Traefik 是一款开源的边缘路由器,它可以让发布服务变得轻松有趣。它代表您的系统接收请求,并找出负责处理这些请求的组件。与众不同之处在于,除了它的许多特性之外,它还可以自动为您的服务发现正确的配置。当 Traefik 检查您的基础设施时,它会发现相关信息,并发现哪个服务为哪个请求提供服务。Traefik 与每个主要的集群技术都是原生兼容的,比如 Kubernetes、Docker、Docker Swarm、AWS、Mesos、Marathon 等等;并且可以同时处理多个。(它甚至适用于运行在裸机上的遗留软件。) 使用 Traefik,不需要维护和同步单独的配置文件:所有事情都是实时自动发生的(没有重启,没有连接中断)。使用 Traefik,只需要花费时间开发和部署新功能到您的系统,而不是配置和维护其工作状态。项目地址:https://github.com/traefik/traefik官网文档:https://doc.traefik.io/traefik/
以下为官方示意图
从上面图得知,当请求Traefik时,请求首先到entrypoints,然后分析传入的请求,查看他们是否与定义的Routers匹配。如果匹配,则会通过一系列middlewares处理,再到traefikServices上做流量转发,最后请求到kubernetes的services上。Traefik 基于入口点、路由器、中间件和服务的概念:
nginx-ingress:
使用nginx作为前端负载均衡,通过ingress controller不断的和kubernetes api交互,实时获取后端service,pod等的变化,然后动态更新nginx配置,并刷新使配置生效,达到服务发现的目的。
traefik:traefik本身设计的就能够实时跟kubernetes api交互,感知后端service,pod等的变化,自动更新配置并重载。
官方提供以下几种方式来安装Traefik:
本篇将使用 Helm 来安装 Traefik。确保满足以下要求:
环境说明:
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready control-plane,master 1d v1.22.10
[root@localhost ~]# helm version
version.BuildInfo{Version:"v3.11.3", GitCommit:"323249351482b3bbfc9f5004f65d400aa70f9ae7", GitTreeState:"clean", GoVersion:"go1.20.3"}
[root@localhost ~]#
为了实现在本地集群中能够使用服务类型为LoadBalancer的服务,我们将部署metallb来实现,至于metallb的实现原理,本章不会详细讲解,有兴趣的童鞋可以自行研究 提前安装metallb服务,使traefik svc可以使用LoadBalancer的服务
参考官网:https://metallb.universe.tf/installation/
[root@localhost ~]# kubectl create ns metallb-system
[root@localhost ~]# helm repo add metallb https://metallb.github.io/metallb
"metallb" has been added to your repositories
[root@localhost ~]# helm install -n metallb-system metallb metallb/metallb
NAME: metallb
LAST DEPLOYED: Mon Aug 21 16:51:37 2023
NAMESPACE: metallb-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
MetalLB is now running in the cluster.
Now you can configure it via its CRs. Please refer to the metallb official docs
on how to use the CRs.
查看pod
[root@localhost ~]# kubectl get pod -n metallb-system
NAME READY STATUS RESTARTS AGE
metallb-controller-77bbffbc7b-jr78f 1/1 Running 1 (1d ago) 1d
metallb-speaker-7pqhj 1/1 Running 1 (1d ago) 1d
配置ip池
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default
namespace: metallb-system
spec:
addresses:
- 192.168.36.139.139-192.168.36.200 # 手动配置IP范围
autoAssign: true
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
spec:
ipAddressPools:
- default
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
查看服务
[root@localhost ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 1d
nginx LoadBalancer 10.102.129.137 192.168.36.139 80:31274/TCP 1d
# 从集群外访问该IP地址:192.168.36.139
访问成功即可表示部署成功
image.png
添加traefik仓库
# 将 Traefik Labs 图表存储库添加到 Helm:
helm repo add traefik https://traefik.github.io/charts
# 您可以通过运行以下命令来更新图表存储库:
helm repo update
安装部署
# 使用helm命令行安装它:
kubectl create ns traefik
helm install -n traefik traefik traefik/traefik
部署效果
[root@localhost ~]# kubectl get all -n traefik
NAME READY STATUS RESTARTS AGE
pod/traefik-65944f8d5f-k5bfl 1/1 Running 0 1d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/traefik LoadBalancer 10.110.60.107 192.168.36.140 80:32301/TCP,443:31378/TCP 1d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/traefik 1/1 1 1 1d
NAME DESIRED CURRENT READY AGE
replicaset.apps/traefik-65944f8d5f 1 1 1 1d
安装好traefik之后,我们使用 Traefik 自带的 CRD 创建一个ingress规则访问dashboard
# traefik-dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
namespace: traefik
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.lc`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
[root@localhost ~]# kubectl apply -f traefik-dashboard.yaml
ingressroute.traefik.containo.us/dashboard created
本集群部署了 MetalLB 负载均衡器,使用LoadBalancer暴露了了traefik service,可直接拿EXTERNAL-IP 地址访问
添加本地hosts
192.168.36.140 traefik.lc
访问 http://traefik.lc/ 即可部署成功
本文介绍了Treafik以及与Nginx INgress的对比,并一步一步讲解了部署的过程,下一章将讲解Treafik更多企业级实战,请敬请期待!