kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问

时间：2019-04-21 22:59:10 阅读：811 评论：0 收藏：0 [点我收藏+]

标签：metadata role ini image rbac web epo extension rbo

背景：kubernetes集群traefik ingress实现同一命名空间不同微服务模块的访问
1.安装traefik ingress
cat > traefik-ingress.yaml <<EOF

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-ingress-controller
rules:

apiGroups:
- ""
  resources:
- pods
- services
- endpoints
- secrets
  verbs:
- get
- list
- watch
apiGroups:
- extensions
  resources:
- ingresses
  verbs:
- get
- list
- watch
  
  kind: ClusterRoleBinding
  apiVersion: rbac.authorization.k8s.io/v1
  metadata:
  name: traefik-ingress-controller
  roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
  subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
    namespace: c7n-system
    
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: traefik-ingress-controller
    namespace: c7n-system
    
    kind: Deployment
    apiVersion: apps/v1beta1
    metadata:
    name: traefik-ingress-controller
    namespace: c7n-system
    labels:
    k8s-app: traefik-ingress-lb
    spec:
    replicas: 1
    selector:
    matchLabels:
    k8s-app: traefik-ingress-lb
    template:
    metadata:
    labels:
    k8s-app: traefik-ingress-lb
    name: traefik-ingress-lb
    spec:
    serviceAccountName: traefik-ingress-controller
    terminationGracePeriodSeconds: 60
    containers:
- image: traefik:v1.7.4
  imagePullPolicy: IfNotPresent
  name: traefik-ingress-lb
  args:
  - --api
  - --kubernetes
  - --logLevel=INFO
    
    kind: Service
    apiVersion: v1
    metadata:
    name: traefik-ingress-service
    namespace: c7n-system
    spec:
    selector:
    k8s-app: traefik-ingress-lb
    ports:
  - protocol: TCP
    该端口为 traefik ingress-controller的服务端口
    
    port: 80
    
    集群hosts文件中设置的 NODE_PORT_RANGE 作为 NodePort的可用范围
    
    从默认20000~40000之间选一个可用端口，让ingress-controller暴露给外部的访问
    
    nodePort: 23456
    name: web
  - protocol: TCP
    该端口为 traefik 的管理WEB界面
    
    port: 8080
    name: admin
    type: NodePort
    EOF

2.查看k8s集群配置微服务svc
技术图片

3.配置raefik ingress后端f服务
cat > traefik-choerodon.yaml <<EOF

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: choerodon-xiongxj
namespace: c7n-system
spec:
rules:

host: choerodon.maimailoan.cn
http:
paths:
- path: /api-gateway
  backend:
  serviceName: api-gateway
  servicePort: 8080
- path: /c7n-slaver
  backend:
  serviceName: c7n-slaver
  servicePort: 80
- path: /chartmuseum-chartmuseum
  backend:
  serviceName: chartmuseum-chartmuseum
  servicePort: 8080
- path: /choerodon-front
  backend:
  serviceName: choerodon-front
  servicePort: 80
- path: /config-server
  backend:
  serviceName: config-server
  servicePort: 8010
- path: /devops-service
  backend:
  serviceName: devops-service
  servicePort: 8060
- path: /gitlab
  backend:
  serviceName: gitlab
  servicePort: 80
- path: /harbor
  backend:
  serviceName: harbor-harbor-ui
  servicePort: 80
- path: /minio
  backend:
  serviceName: minio-svc
  servicePort: 9000
- path: /xwiki
  backend:
  serviceName: xwiki
  servicePort: 8080
  EOF
  4.查看ingress详情