总结traefik 在k8s 环境中的配置文件
traefik.toml配置文件引用
[www@localhost traefik-ingress]$ more *
::::::::::::::
configmap.yml
::::::::::::::
source: traefik/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-ingress
namespace: test
labels:
app: traefik
data:
traefik.toml: |
logLevel = "info"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[accesslog]
bufferingSize = 100
[frontends]
[frontends.frontend1]
[frontends.frontend1.ratelimit]
extractorfunc = "client.ip"
[frontends.frontend1.ratelimit.rateset.rateset1]
period = "10s"
average = 1000
burst = 2000
[frontends.frontend1.ratelimit.rateset.rateset2]
period = "3s"
average = 5
burst = 10
[backends]
[backends.backend1]
[backends.backend1.maxconn]
amount = 10
extractorfunc = "request.host"
下面两种方式都可以实践发布traefik,daemonsets和deployment ,任选其中之一就可以
daemonsets 配置文件
::::::::::::::
daemonsets.yaml
::::::::::::::
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: traefik-ingress
namespace: test
labels:
k8s-app: traefik-ingress
spec:
selector:
matchLabels:
k8s-app: traefik-ingress
template:
metadata:
labels:
k8s-app: traefik-ingress
name: traefik-ingress
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
# - image: traefik:1.7
- image: harbor.test.com/library/traefik:v1.7.26-alpine
name: traefik-ingress
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: "Asia/Shanghai"
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: admin-web
containerPort: 8080
protocol: TCP
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --configfile=/config/traefik.toml
- --api
- --kubernetes
- --logLevel=INFO
- --insecureskipverify=true
- --kubernetes.endpoint=https://192.168.0.4:6443
- --accesslog
- --accesslog.bufferingsize=1000
- --accesslog.fields.names="StartUTC=drop"
- --traefiklog
- --traefiklog.format=json
- --retry
- --retry.attempts=5
- --metrics.prometheus
volumeMounts:
- mountPath: /config
name: config
volumes:
- name: config
configMap:
name: traefik-ingress
deployment 配置文件
::::::::::::::
deployment.yml
::::::::::::::
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-ingress
namespace: test
labels:
k8s-app: traefik-ingress
spec:
replicas: 4
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
k8s-app: traefik-ingress
template:
metadata:
labels:
k8s-app: traefik-ingress
name: traefik-ingress
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
# - image: traefik:1.7
- image: harbor.test.com/library/traefik:v1.7.26-alpine
name: traefik-ingress
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: "Asia/Shanghai"
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: admin-web
containerPort: 8080
protocol: TCP
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --configfile=/config/traefik.toml
- --api
- --kubernetes
- --logLevel=INFO
- --insecureskipverify=true
- --kubernetes.endpoint=https://192.168.0.4:6443
- --accesslog
- --accesslog.bufferingsize=1000
- --accesslog.fields.names="StartUTC=drop"
- --traefiklog
- --traefiklog.format=json
- --retry
- --retry.attempts=5
- --metrics.prometheus
volumeMounts:
- mountPath: /config
name: config
volumes:
- name: config
configMap:
name: traefik-ingress
ingress 配置文件
::::::::::::::
ingress.yml
::::::::::::::
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: test
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: traefik-admin.test.com
http:
paths:- path: /
backend:
serviceName: traefik-ingress-service
servicePort: 8080
- path: /
rbac 配置文件
::::::::::::::
rbac.yml
::::::::::::::
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: test
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources: - services
- endpoints
- secrets
verbs: - get
- list
- watch
- ""
- apiGroups:
- extensions
resources: - ingresses
verbs: - get
- list
- watch
- extensions
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: test
traefik svc 配置文件
::::::::::::::
svc.yml
::::::::::::::
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: test
spec:
selector:
k8s-app: traefik-ingress
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
- protocol: TCP
port: 8080
nodePort: 38080
name: admin-web