Shulou(Shulou.com)06/02 Report--

1. Overview

In order for Ingress resources to work, there must be at least one running ingress controller component in the Kubernetes cluster. In other words, if you do not have an ingress controller component in the kubernetes cluster, but only define ingress resources, it will not achieve http, https protocol request forwarding, load balancing and other functions. Common ingress controller components are as follows:

NginxTraefikKongIstioHAProxy

At present, there is no detailed comparison of the above components, and later we can give some detailed comparison information on the basis of understanding and use of each component. This article will mainly introduce the installation and deployment of traefik components and demonstrate them through a specific application.

2. Installation and deployment of traefik components 2.1 deploy traefik through helm chart

The helm traefik chart package contains the resources needed to deploy the traefik component, and we can quickly deploy the traefik component with this component. Here is the deployment command line information:

Cmd line > helm install-name inner-traefik-namespace kube-system\-set image=registry.docker.hankercloud.com/ingress-controller/traefik\-set serviceType=NodePort\ stable/traefik

After the deployment is complete, execute the kubectl get pods-n kube-system command, and you can see that a Pod named inner-traefik already exists in the namespace of kube-system.

2.2 RBAC configuration

The RBAC (Role Based Access Control) mechanism is introduced in kubernetes version 1.6 to better manage access to resources and API. If RBAC is configured in the cluster, you need to authorize Treafik to use Kubernetes's API, and there are two ways to set the appropriate policy: role binding through a specific namespace (RoleBinding) and global role binding (ClusterRoleBinding). For simplicity, let's use ClusterRoleBinding directly, and the resource definition is as follows:

-kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata: name: traefik-ingress-controllerrules:-apiGroups:-"" resources:-services-endpoints-secrets verbs:-get-list-watch- apiGroups:-extensions resources:-ingresses verbs:-get-list-watch---kind: ClusterRoleBindingapiVersion: rbac.authorization. K8s.io/v1beta1metadata: name: traefik-ingress-controllerroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controllersubjects:- kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system---apiVersion: v1kind: ServiceAccountmetadata: name: traefik-ingress-controller namespace: kube-system

Next, we execute the following command to create the resource and modify the resource definition file for deployment.

Kubectl apply-f traefik-rbac.ymlkubectl edit deploy inner-traefik-n kube-system

After performing the above operations, we can verify that the relevant resources have been started normally.

Kubectl logs $(kubectl get pods-n kube-system | grep traefik | awk'{print $1}')-n kube-system2.3 load balancer configuration

Since we are using the traefik component deployed by Deployment, whose Service Type is NodePort, you can see the port mapping relationship through kubectl get svc-n kube-system | grep traefik. Next, we apply for a load balancer device in Aliyun, and then complete this step after configuring it accordingly.

Another alternative is to use DaemonSet to deploy traefik components and set up the mapping between host ports and Pod instance ports, which can also be done.

3. Create ingress resources and debug them

Next, we create an ingress resource in the kubernetes cluster. Since we have previously deployed a wordpress application in the cluster, the resource definition file is as follows:

ApiVersion: extensions/v1beta1kind: Ingressmetadata: name: wordpress-ingress namespace: default annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules:-host: blog.hankercloud.com http: paths:-path: / backend: serviceName: wordpress-test-wordpress servicePort: 80

After completing the above operations, we modify the / etc/hosts file locally, manually configure the domain name resolution record of blog.hankercloud.com, and enter http://blog.hankercloud.com in the browser address bar to see the page. At this point, we have completed the installation, deployment and debugging of traefik components.

4. Reference documentation:

Https://docs.traefik.io/v1.5/user-guide/kubernetes/

Https://kubernetes.io/docs/concepts/services-networking/ingress/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.