快速上手traefik速学实战
traefik是什么
Træfɪk是一个为了让部署微服务更加便捷而诞生的现代HTTP反向代理、负载均衡工具。 它支持多种后台(Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…)来自动化、动态的应用它的配置文件设置github地址如下:
https://github.com/traefik/traefik
文档:https://doc.traefik.io/traefik/providers/kubernetes-crd/
使用helm部署(helm3)
1、helm repo add traefik https://helm.traefik.io/traefik
2、helm repo update
3、helm search repo traefik/traefik
### 我们fetch下来
helm fetch traefik/traefik
然后解压
tar zxvf traefik-9.11.0.tgz
修改几个内容
image.tag 改成了 2.3.5
websecure.port 改成了 9443 (因为 我8443给占用了)
install
首先 kubectl create ns tk
在你认为需要安装traefik的节点上打标签
kubectl label nodes cyylog2 traefik=true (cyylog2是我喜欢的节点名称)
然后 helm install mytk traefik -n tk
更新是:
helm upgrade mytk traefik -n tk
卸载则是
helm uninstall mytk -n tk
使用IngressRoute创建服务反代
IngressRoute
文档在这https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/
traefik2支持 更方便的ingress配置 而创建的一个CRD。
创建ingress
文档在这
https://doc.traefik.io/traefik/providers/kubernetes-ingress/
其他具体看文档说明
http路由
(1):Path、中间件初步使用
文档:
Pathmatch: Host(`tk2.cyylog.cn`) && Path(`/abc`) 当访问 /abc+host时 就会反代到我们的服务 https://doc.traefik.io/traefik/routing/routers/
中间件的使用
文档
https://doc.traefik.io/traefik/middlewares/stripprefix/
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ngx-strip
spec:
stripPrefix:
prefixes:
- /abc
(2):中间件、限流的基本使用
文档 地址:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ngx-ratelimit
spec:
rateLimit:
average: 1
burst: 5
(3):中间件,自定义响应头、跨域头
文档
https://doc.traefik.io/traefik/middlewares/headers/
加入跨域头: Access-Control-Allow-Origin: "*" Access-Control-Allow-Methods: "POST, GET, OPTIONS, PUT, DELETE, UPDATE" Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization" Access-Control-Allow-Credentials: "true" Access-Control-Expose-Headers: "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Cache-Control, Content-Language, Content-Type"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: cross-header
spec:
headers:
customResponseHeaders:
Myname: "cyylog"
Myage: "14"
设置证书、https访问
首先我有个证书
正规证书
wx.cyylog.cn
自签证书也可以,只不过 浏览器会显示不受信任
导入
kubectl create secret tls mytls --cert=wx.cyylog.cn_chain.crt --key=wx.cyylog.cn_key -n tk
配置
- match: Host(`wx.cyylog.cn`)
kind: Rule
services:
- name: myngx
port: 80
tls:
secretName: mytls
(4):中间件http跳https、中间件链
基本配置
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: "https"
port: "9443"
中间件链
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ngx-secure
spec:
chain:
middlewares:
- name: redirect-https
- name: cross-header
带权重的负载均衡、TraefikService使用
文档地址
https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#weighted-round-robin
TraefikService
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
name: wrr1
spec:
weighted:
services:
- name: ngx1-svc
port: 80
weight: 1
kind: Service
- name: ngx2-svc
port: 80
weight: 2
kind: Service
创建grpc服务、k8s部署、traefik反代
编译
docker run --rm -it \
-v /data/tkgrpc:/app \
-w /app \
-v /data/gopath:/go \
-e CGO_ENABLED=0 \
-e GOPROXY=https://goproxy.cn \
golang:1.14.4-alpine3.12 \
go build -o server server.go
配置
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: grpc-route
namespace: tk
spec:
entryPoints:
- web
routes:
- match: Host(`tk1.cyylog.cn`)
kind: Rule
services:
- name: mygrpc-svc
scheme: h2c
port: 8080
traefik反代grpc服务(带证书)
客户端加入证书
creds, err := credentials.NewClientTLSFromFile("mycert/wx.cyylog.cn_chain.crt", "wx.cyylog.cn")
client,err:=grpc.Dial("wx.cyylog.cn:9443",grpc.WithTransportCredentials(creds))
整合grpc-gateway
客户端加入证书
文档在这https://github.com/grpc-ecosystem/grpc-gateway
会在你的gopath 的bin下面 生成一堆文件
go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2 google.golang.org/protobuf/cmd/protoc-gen-go google.golang.org/grpc/cmd/protoc-gen-go-grpc
加入Endpoint
import "google/api/annotations.proto";
rpc GetStock(ProdRequest) returns (ProdStockResponse){
option (google.api.http) = {
get: "/v1/prod/stock"
};
}
加入生成配置
protoc --proto_path=protos --grpc-gateway_out=logtostderr=true:pbfiles prod_service.proto
生成
http代码
gwmux:=runtime.NewServeMux()
opt:=[]grpc.DialOption{grpc.WithInsecure()}
err:=pbfiles.RegisterProdServiceHandlerFromEndpoint(context.Background(),gwmux,":8080",opt)
if err != nil {
log.Fatal(err)
}
httpServer:=&http.Server{
Addr:":8081",
Handler:gwmux,
}
err=httpServer.ListenAndServe()
if err!=nil{
log.Fatal(err)
}
编译(grpc服务)
docker run --rm -it \
-v /data/tkgrpc:/app \
-w /app \
-v /data/gopath:/go \
-e CGO_ENABLED=0 \
-e GOPROXY=https://goproxy.cn \
golang:1.14.4-alpine3.12 \
go build -o server server.go编译(grpc-gateway)
docker run --rm -it \
-v /data/tkgrpc:/app \
-w /app \
-v /data/gopath:/go \
-e CGO_ENABLED=0 \
-e GO111MODULE=on \
-e GOPROXY=https://goproxy.io \
golang:1.14.4-alpine3.12 \
go build -o serverhttp serverhttp.go
加入第二个容器
- name: mygrpc-gateway
image: alpine:3.12
imagePullPolicy: IfNotPresent
command: ["/app/serverhttp"]
volumeMounts:
- name: app
mountPath: /app
ports:
- containerPort: 8081
