V2AS问路
总结traefik 在k8s 环境中的配置文件
阅读原文时间:2023年07月08日阅读:3

总结traefik 在k8s 环境中的配置文件

source: traefik/templates/configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

name: traefik-ingress

namespace: test

labels:

app: traefik

data:

traefik.toml: |

logLevel = "info"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]

address = ":80"

compress = true

[entryPoints.https]

address = ":443"

compress = true

[entryPoints.https.tls]

[accesslog]

bufferingSize = 100

[frontends]

[frontends.frontend1]

[frontends.frontend1.ratelimit]

extractorfunc = "client.ip"

[frontends.frontend1.ratelimit.rateset.rateset1]

period = "10s"

average = 1000

burst = 2000

[frontends.frontend1.ratelimit.rateset.rateset2]

period = "3s"

average = 5

burst = 10

[backends]

[backends.backend1]

[backends.backend1.maxconn]

amount = 10

extractorfunc = "request.host"

daemonsets 配置文件

::::::::::::::

daemonsets.yaml

::::::::::::::

apiVersion: apps/v1

kind: DaemonSet

metadata:

name: traefik-ingress

namespace: test

labels:

k8s-app: traefik-ingress

spec:

selector:

matchLabels:

k8s-app: traefik-ingress

template:

metadata:

labels:

k8s-app: traefik-ingress

name: traefik-ingress

spec:

serviceAccountName: traefik-ingress-controller

terminationGracePeriodSeconds: 60

containers:

# - image: traefik:1.7

- image: harbor.test.com/library/traefik:v1.7.26-alpine

name: traefik-ingress

imagePullPolicy: IfNotPresent

env:

- name: TZ

value: "Asia/Shanghai"

ports:

- name: http

containerPort: 80

protocol: TCP

- name: https

containerPort: 443

protocol: TCP

- name: admin-web

containerPort: 8080

protocol: TCP

securityContext:

capabilities:

drop:

- ALL

add:

- NET_BIND_SERVICE

args:

- --configfile=/config/traefik.toml

- --api

- --kubernetes

- --logLevel=INFO

- --insecureskipverify=true

- --kubernetes.endpoint=https://192.168.0.4:6443

- --accesslog

- --accesslog.bufferingsize=1000

- --accesslog.fields.names="StartUTC=drop"

- --traefiklog

- --traefiklog.format=json

- --retry

- --retry.attempts=5

- --metrics.prometheus

volumeMounts:

- mountPath: /config

name: config

volumes:

- name: config

configMap:

name: traefik-ingress

deployment 配置文件

::::::::::::::

deployment.yml

::::::::::::::

apiVersion: apps/v1

kind: Deployment

metadata:

name: traefik-ingress

namespace: test

labels:

k8s-app: traefik-ingress

spec:

replicas: 4

strategy:

type: RollingUpdate

rollingUpdate:

maxSurge: 25%

maxUnavailable: 25%

selector:

matchLabels:

k8s-app: traefik-ingress

template:

metadata:

labels:

k8s-app: traefik-ingress

name: traefik-ingress

spec:

serviceAccountName: traefik-ingress-controller

terminationGracePeriodSeconds: 60

containers:

# - image: traefik:1.7

- image: harbor.test.com/library/traefik:v1.7.26-alpine

name: traefik-ingress

imagePullPolicy: IfNotPresent

env:

- name: TZ

value: "Asia/Shanghai"

ports:

- name: http

containerPort: 80

protocol: TCP

- name: https

containerPort: 443

protocol: TCP

- name: admin-web

containerPort: 8080

protocol: TCP

securityContext:

capabilities:

drop:

- ALL

add:

- NET_BIND_SERVICE

args:

- --configfile=/config/traefik.toml

- --api

- --kubernetes

- --logLevel=INFO

- --insecureskipverify=true

- --kubernetes.endpoint=https://192.168.0.4:6443

- --accesslog

- --accesslog.bufferingsize=1000

- --accesslog.fields.names="StartUTC=drop"

- --traefiklog

- --traefiklog.format=json

- --retry

- --retry.attempts=5

- --metrics.prometheus

volumeMounts:

- mountPath: /config

name: config

volumes:

- name: config

configMap:

name: traefik-ingress

::::::::::::::

ingress.yml

::::::::::::::

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

name: traefik-web-ui

namespace: test

annotations:

kubernetes.io/ingress.class: traefik

spec:

rules:

  • host: traefik-admin.test.com

    http:

    paths:

    • path: /

      backend:

      serviceName: traefik-ingress-service

      servicePort: 8080

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

name: traefik-ingress-controller

rules:

  • apiGroups:

    • ""

      resources:

    • services

    • endpoints

    • secrets

      verbs:

    • get

    • list

    • watch

  • apiGroups:

    • extensions

      resources:

    • ingresses

      verbs:

    • get

    • list

    • watch

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: traefik-ingress-controller

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: traefik-ingress-controller

subjects:

  • kind: ServiceAccount

    name: traefik-ingress-controller

    namespace: test

::::::::::::::

svc.yml

::::::::::::::

kind: Service

apiVersion: v1

metadata:

name: traefik-ingress-service

namespace: test

spec:

selector:

k8s-app: traefik-ingress

type: NodePort

ports:

- name: http

port: 80

targetPort: 80

protocol: TCP

nodePort: 30080

- name: https

port: 443

targetPort: 443

protocol: TCP

nodePort: 30443

- protocol: TCP

port: 8080

nodePort: 38080

name: admin-web

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章

构建云原生微服务网关-篇一:Ambassador
利用Let's Encrypt 为Istio(Envoy)添加TLS 支持
React 前端应用中快速实践 OpenTelemetry 云原生可观测性(SigNoz/K8S)

4

Nomad 系列-快速上手

5

大规模 IoT 边缘容器集群管理的几种架构-6-个人体验及推荐

6

Kubernetes 零宕机滚动更新

7

使用kubeoperator安装k8s集群时自带的traefik-ingress-controller

8

ingress-nginx 的使用 =》 部署在 Kubernetes 集群中的应用暴露给外部的用户使用

9

第十二章 Kubernetes的服务暴露插件--traefik

10

从架构到部署,全面了解K3s