一、ingress
1.1、两种部署方式
1、ingress------------deployment + nodeport
daemonset + hostnetwork----每台设备只能有一个pod,因为直接使用宿主机的端口,所以只能开启一个pod。
2、ingress------svc------deployment里面的pod,这种可以有多个pod。
1.2、ingess的权限控制:
访问页面的时候,输入账号密码才可以访问页面。
basicAuth:可以创建访问密码
traefik ingress controller
专门为了部署k8s微服务开发的http方向代理和负载均衡工具。
自动发现匹配的后端pod的变化,同时有可视化的页面
自动感知变化,实现服务的自动发现
daemonset + hostnetwork 适用于大集群
deployment + nodeport 适用内部访问,性能较低
1.3、ingress-traefik和ingress-nginx之间的区别。
igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。
动态实现nginx的配置修改。
ingress-traefik:
本身就能和k8s的api的交互,感知后端的service以及pod的变化。
traefik更简单,更方便。
go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。
二、试验操作
1、访问页面的时候,输入账号密码才可以访问页面。
basicAuth:可以创建访问密码
[root@master01 opt]# cd ingress/
[root@master01 ingress]# htpasswd -c auth zhailiming
New password:
Re-type new password:
Adding password for user zhailiming
[root@master01 ingress]# ls
auth ingress-nginx1.yaml service-nodeport.yaml
https mandatory.yaml
[root@master01 ingress]# kubectl create secret generic basic-auth --from-file=auth
secret/basic-auth created[root@master01 ingress]# vim ingress-nginx1.yaml annotations:
#设置认证的类型::nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'[root@master01 ingress]# kubectl apply -f ingress-nginx1.yaml [root@master01 ingress]# kubectl get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-44ktd 1/1 Running 0 18h 192.168.168.83 node02 <none> <none>
nginx-ingress-controller-ksjkr 1/1 Running 0 18h 192.168.168.81 master01 <none> <none>
nginx-ingress-controller-z4lrr 1/1 Running 0 18h 192.168.168.82 node01 <none> <none>##进入虚拟机终端浏览器
2、重定向-----rewrite-target:
实现从www.zlm.com跳转www.xy102.com
[root@master01 ingress]# vim ingress-nginx1.yamlannotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:tls:- hosts:- www.zlm.comsecretName: tls.secret
#指定加密通信的域名,上下文一直,指定secret加密的名称,获取私钥和证
书rules:- host: www.zlm.comhttp:[root@master01 ingress]# vim /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.81 master01 www.xy102.com www.zlm.com
3、ingress-traefik和ingress-nginx之间的区别。
igress-nginx 使用nginx作为前端的负载均衡,ingress-controller和k8s的api交互来实现后端服务器的发现,pod的ip地址的变化。
动态实现nginx的配置修改。
ingress-traefik:
本身就能和k8s的api的交互,感知后端的service以及pod的变化。
traefik更简单,更方便。
go语言写的,和k8s的兼容性更好。并发能力只有ingress-nginx的6成。
DaemonSet+hostPort:
[root@master01 ingress]# vim mandatory.yaml apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:
# replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linuxhostNetwork: true
# nodeSelector:
# ingress: "true"
---------------------------------------------------ingress-traefik
[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik----------------
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月 11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月 11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root 788 9月 11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root 471 9月 11 10:27 ui.yaml[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d
traefik-ingress-service NodePort 10.96.27.248 <none> 80:30789/TCP,8080:31818/TCP 71s
traefik-web-ui ClusterIP 10.96.45.60 <none> 80/TCP 61s[root@master01 traefik]# cd ..
[root@master01 ingress]# kubectl delete -f mandatory.yaml[root@master01 ingress]# cp ingress-nginx1.yaml traefik/traefik-nginx1.yaml
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth ingress-nginx1.yaml service-nodeport.yaml
https mandatory.yaml traefik
[root@master01 ingress]# kubectl delete -f ingress-nginx1.yaml [root@master01 traefik]# vim traefik-nginx1.yaml apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-traefiklabels:app1: nginx1
spec:replicas: 3selector:matchLabels:app1: nginx1template:metadata:labels:app1: nginx1spec:containers:- name: nginx1image: nginx:1.22ports:- containerPort: 80volumeMounts:- name: nfs-pvcmountPath: /usr/share/nginx/htmlvolumes:- name: nfs-pvcpersistentVolumeClaim:claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:name: nginx-traefik-svc
spec:type: ClusterIPports:- protocol: TCPport: 80targetPort: 80selector:app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-traefik-ingressannotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
# nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:rules:- host: www.xy102.comhttp:paths:- path: /pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2backend:
#匹配的svc的名称----podservice:name: nginx-traefik-svcport:number: 80[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml [root@k8s5 k8s]# cd default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace/
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 0
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# ll
总用量 4
-rw-r--r--. 1 root root 4 9月 11 10:52 index.html
[root@k8s5 default-nfs-pvc-pvc-305bce77-a15a-4b27-bef7-e58529eadace]# [root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d1h 10.244.2.173 node02 <none> <none>
nginx-traefik-7c5f68df5b-9zxqc 1/1 Running 0 44m 10.244.1.242 node01 <none> <none>
nginx-traefik-7c5f68df5b-fx46k 1/1 Running 0 44m 10.244.0.29 master01 <none> <none>
nginx-traefik-7c5f68df5b-zjlzt 1/1 Running 0 44m 10.244.2.242 node02 <none> <none>[root@master01 traefik]# curl 10.244.1.242
123[root@master01 traefik]# kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d k8s-app=kube-dns
traefik-ingress-service NodePort 10.96.27.248 <none> 80:30789/TCP,8080:31818/TCP 134m k8s-app=traefik-ingress-lb
traefik-web-ui ClusterIP 10.96.45.60 <none> 80/TCP 134m k8s-app=traefik-ingress-lb
[root@master01 traefik]# curl www.xy102.com:30789
123
4、Deployment+nodeport----四个yaml文件都执行
[root@master01 ingress]# vim mandatory.yaml apiVersion: apps/v1
kind: Deployment
#kind: DaemonSet
metadata:name: nginx-ingress-controllernamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:replicas: 1selector:matchLabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxtemplate:metadata:labels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginxannotations:prometheus.io/port: "10254"prometheus.io/scrape: "true"spec:# wait up to five minutes for the drain of connectionsterminationGracePeriodSeconds: 300serviceAccountName: nginx-ingress-serviceaccountnodeSelector:kubernetes.io/os: linux
# hostNetwork: true
# nodeSelector:
# ingress: "true"[root@master01 ingress]# kubectl apply -f mandatory.yaml [root@master01 ingress]# vim service-nodeport.yaml apiVersion: v1
kind: Service
metadata:name: ingress-nginxnamespace: ingress-nginxlabels:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx
spec:type: NodePortports:- name: httpport: 80targetPort: 80protocol: TCP- name: httpsport: 443targetPort: 443protocol: TCPselector:app.kubernetes.io/name: ingress-nginxapp.kubernetes.io/part-of: ingress-nginx[root@master01 ingress]# kubectl apply -f service-nodeport.yaml[root@master01 ingress]# mkdir traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# pwd
/opt/ingress/traefik----------------
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml
----------------
[root@master01 traefik]# ll
总用量 16
-rw-r--r--. 1 root root 1114 9月 11 10:26 traefik-deployment.yaml
-rw-r--r--. 1 root root 1294 9月 11 10:26 traefik-ds.yaml
-rw-r--r--. 1 root root 788 9月 11 10:26 traefik-rbac.yaml
-rw-r--r--. 1 root root 471 9月 11 10:27 ui.yaml[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# vim traefik-nginx1.yaml kind: Deployment
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-traefiklabels:app1: nginx1
spec:replicas: 3selector:matchLabels:app1: nginx1template:metadata:labels:app1: nginx1spec:containers:- name: nginx1image: nginx:1.22ports:- containerPort: 80volumeMounts:- name: nfs-pvcmountPath: /usr/share/nginx/htmlvolumes:- name: nfs-pvcpersistentVolumeClaim:claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:name: nginx-traefik-svc
spec:type: ClusterIPports:- protocol: TCPport: 80targetPort: 80selector:app1: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-traefik-ingressannotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
# nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:rules:- host: www.xy102.comhttp:paths:- path: /pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2backend:
#匹配的svc的名称----podservice:name: nginx-traefik-svcport:number: 80[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d3h 10.244.2.173 node02 <none> <none>
nginx-traefik-849b6f9457-5cj9x 1/1 Running 0 16m 10.244.1.244 node01 <none> <none>
nginx-traefik-849b6f9457-jmznh 1/1 Running 0 16m 10.244.0.31 master01 <none> <none>
nginx-traefik-849b6f9457-kj2rx 1/1 Running 0 16m 10.244.2.245 node02 <none> [root@master01 traefik]# kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 15d k8s-app=kube-dns
traefik-ingress-service NodePort 10.96.27.248 <none> 80:30789/TCP,8080:31818/TCP 3h15m k8s-app=traefik-ingress-lb
traefik-web-ui ClusterIP 10.96.45.60 <none> 80/TCP 3h14m k8s-app=traefik-ingress-lb[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月 11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# [root@master01 traefik]# curl www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl www.xy102.com:30789
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月 11 13:35 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d/
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# ls
[root@k8s5 default-nfs-pvc-pvc-667cee0d-c02c-421c-b850-1b9087c2c02d]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-30489c95-7b49-4f10-b139-b5942d1a3fc1]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# ls
[root@k8s5 test2]# echo 789 > index.html[root@master01 traefik]# curl -L www.xy102.com:30733
123
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# vim traefik-nginx1.yaml
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:30733/test1
curl: (7) Failed connect to www.xy102.com:30733; 拒绝连接
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service ClusterIP 10.96.231.58 <none> 80/TCP,8080/TCP 21m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 21m
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.231.58 <none> 80:31767/TCP,8080:32510/TCP 22m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 22m
[root@master01 traefik]# curl -L www.xy102.com:31767
123
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
789
三、ingress的总结+项目部署
ingress: 对外提供访问:
ingress----根据servicename选择service-----service把服务把请求根据匹配的标签转发pod。
支持http 80 https 443
deployment+NodePort
daemonset+hostnetwork
ingress-traefik
ingress-nginx
四、作业
1、Deployment+nodeport----四个yaml文件都执行
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# vim traefik-
[root@master01 traefik]# vim traefik-deployment.yaml
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# vim traefik-nginx1.yaml
[root@master01 traefik]# ls
traefik-deployment.yaml traefik-nginx1.yaml ui.yaml
traefik-ds.yaml traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.231.58 <none> 80:31767/TCP,8080:32510/TCP 71m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 71m
[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d5h 10.244.2.173 node02 <none> <none>
[root@master01 traefik]# vim traefik-nginx1.yaml
[root@master01 traefik]# cd ..
[root@master01 ingress]# ls
auth https ingress-nginx1.yaml mandatory.yaml service-nodeport.yaml traefik
[root@master01 ingress]# cd traefik/
[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml
persistentvolumeclaim/nfs-pvc created
deployment.apps/nginx-traefik created
service/nginx-traefik-svc created
ingress.networking.k8s.io/nginx-traefik-ingress created
[root@master01 traefik]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 5d5h 10.244.2.173 node02 <none> <none>
nginx-traefik-64f4cf4c65-cr6m8 1/1 Running 0 7s 10.244.1.251 node01 <none> <none>
nginx-traefik-64f4cf4c65-ls2j8 1/1 Running 0 7s 10.244.0.38 master01 <none> <none>
nginx-traefik-64f4cf4c65-qxmt7 1/1 Running 0 7s 10.244.2.254 node02 <none> <none>
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.231.58 <none> 80:31767/TCP,8080:32510/TCP 76m
traefik-web-ui ClusterIP 10.96.119.46 <none> 80/TCP 76m
[root@master01 traefik]# curl www.xy102.com
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>[root@k8s5 k8s]# ll
总用量 0
drwxrwxrwx. 2 root root 6 9月 11 15:57 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777
[root@k8s5 k8s]# cd default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777/
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# echo 123 > index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# ls
index.html
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# mkdir test1
[root@k8s5 default-nfs-pvc-pvc-b63d202e-f6f6-4078-b765-f05bf2d3f777]# cd test1/
[root@k8s5 test1]# echo 456 > index.html
[root@k8s5 test1]# mkdir test2
[root@k8s5 test1]# cd test2/
[root@k8s5 test2]# echo 789 > index.html[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com
123
[root@master01 traefik]# curl www.xy102.com:31767
123
[root@master01 traefik]# curl www.xy102.com:31767/test1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@master01 traefik]# curl -L www.xy102.com:31767/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31767/test1/test2
7892、DaemonSet+hostPort----三个yaml文件都执行
[root@master01 traefik]# vim traefik-nginx1.yaml apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nfs-pvc
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-traefiklabels:app1: nginx
spec:replicas: 3selector:matchLabels:app1: nginxtemplate:metadata:labels:app1: nginxspec:containers:- name: nginximage: nginx:1.22ports:- containerPort: 80volumeMounts:- name: nfs-pvcmountPath: /usr/share/nginx/htmlvolumes:- name: nfs-pvcpersistentVolumeClaim:claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:name: nginx-traefik-svc
spec:type: ClusterIPports:- protocol: TCPport: 80targetPort: 80selector:app1: nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: nginx-traefik-ingressannotations:
#设置认证的类型::
# nginx.ingress.kubernetes.io/auth-type: basic
#设置认证的secret的名称
# nginx.ingress.kubernetes.io/auth-secret: basic-auth
#设置认证窗口的提示信息
# nginx.ingress.kubernetes.io/auth-realm: 'wo ai zhailiming'
# nginx.ingress.kubernetes.io/rewrite-target: https://www.xy102.com
#设定重定向流量的目标连接
spec:rules:- host: www.xy102.comhttp:paths:- path: /pathType: Prefix
#前缀匹配,匹配/ /test1 /test1/test2backend:
#匹配的svc的名称----podservice:name: nginx-traefik-svcport:number: 80[root@master01 traefik]# kubectl apply -f traefik-nginx1.yaml wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-deployment.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-rbac.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/traefik-ds.yaml
wget https://gitee.com/mirrors/traefik/raw/v1.7/examples/k8s/ui.yaml[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
[root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.251.209 <none> 80:31552/TCP,8080:30058/TCP 3m33s
traefik-web-ui ClusterIP 10.96.71.175 <none> 80/TCP 23s[root@master01 traefik]# curl -L www.xy102.com
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com:31552
123
[root@master01 traefik]# curl -L www.xy102.com:31552/test1
curl: (7) Failed connect to www.xy102.com:80; 拒绝连接
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml [root@master01 traefik]# kubectl apply -f traefik-rbac.yaml [root@master01 traefik]# kubectl apply -f ui.yaml [root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service ClusterIP 10.96.201.30 <none> 80/TCP,8080/TCP 39s
traefik-web-ui ClusterIP 10.96.71.175 <none> 80/TCP 16m
[root@master01 traefik]# curl -L www.xy102.com:30023/test1
curl: (7) Failed connect to www.xy102.com:30023; 拒绝连接
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com
123##发现只要apply-------traefik-ds.yaml----------traefik-rbac.yaml-----------------ui.yaml3、Deployment+nodeport
[root@master01 traefik]# kubectl apply -f traefik-ds.yaml
serviceaccount/traefik-ingress-controller unchanged
daemonset.apps/traefik-ingress-controller unchanged
service/traefik-ingress-service unchanged
[root@master01 traefik]# kubectl apply -f traefik-rbac.yaml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller unchanged
[root@master01 traefik]# kubectl apply -f traefik-deployment.yaml
serviceaccount/traefik-ingress-controller unchanged
deployment.apps/traefik-ingress-controller created
service/traefik-ingress-service configured
[root@master01 traefik]# kubectl apply -f ui.yaml
service/traefik-web-ui unchanged
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.201.30 <none> 80:31318/TCP,8080:32115/TCP 9m38s
traefik-web-ui ClusterIP 10.96.71.175 <none> 80/TCP 25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.extensions/traefik-web-ui configured
[root@master01 traefik]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP,9153/TCP 16d
traefik-ingress-service NodePort 10.96.201.30 80:31318/TCP,8080:32115/TCP 9m38s
traefik-web-ui ClusterIP 10.96.71.175 80/TCP 25m
[root@master01 traefik]# curl -L www.xy102.com
123
[root@master01 traefik]# curl -L www.xy102.com/test1
456
[root@master01 traefik]# curl -L www.xy102.com/test1/test2
789
[root@master01 traefik]# curl -L www.xy102.com:31318
123
[root@master01 traefik]# curl -L www.xy102.com:31318/test1
456
[root@master01 traefik]# curl -L www.xy102.com:31318/test1/test2
789
