Traefik-v2.x快速入门

2023-12-13 23:38
文章标签 入门 快速 v2 traefik

本文主要是介绍Traefik-v2.x快速入门,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

一、概述

traefik 与 nginx 一样,是一款优秀的反向代理工具,或者叫 Edge Router。至于使用它的原因则基于以下几点

  • 无须重启即可更新配置
  • 自动的服务发现与负载均衡
  • 与 docker 的完美集成,基于 container label 的配置
  • 漂亮的 dashboard 界面
  • metrics 的支持,对 prometheus 和 k8s 的集成

接下来讲一下它的安装,基本功能以及配置。traefik 在 v1 与 v2 版本间差异过大,本篇文章采用了 v2

traefik官方文档:https://docs.traefik.io/

注意:Traefikv2.0之后的版本在修改了很多bug之后也增加了新的特性,比如增加了TCP的支持,并且更换了新的WEB UI界面

 

二、快速开始

环境介绍

操作系统:centos7.6

数量:1台

docker版本:19.03.6

docker版本:1.24.1

ip地址:192.168.28.218

 

docker-compose启动

新建yaml文件

vi traefik-v2.1.yaml

内容如下:

version: '3'
services:reverse-proxy:image: traefik:2.1.6# Enables the web UI and tells Traefik to listen to docker# 启用webUI 并告诉Traefile去监听docker的容器实例command: --api.insecure=true --providers.dockerports:# traefik暴露的http端口- "80:80"# webUI暴露的端口(必须制定--api.insecure=true才可以访问)- "8080:8080"volumes:# 指定docker的sock文件来让traefik获取docker的事件,从而实现动态负载均衡- /var/run/docker.sock:/var/run/docker.sock

 

使用docker-compose创建集群

# docker-compose -f traefik-v2.1.yaml up -d reverse-proxy
Creating network "opt_default" with the default driver
Creating opt_reverse-proxy_1 ... done

 

查看使用docker-compose启动的应用

# docker-compose -f traefik-v2.1.yaml psName                      Command               State                     Ports                   
---------------------------------------------------------------------------------------------------------
opt_reverse-proxy_1   /entrypoint.sh --api.insec ...   Up      0.0.0.0:80->80/tcp, 0.0.0.0:8080->8080/tcp

 

直接访问traefik对外暴露的http接口

curl -s  "http://localhost:8080/api/rawdata" | python -m json.tool

输出如下:

{"middlewares": {"dashboard_redirect@internal": {"redirectRegex": {"permanent": true,"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$","replacement": "${1}/dashboard/"},"status": "enabled","usedBy": ["dashboard@internal"]},"dashboard_stripprefix@internal": {"status": "enabled","stripPrefix": {"prefixes": ["/dashboard/","/dashboard"]},"usedBy": ["dashboard@internal"]}},"routers": {"api@internal": {"entryPoints": ["traefik"],"priority": 2147483646,"rule": "PathPrefix(`/api`)","service": "api@internal","status": "enabled","using": ["traefik"]},"dashboard@internal": {"entryPoints": ["traefik"],"middlewares": ["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority": 2147483645,"rule": "PathPrefix(`/`)","service": "dashboard@internal","status": "enabled","using": ["traefik"]},"reverse-proxy-opt@docker": {"rule": "Host(`reverse-proxy-opt`)","service": "reverse-proxy-opt","status": "enabled","using": ["http","traefik"]}},"services": {"api@internal": {"status": "enabled","usedBy": ["api@internal"]},"dashboard@internal": {"status": "enabled","usedBy": ["dashboard@internal"]},"reverse-proxy-opt@docker": {"loadBalancer": {"passHostHeader": true,"servers": [{"url": "http://172.18.0.2:80"}]},"serverStatus": {"http://172.18.0.2:80": "UP"},"status": "enabled","usedBy": ["reverse-proxy-opt@docker"]}}
}
View Code

 

查看Traefik官方Dashboard

http://192.168.28.218:8080/

效果如下:

 

 

三、创建一个路由

Traefik来检测新服务并为你创建一个路由

创建一个新服务

vi test-service.yaml

内容如下:

version: '3'
services:whoami:image: containous/whoamilabels:- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"

 

创建服务

# docker-compose -f test-service.yaml up -d whoami
WARNING: Found orphan containers (opt_reverse-proxy_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating opt_whoami_1 ... done

 

查看新创建的服务

# docker-compose  -f test-service.yaml psName       Command   State   Ports 
---------------------------------------
opt_whoami_1   /whoami   Up      80/tcp

 

 

再次查看traefik中的路由信息(就会发现服务自动加载进去了)
其实有点儿类似kong 的路由,只是traefik会自动监听docker的事件

curl -s  "http://localhost:8080/api/rawdata" | python -m json.tool

输出如下:

{"middlewares": {"dashboard_redirect@internal": {"redirectRegex": {"permanent": true,"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$","replacement": "${1}/dashboard/"},"status": "enabled","usedBy": ["dashboard@internal"]},"dashboard_stripprefix@internal": {"status": "enabled","stripPrefix": {"prefixes": ["/dashboard/","/dashboard"]},"usedBy": ["dashboard@internal"]}},"routers": {"api@internal": {"entryPoints": ["traefik"],"priority": 2147483646,"rule": "PathPrefix(`/api`)","service": "api@internal","status": "enabled","using": ["traefik"]},"dashboard@internal": {"entryPoints": ["traefik"],"middlewares": ["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority": 2147483645,"rule": "PathPrefix(`/`)","service": "dashboard@internal","status": "enabled","using": ["traefik"]},"reverse-proxy-opt@docker": {"rule": "Host(`reverse-proxy-opt`)","service": "reverse-proxy-opt","status": "enabled","using": ["http","traefik"]},"whoami@docker": {"rule": "Host(`whoami.docker.localhost`)","service": "whoami-opt","status": "enabled","using": ["http","traefik"]}},"services": {"api@internal": {"status": "enabled","usedBy": ["api@internal"]},"dashboard@internal": {"status": "enabled","usedBy": ["dashboard@internal"]},"reverse-proxy-opt@docker": {"loadBalancer": {"passHostHeader": true,"servers": [{"url": "http://172.19.0.2:80"}]},"serverStatus": {"http://172.19.0.2:80": "UP"},"status": "enabled","usedBy": ["reverse-proxy-opt@docker"]},"whoami-opt@docker": {"loadBalancer": {"passHostHeader": true,"servers": [{"url": "http://172.19.0.3:80"}]},"serverStatus": {"http://172.19.0.3:80": "UP"},"status": "enabled","usedBy": ["whoami@docker"]}}
}
View Code

 

查看http反向代理记录

查看Traefik中的http反向代理记录,点击HTTP

 

测试traefik相关功能

 测试访问

# curl -H Host:whoami.docker.localhost http://localhost
Hostname: c334de4bc3c8
IP: 127.0.0.1
IP: 172.19.0.3
RemoteAddr: 172.19.0.2:57632
GET / HTTP/1.1
Host: whoami.docker.localhost
User-Agent: curl/7.29.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.19.0.1
X-Forwarded-Host: whoami.docker.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 1ee8d25b3aac
X-Real-Ip: 172.19.0.1

 

单机扩容

# docker-compose -f test-service.yaml up -d --scale whoami=2
WARNING: Found orphan containers (opt_reverse-proxy_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Starting opt_whoami_1 ... done
Creating opt_whoami_2 ... done

 

再次访问(就会发现自动负载到两个不同的实例上去了)

# curl -H Host:whoami.docker.localhost http://localhost
Hostname: c334de4bc3c8
IP: 127.0.0.1
IP: 172.19.0.3
RemoteAddr: 172.19.0.2:57632
GET / HTTP/1.1
Host: whoami.docker.localhost
User-Agent: curl/7.29.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.19.0.1
X-Forwarded-Host: whoami.docker.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 1ee8d25b3aac
X-Real-Ip: 172.19.0.1

 

查看Traefike后端每个service的详情信息:

 

 

 就会看到2个service

 

 

四、Traefik配置介绍

traefik配置结构图

 

在traefik中的配置,会涉及到两方面内容:

  • 动态的路由配置(即由k8s-api或docker相关api来自动发现服务的endpoint而进行路由的配置描述)
  • 静态的启动配置(即traefik标准的启动配置参数)

注意:使用docker run traefik[:version] --help可查看traefik的配置参数

 

五、k8s部署Traefik

环境介绍

操作系统ip主机名配置备注
centos 7.6192.168.31.150 k8s-master2核4GKubernetes1.16.3
centos 7.6192.168.31.178 k8s-node012核8GKubernetes1.16.3

 

 

 

 

yaml文件介绍

mkdir /opt/traefik

目录结构如下:

./
├── traefik-config.yaml
├── traefik-ds-v2.1.6.yaml
├── traefik-rbac.yaml
└── ui.yaml

 

traefik-config.yaml

apiVersion: v1
kind: ConfigMap
metadata:name: traefik-confignamespace: kube-system
data:traefik.toml: |defaultEntryPoints = ["http","https"]debug = falselogLevel = "INFO"# Do not verify backend certificates (use https backends)InsecureSkipVerify = true[entryPoints][entryPoints.http]address = ":80"compress = true[entryPoints.https]address = ":443"[entryPoints.https.tls]#Config to redirect http to https#[entryPoints]#  [entryPoints.http]#  address = ":80"#  compress = true#    [entryPoints.http.redirect]#    entryPoint = "https"#  [entryPoints.https]#  address = ":443"#    [entryPoints.https.tls][web]address = ":8080"[kubernetes][metrics][metrics.prometheus]buckets=[0.1,0.3,1.2,5.0]entryPoint = "traefik"[ping]entryPoint = "http"
View Code

 

traefik-ds-v2.1.6.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:name: traefik-ingress-controllernamespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
#apiVersion: extensions/v1beta1
metadata:name: traefik-ingress-controller-v2namespace: kube-systemlabels:k8s-app: traefik-ingress-lb
spec:selector:matchLabels:name: traefik-ingress-lb-v2template:metadata:labels:k8s-app: traefik-ingress-lbname: traefik-ingress-lb-v2spec:serviceAccountName: traefik-ingress-controllerterminationGracePeriodSeconds: 60containers:- image: traefik:2.1.6name: traefik-ingress-lb-v2ports:- name: httpcontainerPort: 80hostPort: 80- name: admincontainerPort: 8080hostPort: 8080securityContext:capabilities:drop:- ALLadd:- NET_BIND_SERVICEargs:- --api- --api.insecure=true- --providers.kubernetesingress=true- --log.level=INFO#- --configfile=/config/traefik.toml#volumeMounts:#- mountPath: /config#  name: configvolumes:- configMap:name: traefik-configname: config
---
kind: Service
apiVersion: v1
metadata:name: traefik-ingress-service-v2namespace: kube-systemlabels:k8s-app: traefik-ingress-lb-v2
spec:selector:k8s-app: traefik-ingress-lb-v2ports:- protocol: TCPport: 80name: web- protocol: TCPport: 8080name: admin
View Code

 

traefik-rbac.yaml

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: traefik-ingress-controller
rules:- apiGroups:- ""resources:- services- endpoints- secretsverbs:- get- list- watch- apiGroups:- extensionsresources:- ingressesverbs:- get- list- watch- apiGroups:- extensionsresources:- ingresses/statusverbs:- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: traefik-ingress-controller
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: traefik-ingress-controller
subjects:
- kind: ServiceAccountname: traefik-ingress-controllernamespace: kube-system
View Code

 

ui.yaml

---
apiVersion: v1
kind: Service
metadata:name: traefik-web-uinamespace: kube-system
spec:selector:k8s-app: traefik-ingress-lbports:- name: webport: 80targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: traefik-web-uinamespace: kube-system
spec:rules:- host: prod-traefik-ui.bgbiao.cnhttp:paths:- path: /backend:serviceName: traefik-web-uiservicePort: web
View Code

 

部署

cd /opt/traefik
kubectl apply -f .

 

查看pod

# kubectl get pods -n kube-system | grep traefik
traefik-ingress-controller-v2-hz82b        1/1     Running   0          8m4s

 

 查看svc

# kubectl get svc -n kube-system | grep traefik
traefik-ingress-service-v2   ClusterIP   10.1.188.71    <none>        80/TCP,8080/TCP          8m56s
traefik-web-ui               ClusterIP   10.1.239.107   <none>        80/TCP                   46m

 

查看ingresses

# kubectl get ingresses.extensions -n kube-system
NAME             HOSTS                       ADDRESS   PORTS   AGE
traefik-web-ui   prod-traefik-ui.bgbiao.cn             80      48m

 

查看traefik的dashboard

域名访问

由于没有dns服务器,这里直接修改hosts来测试。windows 10添加一条hosts记录

192.168.31.178 prod-traefik-ui.bgbiao.cn

注意:这里的192.168.31.178是node节点ip

 

效果如下:

 

 

ip方式

直接通过node ip+8080方式,比如:

http://192.168.31.178:8080

效果同上!

 

点击http

 

 查看 http service

 

 效果如下:

 

 

注意:虽然traefikv2.x改动了很多,但是还是向下兼容一些内容的,比如我重新创建traefik-v2.0.1之后,之前创建的ingress规则会自动导入

 

 

本文参考链接:

https://www.jianshu.com/p/0fc6df85d00d

https://zhuanlan.zhihu.com/p/97420459

这篇关于Traefik-v2.x快速入门的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/490364

相关文章

Python多线程实现大文件快速下载的代码实现

Python多线程实现大文件快速下载的代码实现

《Python多线程实现大文件快速下载的代码实现》在互联网时代,文件下载是日常操作之一,尤其是大文件,然而,网络条件不稳定或带宽有限时,下载速度会变得很慢,本文将介绍如何使用Python实现多线程下载... 目录引言一、多线程下载原理二、python实现多线程下载代码说明:三、实战案例四、注意事项五、总结引
阅读更多...
C#使用Spire.XLS快速生成多表格Excel文件

C#使用Spire.XLS快速生成多表格Excel文件

《C#使用Spire.XLS快速生成多表格Excel文件》在日常开发中,我们经常需要将业务数据导出为结构清晰的Excel文件,本文将手把手教你使用Spire.XLS这个强大的.NET组件,只需几行C#... 目录一、Spire.XLS核心优势清单1.1 性能碾压:从3秒到0.5秒的质变1.2 批量操作的优雅
阅读更多...
Java List 使用举例(从入门到精通)

Java List 使用举例(从入门到精通)

《JavaList使用举例(从入门到精通)》本文系统讲解JavaList,涵盖基础概念、核心特性、常用实现(如ArrayList、LinkedList)及性能对比,介绍创建、操作、遍历方法,结合实... 目录一、List 基础概念1.1 什么是 List?1.2 List 的核心特性1.3 List 家族成
阅读更多...
Mybatis-Plus 3.5.12 分页拦截器消失的问题及快速解决方法

Mybatis-Plus 3.5.12 分页拦截器消失的问题及快速解决方法

《Mybatis-Plus3.5.12分页拦截器消失的问题及快速解决方法》作为Java开发者,我们都爱用Mybatis-Plus简化CRUD操作,尤其是它的分页功能,几行代码就能搞定复杂的分页查询... 目录一、问题场景:分页拦截器突然 “失踪”二、问题根源:依赖拆分惹的祸三、解决办法:添加扩展依赖四、分页
阅读更多...
c++日志库log4cplus快速入门小结

c++日志库log4cplus快速入门小结

《c++日志库log4cplus快速入门小结》文章浏览阅读1.1w次,点赞9次,收藏44次。本文介绍Log4cplus,一种适用于C++的线程安全日志记录API,提供灵活的日志管理和配置控制。文章涵盖... 目录简介日志等级配置文件使用关于初始化使用示例总结参考资料简介log4j 用于Java,log4c
阅读更多...
史上最全MybatisPlus从入门到精通

史上最全MybatisPlus从入门到精通

《史上最全MybatisPlus从入门到精通》MyBatis-Plus是MyBatis增强工具,简化开发并提升效率,支持自动映射表名/字段与实体类,提供条件构造器、多种查询方式(等值/范围/模糊/分页... 目录1.简介2.基础篇2.1.通用mapper接口操作2.2.通用service接口操作3.进阶篇3
阅读更多...
Python自定义异常的全面指南(入门到实践)

Python自定义异常的全面指南(入门到实践)

《Python自定义异常的全面指南(入门到实践)》想象你正在开发一个银行系统,用户转账时余额不足,如果直接抛出ValueError,调用方很难区分是金额格式错误还是余额不足,这正是Python自定义异... 目录引言:为什么需要自定义异常一、异常基础:先搞懂python的异常体系1.1 异常是什么?1.2
阅读更多...
Python实现Word转PDF全攻略(从入门到实战)

Python实现Word转PDF全攻略(从入门到实战)

《Python实现Word转PDF全攻略(从入门到实战)》在数字化办公场景中,Word文档的跨平台兼容性始终是个难题,而PDF格式凭借所见即所得的特性,已成为文档分发和归档的标准格式,下面小编就来和大... 目录一、为什么需要python处理Word转PDF?二、主流转换方案对比三、五套实战方案详解方案1:
阅读更多...
使用Redis快速实现共享Session登录的详细步骤

使用Redis快速实现共享Session登录的详细步骤

《使用Redis快速实现共享Session登录的详细步骤》在Web开发中,Session通常用于存储用户的会话信息,允许用户在多个页面之间保持登录状态,Redis是一个开源的高性能键值数据库,广泛用于... 目录前言实现原理:步骤:使用Redis实现共享Session登录1. 引入Redis依赖2. 配置R
阅读更多...
Spring WebClient从入门到精通

Spring WebClient从入门到精通

《SpringWebClient从入门到精通》本文详解SpringWebClient非阻塞响应式特性及优势,涵盖核心API、实战应用与性能优化,对比RestTemplate,为微服务通信提供高效解决... 目录一、WebClient 概述1.1 为什么选择 WebClient?1.2 WebClient 与
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2