侧边栏壁纸
博主头像
背锅小王子博主等级

我从事运维工作有十年之久,主要从事云原生相关的工作,对k8s、devops、servicemesh、可观察性等较为熟悉!

  • 累计撰写 59 篇文章
  • 累计创建 64 个标签
  • 累计收到 1 条评论

目 录CONTENT

文章目录

Traefik最佳实践(二)7层代理

背锅小王子
2022-08-04 / 0 评论 / 0 点赞 / 189 阅读 / 430 字
温馨提示:
本文最后更新于 2022-11-14,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

1、介绍

traefik目前支持ingress7层代理有两种,一种是原生的ingress,另一种就是crd的方式

2、部署测试应用

下面我们部署一个nginx服务,来做测试对象

kubectl create deploy nginx --image=nginx:alpine
kubectl create svc clusterip nginx --tcp=80

3、原生ingress方式

代理HTTP服务

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ing
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
  rules:
  - host: nginx.bgxwz.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: nginx
            port:
              number: 80

返回结果:

curl -I nginx.bgxwz.com

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 615
Content-Type: text/html
Date: Thu, 04 Aug 2022 07:48:54 GMT
Etag: "62d6cc67-267"
Last-Modified: Tue, 19 Jul 2022 15:23:19 GMT
Server: nginx/1.23.1

代理HTTPS服务

首先使用bgxwz.com证书的crt和key文件,创建 一个secret文件:bgwxz.com.yml
然后部署secret文件

kubectl create secret tls bgxwz-com --cert=bgxwz.com.cert --key=bgxwz.com.key

配置Ingress下的HTTPS访问

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ing
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
  tls:
    - hosts:
      - nginx.bgxwz.com
      secretName: bgxwz-com
  rules:
  - host: nginx.bgxwz.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: nginx
            port:
              number: 443

4、CRD方式创建ingress

代理HTTP服务

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nginx-ingress
  namespace: default
spec:
  entryPoints:
    - web
  routes:
    - kind: Rule
      match: Host(`nginx.bgxwz.com`)
      services:
        - name: nginx
          port: 80

返回结果:

curl -I nginx.bgxwz.com

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 615
Content-Type: text/html
Date: Thu, 04 Aug 2022 07:51:20 GMT
Etag: "62d6cc67-267"
Last-Modified: Tue, 19 Jul 2022 15:23:19 GMT
Server: nginx/1.23.1

配置IngressRoute下的HTTPS访问

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nginx
spec:
  entryPoints:
  - websecure
  routes:
  - match: Host(`nginx.bgxwz.com`)
    kind: Rule
    services:
      - name: nginx
        port: 443 
  tls:
    secretName: bgxwz-com
0

评论区