总结traefik 在k8s 环境中的配置文件

总结traefik 在k8s 环境中的配置文件

traefik.toml配置文件引用

[www@localhost traefik-ingress]$ more *

::::::::::::::

configmap.yml

::::::::::::::

source: traefik/templates/configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

name: traefik-ingress

namespace: test

labels:

app: traefik

data:

traefik.toml: |

logLevel = "info"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]

address = ":80"

compress = true

[entryPoints.https]

address = ":443"

compress = true

[entryPoints.https.tls]

[accesslog]

bufferingSize = 100

[frontends]

[frontends.frontend1]

[frontends.frontend1.ratelimit]

extractorfunc = "client.ip"

[frontends.frontend1.ratelimit.rateset.rateset1]

period = "10s"

average = 1000

burst = 2000

[frontends.frontend1.ratelimit.rateset.rateset2]

period = "3s"

average = 5

burst = 10

[backends]

[backends.backend1]

[backends.backend1.maxconn]

amount = 10

extractorfunc = "request.host"

下面两种方式都可以实践发布traefik，daemonsets和deployment ，任选其中之一就可以

daemonsets 配置文件

::::::::::::::

daemonsets.yaml

::::::::::::::

apiVersion: apps/v1

kind: DaemonSet

metadata:

name: traefik-ingress

namespace: test

labels:

k8s-app: traefik-ingress

spec:

selector:

matchLabels:

k8s-app: traefik-ingress

template:

metadata:

labels:

k8s-app: traefik-ingress

name: traefik-ingress

spec:

serviceAccountName: traefik-ingress-controller

terminationGracePeriodSeconds: 60

containers:

# - image: traefik:1.7

- image: harbor.test.com/library/traefik:v1.7.26-alpine

name: traefik-ingress

imagePullPolicy: IfNotPresent

env:

- name: TZ

value: "Asia/Shanghai"

ports:

- name: http

containerPort: 80

protocol: TCP

- name: https

containerPort: 443

protocol: TCP

- name: admin-web

containerPort: 8080

protocol: TCP

securityContext:

capabilities:

drop:

- ALL

add:

- NET_BIND_SERVICE

args:

- --configfile=/config/traefik.toml

- --api

- --kubernetes

- --logLevel=INFO

- --insecureskipverify=true

- --kubernetes.endpoint=https://192.168.0.4:6443

- --accesslog

- --accesslog.bufferingsize=1000

- --accesslog.fields.names="StartUTC=drop"

- --traefiklog

- --traefiklog.format=json

- --retry

- --retry.attempts=5

- --metrics.prometheus

volumeMounts:

- mountPath: /config

name: config

volumes:

- name: config

configMap:

name: traefik-ingress

deployment 配置文件

::::::::::::::

deployment.yml

::::::::::::::

apiVersion: apps/v1

kind: Deployment

metadata:

name: traefik-ingress

namespace: test

labels:

k8s-app: traefik-ingress

spec:

replicas: 4

strategy:

type: RollingUpdate

rollingUpdate:

maxSurge: 25%

maxUnavailable: 25%

selector:

matchLabels:

k8s-app: traefik-ingress

template:

metadata:

labels:

k8s-app: traefik-ingress

name: traefik-ingress

spec:

serviceAccountName: traefik-ingress-controller

terminationGracePeriodSeconds: 60

containers:

# - image: traefik:1.7

- image: harbor.test.com/library/traefik:v1.7.26-alpine

name: traefik-ingress

imagePullPolicy: IfNotPresent

env:

- name: TZ

value: "Asia/Shanghai"

ports:

- name: http

containerPort: 80

protocol: TCP

- name: https

containerPort: 443

protocol: TCP

- name: admin-web

containerPort: 8080

protocol: TCP

securityContext:

capabilities:

drop:

- ALL

add:

- NET_BIND_SERVICE

args:

- --configfile=/config/traefik.toml

- --api

- --kubernetes

- --logLevel=INFO

- --insecureskipverify=true

- --kubernetes.endpoint=https://192.168.0.4:6443

- --accesslog

- --accesslog.bufferingsize=1000

- --accesslog.fields.names="StartUTC=drop"

- --traefiklog

- --traefiklog.format=json

- --retry

- --retry.attempts=5

- --metrics.prometheus

volumeMounts:

- mountPath: /config

name: config

volumes:

- name: config

configMap:

name: traefik-ingress

ingress 配置文件

::::::::::::::

ingress.yml

::::::::::::::

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

name: traefik-web-ui

namespace: test

annotations:

kubernetes.io/ingress.class: traefik

spec:

rules:

• host: traefik-admin.test.com
  
  http:
  
  paths:
  • path: /
    
    backend:
    
    serviceName: traefik-ingress-service
    
    servicePort: 8080

rbac 配置文件

::::::::::::::

rbac.yml

::::::::::::::

apiVersion: v1

kind: ServiceAccount

metadata:

name: traefik-ingress-controller

namespace: test

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

name: traefik-ingress-controller

rules:

• apiGroups:
  • ""
    
    resources:
  • services
  • endpoints
  • secrets
    
    verbs:
  • get
  • list
  • watch
• apiGroups:
  • extensions
    
    resources:
  • ingresses
    
    verbs:
  • get
  • list
  • watch

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: traefik-ingress-controller

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: traefik-ingress-controller

subjects:

• kind: ServiceAccount
  
  name: traefik-ingress-controller
  
  namespace: test

traefik svc 配置文件

::::::::::::::

svc.yml

::::::::::::::

kind: Service

apiVersion: v1

metadata:

name: traefik-ingress-service

namespace: test

spec:

selector:

k8s-app: traefik-ingress

type: NodePort

ports:

- name: http

port: 80

targetPort: 80

protocol: TCP

nodePort: 30080

- name: https

port: 443

targetPort: 443

protocol: TCP

nodePort: 30443

- protocol: TCP

port: 8080

nodePort: 38080

name: admin-web