 task: stilton
15---
16apiVersion: v1
17kind: Service
18metadata:
19 name: cheddar
20spec:
21 ports:
22 - name: http
23 targetPort: 80
24 port: 80
25 selector:
26 app: cheese
27 task: cheddar
28---
29apiVersion: v1
30kind: Service
31metadata:
32 name: wensleydale
33spec:
34 ports:
35 - name: http
36 targetPort: 80
37 port: 80
38 selector:
39 app: cheese
40 task: wensleydale
复制代码1$ kubectl create -f cheese-services.yaml
2service "stilton" created
3service "cheddar" created
4service "wensleydale" created
复制代码创建Ingress
Ingress Yaml文件如下:
1$ cat my-cheeses-ingress.yaml2apiVersion: extensions/v1beta13kind: Ingress4metadata:5 name: cheeses6 annotations:7 traefik.frontend.rule.type: PathPrefixStrip8spec:9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
复制代码创建Ingress
1$ kubectl create -f my-cheeses-ingress.yaml
2ingress "cheeses" created
复制代码创建成功
1$ kubectl describe ingress/cheeses2Name: cheeses3Namespace: default4Address: 5Default backend: default-http-backend:80 (<none>)6Rules:7 Host Path Backends8 ---- ---- --------9 www.<your-domain-name>.com
10 /stilton stilton:http (<none>)
11 /cheddar cheddar:http (<none>)
12 /wensleydale wensleydale:http (<none>)
13Annotations:
14Events: <none>
复制代码访问服务
直接通过ELB IP+PATH访问:
1$ curl 114.67.95.167/stilton
2404 page not found
复制代码访问失败,因为Ingress规则里指定了host。
请求Header中指定host:
1$ curl -H "Host:www.<your-domain-name>.com" 114.67.95.167/stilton2<html>3 <head>4 <style>5 html { 6 background: url(./bg.png) no-repeat center center fixed; 7 -webkit-background-size: cover;8 -moz-background-size: cover;9 -o-background-size: cover;
10 background-size: cover;
11 }
12
13 h1 {
14 font-family: Arial, Helvetica, sans-serif;
15 background: rgba(187, 187, 187, 0.5);
16 width: 3em;
17 padding: 0.5em 1em;
18 margin: 1em;
19 }
20 </style>
21 </head>
22 <body>
23 <h1>Stilton</h1>
24 </body>
25</html>
复制代码访问成功。
但是由于域名未备案,这种方式会被京东云拦截。
两种方式:
一、Ingress里移除指定host;
二、注册域名,并绑定证书及私钥。
从Ingress中移除host
将host字段注释掉:
1$ cat my-cheeses-ingress.yaml 2apiVersion: extensions/v1beta13kind: Ingress4metadata:5 name: cheeses6 annotations:7 traefik.frontend.rule.type: PathPrefixStrip8spec:9 rules:
10# - host: www.<your-domain-name>.com
11 - http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
复制代码重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
2ingress "cheeses" replaced
3$ kubectl get ingress
4NAME HOSTS ADDRESS PORTS AGE
5cheeses * 80 18m复制代码Ingress更新成功,通过公网IP+PATH访问。
Stilton服务
1$ curl -I 114.67.95.167/stilton
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 517
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:19:15 GMT
7Etag: "5784f6c9-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:21 GMT
9Server: nginx/1.11.1
复制代码Cheddar服务
1$ curl -I 114.67.95.167/cheddar
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 517
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:19:54 GMT
7Etag: "5784f6e1-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:45 GMT
9Server: nginx/1.11.1复制代码Wensleydale服务
复制代码1$ curl -I 114.67.95.167/wensleydale
2HTTP/1.1 200 OK
3Accept-Ranges: bytes
4Content-Length: 521
5Content-Type: text/html
6Date: Thu, 20 Dec 2018 06:20:00 GMT
7Etag: "5784f6fb-209"
8Last-Modified: Tue, 12 Jul 2016 13:56:11 GMT
9Server: nginx/1.11.1
三个服务均可通过/正常访问。
配置域名及证书
申请域名:.com,并在京东云上备案,并解析到SLB公网IP:114.67.95.167
证书和私钥
1$ ll *.pem
2-rw-r--r-- 1 pmo_jd_a pmo_jd_a 3554 Dec 20 16:04 fullchain.pem
3-rw------- 1 pmo_jd_a pmo_jd_a 1708 Dec 20 16:04 privkey.pem
复制代码创建Secret保存证书和私钥:
1$ kubectl create secret generic traefik-cert --from-file=fullchain.pem --from-file=privkey.pem -n kube-system
2secret "traefik-cert" created
复制代码Traefik配置文件(HTTP访问重定向到HTTPS,证书及私钥存放在/ssl/目录下,需要Secret挂载到该目录以供Traefik读取):
1# cat traefik.toml2defaultEntryPoints = ["http","https"]3[entryPoints]4 [entryPoints.http]5 address = ":80"6 [entryPoints.http.redirect]7 entryPoint = "https"8 [entryPoints.https]9 address = ":443"
10 [entryPoints.https.tls]
11 [[entryPoints.https.tls.certificates]]
12 CertFile = "/ssl/fullchain.pem"
13 KeyFile = "/ssl/privkey.pem"
复制代码创建ConfigMap用于保存配置文件traefik.toml:
复制代码1$ kubectl create configmap traefik-conf --from-file=traefik.toml -n kube-system
2configmap "traefik-conf" created
需要重新部署Traefik,新的Yaml文件如下:
复制代码1$ cat traefik-deployment-new.yaml
2kind: Deployment
3apiVersion: extensions/v1beta1
4metadata:
5 name: traefik-ingress-controller
6 namespace: kube-system
7 labels:
8 k8s-app: traefik-ingress-lb
9spec:
10 replicas: 1
11 selector:
12 matchLabels:
13 k8s-app: traefik-ingress-lb
14 template:
15 metadata:
16 labels:
17 k8s-app: traefik-ingress-lb
18 name: traefik-ingress-lb
19 spec:
20 serviceAccountName: traefik-ingress-controller
21 terminationGracePeriodSeconds: 60
22 containers:
23 - image: traefik
24 name: traefik-ingress-lb
25 ports:
26 - name: http
27 containerPort: 80
28 - name: admin
29 containerPort: 8080
30 args:
31 - --api
32 - --kubernetes
33 - --logLevel=INFO
34 - --configfile=/config/traefik.toml
35 volumeMounts:
36 - mountPath: "/ssl"
37 name: "ssl"
38 - mountPath: "/config"
39 name: "config"
40 volumes:
41 - name: ssl
42 secret:
43 secretName: traefik-cert
44 - name: config
45 configMap:
46 name: traefik-conf
重新部署:
1$ kubectl replace -f traefik-deployment-new.yaml
2deployment "traefik-ingress-controller" replaced
3$ kubectl get pod -n kube-system | grep traefik
4traefik-ingress-controller-668679b744-jvmbg 0/1 Terminating 0 4d
5traefik-ingress-controller-7d6cd769c9-2p57t 0/1 ContainerCreating 0 3s
6$ kubectl get pod -n kube-system | grep traefik
7traefik-ingress-controller-7d6cd769c9-2p57t 1/1 Running 0 19s复制代码重新部署的Pod正常running。
查看Pod日志
1$ kubectl logs traefik-ingress-controller-7d6cd769c9-2p57t -n kube-system2time="2018-12-20T09:29:30Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dbc0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"3time="2018-12-20T09:29:30Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00059de40 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072db80} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"4time="2018-12-20T09:29:30Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000216c60 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dba0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"5time="2018-12-20T09:29:30Z" level=info msg="Starting provider configuration.ProviderAggregator {}"6time="2018-12-20T09:29:30Z" level=info msg="Starting server on :8080"7time="2018-12-20T09:29:30Z" level=info msg="Starting server on :80"8time="2018-12-20T09:29:30Z" level=info msg="Starting server on :443"9time="2018-12-20T09:29:30Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-20T09:29:30Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-20T09:29:30Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :8080"
13time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :80"
14time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :443"
复制代码更新Ingress
1$ cat my-cheeses-ingress.yaml2apiVersion: extensions/v1beta13kind: Ingress4metadata:5 name: cheeses6 annotations:7 traefik.frontend.rule.type: PathPrefixStrip8spec:9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
复制代码重建Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
复制代码更新Traefik Service,开放443端口:
1$ cat traefik-service.yaml 2kind: Service3apiVersion: v14metadata:5 name: traefik-ingress-service6 namespace: kube-system7spec:8 selector:9 k8s-app: traefik-ingress-lb
10 ports:
11 - protocol: TCP
12 port: 80
13 name: web
14 - protocol: TCP
15 port: 8080
16 name: admin
17 - protocol: TCP
18 port: 443
19 name: tls
20 type: LoadBalancer
复制代码应用Service更新:
1$ kubectl apply -f traefik-service.yaml -n kube-system
2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
3service "traefik-ingress-service" configured
复制代码HTTPS访问:
https://www.your-domain-name.com/stilton
以及HTTP:
http://www.your-domain-name.com/stilton
均可正常访问,且HTTP访问会被重定向到HTTPS。
总结:
本文仅测试了traefik的路由分发,当然traefik的功能远远不止于此,其大致特性如下:
它非常快~~~
无需安装其他依赖,通过Go语言编写的单一可执行文件
支持 Rest API
多种后台支持:Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, 并且还会更多
后台监控, 可以监听后台变化进而自动化应用新的配置文件设置
配置文件热更新,无需重启进程
正常结束http连接
后端断路器
轮询,rebalancer 负载均衡
Rest Metrics
支持最小化 官方 docker 镜像
后台支持SSL
前台支持SSL(包括SNI)
清爽的AngularJS前端页面
支持Websocket
支持HTTP/2
网络错误重试
支持Let’s Encrypt (自动更新HTTPS证书)
高可用集群模式
docs.jdcloud.com/cn/jcs-for-…
·END·
转载于:https://juejin.im/post/5c93d4795188252d5404b279
京东云Kubernetes集群+Traefik实战相关推荐
- 基于京东云Kubernetes集群的 SpringBoot+MySQL 应用示例
Kubernetes 是目前最主流的开源容器编排技术,用于自动部署,扩展和管理容器化应用程序,其提供应用部署.维护. 扩展机制等一系列完整功能,极大提高了容器集群管理的便捷性. 京东早在2016年年底 ...
- Kubernetes集群方方面面实战教程学习线路指南
写在前面的话
- 在阿里云上部署生产级别Kubernetes集群
阿里云是国内非常受欢迎的基础云平台,随着Kubernetes的普及,越来越多的企业开始筹划在阿里云上部署自己的Kubernetes集群. 本文将结合实战中总结的经验,分析和归纳一套在阿里云上部署生产级 ...
- 容器集群k8s从入门到精通实战第一天 kubernetes集群简介及其实例
第一章 kubernetes介绍 本章节主要介绍应用程序在服务器上部署方式演变以及kubernetes的概念.组件和工作原理. 应用部署方式演变 在部署应用程序的方式上,主要经历了三个时代: 传统部署 ...
- golang检查tcp是否可用_宕机处理:Kubernetes集群高可用实战总结
导语 | 在企业生产环境,Kubernetes高可用是一个必不可少的特性,其中最通用的场景就是如何在Kubernetes集群宕机一个节点的情况下保障服务依旧可用.本文对在该场景下实现集群和应用高可用过 ...
- 阿里云上万个 Kubernetes 集群大规模管理实践
点击下载<不一样的 双11 技术:阿里巴巴经济体云原生实践> 本文节选自<不一样的 双11 技术:阿里巴巴经济体云原生实践>一书,点击上方图片即可下载! 作者 | 汤志敏,阿里 ...
- 阿里云上Kubernetes集群联邦
摘要: kubernetes集群让您能够方便的部署管理运维容器化的应用.但是实际情况中经常遇到的一些问题,就是单个集群通常无法跨单个云厂商的多个Region,更不用说支持跨跨域不同的云厂商.这样会给企 ...
- 阿里云上Kubernetes集群联邦 1
摘要: kubernetes集群让您能够方便的部署管理运维容器化的应用.但是实际情况中经常遇到的一些问题,就是单个集群通常无法跨单个云厂商的多个Region,更不用说支持跨跨域不同的云厂商.这样会给企 ...
- 自建Kubernetes集群如何使用阿里云CSI存储组件
工具与资源中心 帮助开发者更加高效的工作,提供围绕开发者全生命周期的工具与资源 https://developer.aliyun.com/tool?spm=a1z389.11499242.0.0.65 ...
最新文章
- java json格式字符串转为map_json格式的字符串序列化和反序列化的一些高级用法...
- java metrics 简书_Spring Boot Metrics
- 全国计算机等级考试暨南大学,9月暨南大学计算机等级考试报名时间通知
- 计算机专业英语第2版郭涛翻译,计算机专业英语
- Runtime.getRuntime().exec()调用外部程序
- mysql的递归查询_比较两种mysql递归tree查询效率-mysql递归tree
- 为什么要写this在访问成员变量的时候_终于知道阿里字节这样的公司,为什么经常拿final来考验求职者了...
- Focal Loss 分类问题 pytorch实现代码(续2)
- SAP License:CKMLCP运行物料帐时单个物料冲突无法运行
- MyBatis使用,MyBatis单独使用笔记
- 编解码器的学习笔记(十):Ogg系列
- 批处理使用完文件后释放_windows 下使用批处理执行 postgresql 命令行操作
- java调整图片透明度
- 道路车辆 盲区监测(bsd)系统性能要求及试验方法_LKA、BSD国标出炉,狩猎和绞杀即将开始...
- 词霸天下---177 词根 【 -vast- = -wast- 空,荒废 】仅供学习使用
- PS钢笔抠图及商业案例
- 2015英语命题规律
- Python实现自动批改作业系统~
- 贵州支教之第一天(11月7日)
- ENVI气溶胶反演相关示例教材
热门文章
- 柱状图多维条形图vue_Vue2+Echarts实现多种图表数据可视化Dashboard详解(附源码)...
- 体系结构 流水线吞吐率、加速比、效率
- 7. Fabric2.2 区块链农产品溯源系统 - 需求分析与方案设计
- Aruba:无限你的无线
- 对视图的对角线切割DiagonalView
- 【2023新】华为OD机试 - 绘图机器(Python)
- Android开发,使用Log打印日志,打印相同内容在Logcat中只能连续显示两次(遍历打印List中的内容,打印结果条数比List的size小)。
- adb连接夜游神模拟器的方法
- 安装oracle执行runInstaller文件时报错:“……/install/.oui:Permission denied”
- python实现自动翻译剪切板