1、准备traefik相关yaml

ingress 服务器ip 192.168.30.35

1.1 创建traefik-rbac

vi traefik-rbac.yaml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik
  namespace: kube-system
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
    - extensions
    resources:
    - ingresses/status
    verbs:
    - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik
subjects:
- kind: ServiceAccount
  name: traefik
  namespace: kube-system

1.2 创建traefik-deployment

vi traefik-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik
  namespace: kube-system
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik
  namespace: kube-system
  labels:
    k8s-app: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik
  template:
    metadata:
      labels:
        k8s-app: traefik
        name: traefik
    spec:
      serviceAccountName: traefik
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --web
        - --logLevel=INFO
        - --web.metrics
        - --metrics.prometheus
        - --web.metrics.prometheus
      nodeSelector:
        ingress: "yes"
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/ingress
        operator: Equal
---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: traefik
  name: traefik
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik
  clusterIP: None
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: ClusterIP

1.3 创建traefik-dashboard

vi traefik-dashboard.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-dashboard
  namespace: kube-system
spec:
  rules:
  - host: traefik.mddgame.com
    http:
      paths:
        - path: /
          backend:
            serviceName: traefik
            servicePort: 8080

1.4 创建prometheus-serviceMonitortraefik

vi prometheus-serviceMonitortraefik.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    k8s-app: traefik
  name: traefik
  namespace: monitoring
spec:
  endpoints:
  - honorLabels: true
    interval: 15s
    port: admin
  jobLabel: k8s-app
  namespaceSelector:
    matchNames:
    - kube-system
  selector:
    matchLabels:
      k8s-app: traefik

2 创建traefik 服务

## 指定traefik 在ingress 节点运行
kubectl label nodes ingress  ingress=yes 
## 创建traefik
kubectl apply -f .

3、验证 traefik 部署是否正常

kubectl get all -A | grep traefik
root@Qist:/mnt/e/work/k8s/traefik# kubectl get all -A | grep traefik
kube-system      pod/traefik-76f6ccc479-f7prx                  1/1     Running   0          26m

kube-system   service/traefik                   ClusterIP   None            <none>        80/TCP,8080/TCP          26m

kube-system      deployment.apps/traefik                  1/1     1            1           26m

kube-system      replicaset.apps/traefik-76f6ccc479                  1         1         1       26m
登录 ingress 服务器查看iptables nat 规则是否创建如果

使用traefik作为ingress对外访问服务http

这里使用的是hostPort 所以只是ingress 部署的服务端口对外暴露
还有一种hostNetwork: true 模式对外暴露端口这样需要容器特权模式安全性有所降低,网络性能是最好的

4、查看创建的ingress 服务是否能正常对外提供服务

root@Qist:/mnt/e/work/k8s/traefik# kubectl get ingress -n kube-system
NAME                HOSTS                 ADDRESS   PORTS   AGE
traefik-dashboard   traefik.mddgame.com             80      35m
绑定host 
192.168.30.35 traefik.mddgame.com
http://traefik.mddgame.com/dashboard/

使用traefik作为ingress对外访问服务http

5、grafana,prometheus 创建ingress

vi traefik-grafana.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: grafana-dashboard
  namespace: monitoring

spec:
  rules:
  - host: grafana.mddgame.com
    http:
      paths:
      - path: /
        backend:
          serviceName: grafana
          servicePort: 3000

vi prometheus-traefik.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: prometheus
  namespace: monitoring

spec:
  rules:
  - host: prometheus.mddgame.com
    http:
      paths:
      - path: /
        backend:
          serviceName: prometheus-k8s
          servicePort: 9090

创建 Ingress
kubectl apply -f  traefik-grafana.yaml
kubectl apply -f  prometheus-traefik.yaml
root@Qist:/mnt/e/work/k8s/traefik# kubectl get ingress -n monitoring
NAME                HOSTS                    ADDRESS   PORTS   AGE
grafana-dashboard   grafana.mddgame.com                80      3d1h
prometheus          prometheus.mddgame.com             80      5h4m
绑定host 查看使用域名能否正常访问如果能正常部署正常

traefik prometheus 监控json 下载

https://grafana.com/dashboards?dataSource=prometheus&search=traefik
导入 grafana
# 网络 # json
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes