1、中间件介绍
附加到路由器的中间件是一种在请求发送到您的服务之前(或在服务的答案发送到客户端之前)调整请求的方法。
Traefik 中有几个可用的中间件,有的可以修改请求、headers,有的负责重定向,有的添加认证等等。
使用相同协议的中间件可以组合成链以适应各种场景。
2、架构图
3、Add Prefix
Add Prefix 中间件在转发请求之前更改请求的路径
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: add-prefix
namespace: default
spec:
addPrefix:
prefix: /add-prefix
将这个中间件添加到ingressroute里
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: add-prefix
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.bgxwz.com`)
kind: Rule
services:
- name: nginx
port: 80
middlewares:
- name: add-prefix
4、BasicAuth
BasicAuth 中间件将您的服务的访问权限限制为已知用户
密码必须使用 MD5、SHA1 或 BCrypt 进行哈希处理,可以使用htpasswd生成密码
使用htpasswd为admin用户生成一个密码
htpasswd -nb admin 123456 | openssl base64
YWRtaW46JGFwcjEkN1VUcDIxVTgkVU5DN3d2amhEbmlabVBlV3ZUOGhZLgoK
创建secret
apiVersion: v1
kind: Secret
metadata:
name: nginx-auth
namespace: default
type: Opaque
data:
user: YWRtaW46JGFwcjEkN1VUcDIxVTgkVU5DN3d2amhEbmlabVBlV3ZUOGhZLgoK
下面我们为nginx配置一个BasicAuth
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nginx-auth
namespace: default
spec:
basicAuth:
secret: nginx-auth
IngressRoute路由添加BasicAuth中间件
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.bgxwz.com`)
kind: Rule
services:
- name: nginx
port: 80
middlewares:
- name: nginx-auth
5、IPWhiteList
IPWhitelist 根据客户端 IP 接受/拒绝请求
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ipwhitelist
namespace: default
spec:
ipWhiteList:
sourceRange:
- 192.168.31.0/24
- 192.168.96.51
IngressRoute路由添加pwhitelist中间件
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.bgxwz.com`)
kind: Rule
services:
- name: nginx
port: 80
middlewares:
- name: ipwhitelist
- name: nginx-auth
6、RedirectScheme
RedirectScheme 将请求从一个方案/端口重定向到另一个,比如场景的http重定向到https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: http-to-https
namespace: default
spec:
redirectScheme:
scheme: https
permanent: true
IngressRoute路由添加RedirectScheme中间件
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.bgxwz.com`)
kind: Rule
services:
- name: nginx
port: 80
middlewares:
- name: http-to-https
7、RedirectRegex
RedirectRegex 使用正则表达式匹配和替换重定向请求。
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirectregex
namespace: default
spec:
redirectRegex:
permanent: true
regex: ^http://nginx.bgxwz.com/(.*)
replacement: http://www.bgxwz.com/${1}
IngressRoute路由添加RedirectRegex中间件
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.bgxwz.com`)
kind: Rule
services:
- name: nginx
port: 80
middlewares:
- name: redirectregex
8、金丝雀发布
traefik中使用TraefikService这个crd,来实现灰度发布
接下来我们部署2个nginx版本,作为测试
nginx-v1:
apiVersion: apps/v1
kind: Deployment
metadata:
name: appv1
namespace: default
spec:
selector:
matchLabels:
app: appv1
template:
metadata:
labels:
app: appv1
spec:
containers:
- name: nginx
image: nginx:alpine
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Nginx v1 > /usr/share/nginx/html/index.html"]
ports:
- containerPort: 80
name: nginx
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
spec:
selector:
app: appv1
ports:
- name: http
port: 80
targetPort: 80
nginx-v2:
apiVersion: apps/v1
kind: Deployment
metadata:
name: appv2
namespace: default
spec:
selector:
matchLabels:
app: appv2
template:
metadata:
labels:
app: appv2
spec:
containers:
- name: nginx
image: nginx:alpine
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello v2 > /usr/share/nginx/html/index.html"]
ports:
- containerPort: 80
name: portv2
---
apiVersion: v1
kind: Service
metadata:
name: appv2
namespace: default
spec:
selector:
app: appv2
ports:
- name: http
port: 80
targetPort: 80
通过TraefikService配置下灰度的比例
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: app-wrr
namespace: default
spec:
weighted:
services:
- name: appv1
weight: 3
port: 80
kind: Service
- name: appv2
weight: 1
port: 80
kind: Service
IngressRoute路由添加TraefikService中间件
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-canary
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`nginx-canary.bgxwz.com`)
kind: Rule
services:
- name: app-wrr
kind: TraefikService
测试结果:
[root@192.168.96.51 ~]$ curl nginx-canary.bgxwz.com
Nginx v1
[root@192.168.96.51 ~]$ curl nginx-canary.bgxwz.com
Nginx v1
[root@192.168.96.51 ~]$ curl nginx-canary.bgxwz.com
Nginx v1
[root@192.168.96.51 ~]$ curl nginx-canary.bgxwz.com
Hello v2
评论区