Shulou(Shulou.com)06/01 Report--

This article will explain in detail about the installation and use of traefik in kubernetes. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Environment traefik 2.2 kinesis k8s 1.18+

Requirements: obtain the certificate automatically, obtain the certificate using aliyun dns, and expose it to the public network.

Refer to the official website: https://docs.traefik.io/user-guides/crd-acme/

First install helm, a similar yum package manager for K8s. Reference https://helm.sh/docs/intro/install/

Download your desired version

Unpack it (tar-zxvf helm-v3.0.0-linux-amd64.tar.gz)

Find the helm binary in the unpacked directory, and move it to its desired destination (mv linux-amd64/helm / usr/local/bin/helm)

Traefik has two modes: 1. Use Traefik CRD to configure routing rules (IngressRoute), 2. Use Kubernetes Ingress to configure routing rules (Ingress)

IngressRoute Definition, copy the yaml file in https://docs.traefik.io/user-guides/crd-acme/#ingressroute-definition and apply

Kubectl apply-f ingress-route-definition.yaml

Create ServiceSecret

# indicates that 1:secret data needs to be encoded by base64 (https://kubernetes.io/zh/docs/concepts/configuration/secret/) echo-n 'admin' | base64# description 2: add a storage (modified according to the actual situation). The certificate verified is stored in the / etc/acme/acme.json file here, and we must persist this file. Otherwise, you need to re-authenticate each time the Traefik is rebuilt. # indicates that 3:Service directly exposes port usage (NodePort), and does not use the official kubectl port-forward# specification 4-providers.kubernetesingress#-providers.kubernetescrd# exports two supported modes, ingress, and ingress-route# states that 5:dashboard is not exported directly to protect resources. Later, you will view # traefik.yamlapiVersion: v1kind: ServiceAccountmetadata: name: traefik-ingress-controller---apiVersion: v1kind: Secretmetadata: name: aliyun-secretdata: ALICLOUD_ACCESS_KEY: your_key_base64 ALICLOUD_SECRET_KEY: your_secret_base64 ALICLOUD_REGION_ID: your_region_base64---apiVersion: v1kind: PersistentVolumeClaimmetadata: name: traefik-acme-cephfs-pvcspec: accessModes:-ReadWriteMany resources: requests: storage: 1Gi storageClassName: rook- Cephfs---kind: DeploymentapiVersion: apps/v1metadata: name: traefik labels: app: traefikspec: replicas: 1 selector: matchLabels: app: traefik template: metadata: labels: app: traefikspec: serviceAccountName: traefik-ingress-controller volumes:-name: acme-store persistentVolumeClaim: claimName: traefik-acme-cephfs-pvc readOnly: false containers:-name : traefik image: traefik:v2.4 args:-api.insecure-log.level=INFO-accesslog-entrypoints.web.Address=:8000-entrypoints.websecure.Address=:4443-providers.kubernetesingress-providers.kubernetescrd -certificatesresolvers.aliyun.acme.dnschallenge.provider=alidns-certificatesresolvers.aliyun.acme.email=your_email@qq.com-certificatesresolvers.aliyun.acme.storage=/etc/acme/acme.json envFrom:-secretRef: name: aliyun-secret volumeMounts:-name: acme-store mountPath: / etc / acme ports:-name: web containerPort: 8000-name: websecure containerPort: 4443-name: admin containerPort: v1kind: Servicemetadata: name: traefikspec: type: NodePort selector: app: traefik ports:-protocol: TCP port: 8000 name: web targetPort: 80 nodePort: 31001 -protocol: TCP port: 4443 name: websecure targetPort: 4443 nodePort: 31000---apiVersion: v1kind: Servicemetadata: name: traefik-dashboardspec: selector: app: traefik ports:-protocol: TCP port: 8080 name: admin targetPort: 8080

Mode 1: create Ingress in practical application

Kind: IngressapiVersion: networking.k8s.io/v1beta1metadata: name: myingress annotations: traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls.certresolver: aliyun traefik.ingress.kubernetes.io/router.tls.domains.0.main: your_domain.comspec: rules:-host: your_domain.com http: paths: -path: / bar backend: serviceName: whoami servicePort: 80-path: / foo backend: serviceName: whoami servicePort: 80

Mode 2: IngressRoute

ApiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata: name: ingressi-route-wqtls namespace: defaultspec: entryPoints:-websecure routes:-match: Host (`your_ domain.com`) kind: Rule services:-name: whoami port: 80 tls: certResolver: aliyun domains:-main: "your_domain.com"

Resolve the domain name and access the https://your_domain.com:31000/bar

Dashboard is safe to use. Reference: https://docs.traefik.io/operations/dashboard/

# generate (generate https://tool.oschina.net/htpasswd) account password online and replace userssudo apt install apache2-utilsecho $(htpasswd-nb admin gJv4EAfuXp5vFJ8) in Secret) with the following command

ApiVersion: v1kind: Secretmetadata: name: traefik-dashboard-auth-secret namespace: defaulttype: OpaquestringData: admin:$apr1 $tQ1iFwRf$8SvGrGQcBT.RdZS73ULXH1---apiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata: name: traefik-dashboard-auth namespace: defaultspec: basicAuth: secret: traefik-dashboard-auth-secret---apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata: name: traefik-dashboard namespace: defaultspec: entryPoints:-websecure routes:-kind: Rule match: Host (`traefik.your_domain. Com`) & & (PathPrefix (`/ dashboard`) | | PathPrefix (` / api`)) services:-kind: TraefikService name: api@internal middlewares:-name: traefik-dashboard-auth tls: certResolver: aliyun domains:-main: "traefik.your_domain.com"

On the installation and use of traefik in kubernetes to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.