Traefik supports a rich Annotations configuration, allowing you to configure many cool features such as automatic circuit breakers, load balancing policies, blacklists, and whitelists. So Traefik is a miracle for microservices.
Traefik, combined with Jingdong Cloud Kubernetes cluster and other cloud services (RDS, NAS, OSS, block storage, etc.), can quickly build resilient and scalable microservice clusters.
Traefik is a modern HTTP reverse proxy, load balancing tool designed to make deploying microservices easier. It supports multiple backends (Kubernetes, Docker, Swarm, Marathon, Mesos, Consul, Etcd, Zookeeper, etc.).
The general steps of this paper are as follows:
-
Kubernetes Permission Configuration (RBAC);
-
Traefik deployment;
-
Create three instance services;
-
Generate Ingress rules and access individual services through Traefik through PATH tests;
-
Traefik configures domain names and TLS certificates, and implements HTTP redirects to HTTS.
The Yaml files used for Traefik deployment in this paper are all based on official Traefik instances, and have been modified to fit jingdong Cloud Kubernetes cluster:
https://github.com/containous/traefik/tree/master/examples/k8s
The basic concept
1
Ingress border routing
Although the pod and server deployed in Kubernetes cluster have their own IP, they cannot provide external network access. Although we can expose the service by listening on NodePort, this method is not flexible and is not recommended for production environment.
Ingresss is an API resource object in a K8S cluster, which acts as an edge router. It can also be understood as a cluster firewall or gateway. We can customize routing rules to forward, manage, and expose services (a group of pods).
What is Ingress?
In Kubernetes, Service and Pod IP addresses are only available within the cluster network and are not visible to applications outside the cluster. To enable external applications to access services within the cluster, Kubernetes can use both NodePort and LoadBalancer services, or use Ingress.
Ingress is essentially an HTTP proxy server that forwards external HTTP requests to back-end services inside the cluster. Through Ingress, external applications access the clustered content service as follows:
The Ingress is a collection of routing rules for requests to enter the cluster.
Ingress can provide a Service with urls for external cluster access, load balancing, SSL termination, AND HTTP routing. To configure these Ingress rules, the cluster administrator needs to deploy an Ingress Controller that listens for Ingress and Service changes, configures load balancing and provides access points based on the rules.
2
What is a Traefik?
Traefik on Github Star number over 19K:
https://github.com/containous/traefik
Traefik is a modern HTTP reverse proxy, load balancing tool designed to make deploying microservices easier.
Traefik is a lightweight Http reverse proxy and load balancer developed with Golang. Although it is a late comer compared to Nginx, it naturally embraces Kubernetes, communicating directly with the Api Server of cluster K8s, and is very responsive. It also provides a friendly control panel and monitoring interface. You can view not only the routing configuration information generated by Traefik based on Ingress, but also some statistical performance indicators, such as total response time, average response time, and total times returned by different response codes.
Traefik also supports a rich Annotations configuration, which enables configuring many of the most impressive features, such as automatic circuit breakers, load balancing policies, blacklists, and whitelists. So Traefik is a miracle for microservices.
Traefik User Guide for Kubernetes:
https://docs.traefik.io/user-guide/kubernetes/
3
Jingdong Cloud Kubernetes cluster
Jingdong cloud Kubernetes integration of cloud virtualization, storage and network capabilities, to provide high-performance scalable container application management ability, simplify the cluster construction and capacity expansion work, so that users focus on the development and management of container applications.
Users can create a secure and highly available Kubernetes cluster in JINGdong Cloud, and fully hosted by Jingdong Cloud Kubernetes services, and ensure the stability and reliability of the cluster. So that users can easily use Kubernetes to manage container applications on JINGdong Cloud.
Jingdong Cloud Kubernetes cluster:
https://3.cn/C5KdrKa
precondition
1
Create JINGdong cloud Kubernetes cluster
Create a Kubernetes cluster
Please refer to:
Docs.jdcloud.com/cn/jcs-for-…
2
Kubernetes client configuration
After the cluster is created, you need to configure the Kubectl client to connect to the Kubernetes cluster.
Please refer to:
https://docs.jdcloud.com/cn/jcs-for-kubernetes/connect-to-cluster
Traefik deployment
1
Access configuration
Create a Cluster Role and a Cluster Role Binding for the response to give Traefik sufficient permissions.
Yaml files are as follows:
1$ cat traefik-rbac.yaml
2---
3kind: ClusterRole
4apiVersion: rbac.authorization.k8s.io/v1beta1
5metadata:
6 name: traefik-ingress-controller
7rules:
8 - apiGroups:
9 - ""
10 resources:
11 - services
12 - endpoints
13 - secrets
14 verbs:
15 - get
16 - list
17 - watch
18 - apiGroups:
19 - extensions
20 resources:
21 - ingresses
22 verbs:
23 - get
24 - list
25 - watch
26---
27kind: ClusterRoleBinding
28apiVersion: rbac.authorization.k8s.io/v1beta1
29metadata:
30 name: traefik-ingress-controller
31roleRef:
32 apiGroup: rbac.authorization.k8s.io
33 kind: ClusterRole
34 name: traefik-ingress-controller
35subjects:
36- kind: ServiceAccount
37 name: traefik-ingress-controller
38 namespace: kube-system
Copy the code
Start to create
1$ kubectl create -f traefik-rbac.yaml
2clusterrole "traefik-ingress-controller" created
3clusterrolebinding "traefik-ingress-controller" created
Copy the code
Creating a successful
1$ kubectl get clusterrole -n kube-system | grep traefik
2traefik-ingress-controller 25s
3
4$ kubectl get clusterrolebinding -n kube-system | grep traefik
5traefik-ingress-controller 35s
Copy the code
2
Deploy Traefik
This article chooses to deploy Traefik using Deployment. In addition, Traefik provides deployment options for DaemonSet:
https://github.com/containous/traefik/blob/master/examples/k8s/traefik-ds.yaml
Traefik uses port 80 to receive HTTP requests, and port 8080 is used for Dashboard access. Create a JINGdong cloud Load Balancer SLB through a Load Balancer Service to serve as a unified entrance to the K8s cluster.
Yaml files are as follows:
1$ cat traefik-deployment.yaml
2---
3apiVersion: v1
4kind: ServiceAccount
5metadata:
6 name: traefik-ingress-controller
7 namespace: kube-system
8---
9kind: Deployment
10apiVersion: extensions/v1beta1
11metadata:
12 name: traefik-ingress-controller
13 namespace: kube-system
14 labels:
15 k8s-app: traefik-ingress-lb
16spec:
17 replicas: 1
18 selector:
19 matchLabels:
20 k8s-app: traefik-ingress-lb
21 template:
22 metadata:
23 labels:
24 k8s-app: traefik-ingress-lb
25 name: traefik-ingress-lb
26 spec:
27 serviceAccountName: traefik-ingress-controller
28 terminationGracePeriodSeconds: 60
29 containers:
30 - image: traefik
31 name: traefik-ingress-lb
32 ports:
33 - name: http
34 containerPort: 80
35 - name: admin
36 containerPort: 8080
37 args:
38 - --api
39 - --kubernetes
40 - --logLevel=INFO
41---
42kind: Service
43apiVersion: v1
44metadata:
45 name: traefik-ingress-service
46 namespace: kube-system
47spec:
48 selector:
49 k8s-app: traefik-ingress-lb
50 ports:
51 - protocol: TCP
52 port: 80
53 name: web
54 - protocol: TCP
55 port: 8080
56 name: admin
57 type: LoadBalancer
Copy the code
Start to create
Copy the code1$ kubectl create -f traefik-deployment.yaml
2serviceaccount “traefik-ingress-controller” created
3deployment “traefik-ingress-controller” created
4service “traefik-ingress-service” created
Pod normal operation
Copy the code1$ kubectl get pod -n kube-system | grep traefik
2traefik-ingress-controller-668679b744-jvmbg 1/1 Running 0 57s
Viewing Pod Logs
1$ kubectl logs traefik-ingress-controller-668679b744-jvmbg -n kube-system
2time="2018-12-15T16:58:49Z" level=info msg="Traefik version v1.7.6 built on 2018-12-14_06:43:37AM"
3time="2018-12-15T16:58:49Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
4time="2018-12-15T16:58:49Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e20} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
5time="2018-12-15T16:58:49Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0005f9e40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
6time="2018-12-15T16:58:49Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
7time="2018-12-15T16:58:49Z" level=info msg="Starting server on :80"
8time="2018-12-15T16:58:49Z" level=info msg="Starting server on :8080"
9time="2018-12-15T16:58:49Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\" :false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\" :false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-15T16:58:49Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-15T16:58:49Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :80"
13time="2018-12-15T16:58:50Z" level=info msg="Server configuration reloaded on :8080"
Copy the code
View the SLB Service corresponding to Traefik
1$ kubectl get svc/traefik-ingress-service -n kube-system 2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 3 traefik - ingress - service LoadBalancer 10.0.58.175 114.67.95.167 80:30331 / TCP, 8080:30232 / TCP 2 mCopy the code
The public IP address of jd cloud load balancer is 114.67.95.167.
To access services in the K8s using a domain name, resolve the domain name to the public IP address.
In this case, you can access Traefik’s Dashboard using public IP address :8080.
3
Traefik example
Create a service
Create 3 Deployment to provide HTTP service, named Stilton, Cheddar and Wensleydale respectively.
1$ cat cheese-deployments.yaml 2--- 3kind: Deployment 4apiVersion: extensions/v1beta1 5metadata: 6 name: stilton 7 labels: 8 app: cheese 9 cheese: stilton 10spec: 11 replicas: 2 12 selector: 13 matchLabels: 14 app: cheese 15 task: stilton 16 template: 17 metadata: 18 labels: 19 app: cheese 20 task: stilton 21 version: V0.0.1 22 spec: 23 containers: 24-name: cheese 25 image: errm/cheese: Stilton 26 resources: 27 requests: 28 CPU: 100m 29 memory: 50Mi 30 limits: 31 cpu: 100m 32 memory: 50Mi 33 ports: 34 - containerPort: 80 35--- 36kind: Deployment 37apiVersion: extensions/v1beta1 38metadata: 39 name: cheddar 40 labels: 41 app: cheese 42 cheese: cheddar 43spec: 44 replicas: 2 45 selector: 46 matchLabels: 47 app: cheese 48 task: cheddar 49 template: 50 metadata: 51 labels: 52 APP: cheese 53 Task: Cheddar 54 version: V0.0.1 55 spec: 56 containers: 57-name: cheese 58 image: errm/cheese:cheddar 59 resources: 60 requests: 61 cpu: 100m 62 memory: 50Mi 63 limits: 64 cpu: 100m 65 memory: 50Mi 66 ports: 67 - containerPort: 80 68--- 69kind: Deployment 70apiVersion: extensions/v1beta1 71metadata: 72 name: wensleydale 73 labels: 74 app: cheese 75 cheese: wensleydale 76spec: 77 replicas: 2 78 selector: 79 matchLabels: 80 app: cheese 81 task: wensleydale 82 template: 83 metadata: 84 labels: 85 app: cheese 86 task: Wensleydale 87 Version: V0.0.1 88 spec: 89 Containers: 90-name: cheese 91 Image: errm/cheese:wensleydale 92 resources: 93 requests: 94 cpu: 100m 95 memory: 50Mi 96 limits: 97 cpu: 100m 98 memory: 50Mi 99 ports: 100 - containerPort: 80Copy the code
1$ kubectl create -f cheese-deployments.yaml
2deployment "stilton" created
3deployment "cheddar" created
4deployment "wensleydale" created
Copy the code
The corresponding Service
1$ cat cheese-services.yaml
2---
3apiVersion: v1
4kind: Service
5metadata:
6 name: stilton
7spec:
8 ports:
9 - name: http
10 targetPort: 80
11 port: 80
12 selector:
13 app: cheese
14 task: stilton
15---
16apiVersion: v1
17kind: Service
18metadata:
19 name: cheddar
20spec:
21 ports:
22 - name: http
23 targetPort: 80
24 port: 80
25 selector:
26 app: cheese
27 task: cheddar
28---
29apiVersion: v1
30kind: Service
31metadata:
32 name: wensleydale
33spec:
34 ports:
35 - name: http
36 targetPort: 80
37 port: 80
38 selector:
39 app: cheese
40 task: wensleydale
Copy the code
1$ kubectl create -f cheese-services.yaml
2service "stilton" created
3service "cheddar" created
4service "wensleydale" created
Copy the code
Create the Ingress
The Ingress Yaml file is as follows:
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
Copy the code
Create the Ingress
1$ kubectl create -f my-cheeses-ingress.yaml
2ingress "cheeses" created
Copy the code
Creating a successful
1$ kubectl describe ingress/cheeses
2Name: cheeses
3Namespace: default
4Address:
5Default backend: default-http-backend:80 (<none>)
6Rules:
7 Host Path Backends
8 ---- ---- --------
9 www.<your-domain-name>.com
10 /stilton stilton:http (<none>)
11 /cheddar cheddar:http (<none>)
12 /wensleydale wensleydale:http (<none>)
13Annotations:
14Events: <none>
Copy the code
Access the service
Access directly via ELB IP+PATH:
1$curl 114.67.95.167/stilton 2404 Page not foundCopy the code
Access failed because host specified in Ingress rule.
Request Header specifies host:
1$ curl -H "Host:www.<your-domain-name>.com"114.67.95.167/stilton 2< HTML > 3 <head> 4 <style> 5 HTML {6 background: url(./bg.png) no-repeat center center fixed; 7 -webkit-background-size: cover; 8 -moz-background-size: cover; 9 -o-background-size: cover; 10 background-size: cover; 11 } 12 13 h1 { 14 font-family: Arial, Helvetica, sans-serif; 15 BACKGROUND: RGBA (187, 187, 187, 0.5); 16 width: 3em; 17 padding: 0.5 em 1 em; 18 margin: 1em; 19 } 20 </style> 21 </head> 22 <body> 23 <h1>Stilton</h1> 24 </body> 25</html>Copy the code
The access succeeds.
But because the domain name is not recorded, this way will be jingdong cloud interception.
Remove host from Ingress; Register the domain name and bind the certificate and private key.
Remove host from Ingress
Comment out the host field:
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10# - host: www.
.com
11 - http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
Copy the code
To rebuild the Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
2ingress "cheeses" replaced
3$ kubectl get ingress
4NAME HOSTS ADDRESS PORTS AGE
5cheeses * 80 18mCopy the code
The Ingress is updated successfully. Access the Ingress using the public IP address +PATH.
Stilton service
1$curl -I 114.67.95.167/stilton 2HTTP/1.1 200 OK 3Accept-ranges: bytes 4Content-length: 517 5content-type: 1$curl -I 114.67.95.167/stilton 2HTTP/1.1 200 OK 3Accept-ranges: bytes 4Content-length: 517 5content-type: text/html 6Date: Thu, 20 Dec 2018 06:19:15 GMT 7Etag:"5784f6c9-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:21 GMT
9Server: nginx/1.11.1
Copy the code
Cheddar service
1$curl -I 114.67.95.167/cheddar 2HTTP/1.1 200 OK 3Accept-ranges: bytes 4Content-length: 517 5content-type: text/html 6Date: Thu, 20 Dec 2018 06:19:54 GMT 7Etag:"5784f6e1-205"
8Last-Modified: Tue, 12 Jul 2016 13:55:45 GMT
9Server: nginx/1.11.1Copy the code
Wensleydale service
Copy the code1 $curl -i 114.67.95.167 / wensleydale 2 HTTP / 1.1 200 OK accept – 3 Ranges: bytes 4 content – Length: 521 5 the content-type: text/html 6Date: Thu, 20 Dec 2018 06:20:00 GMT 7Etag: “5784f6fb-209” 8Last-Modified: Tue, 12 Jul 2016 13:56:11 GMT 9Server: nginx/1.11.1
All three services are accessible.
Configure the domain name and certificate
Apply for domain name:.com, put on record on jingdong cloud, and resolve to SLB public IP address: 114.67.95.167
Certificate and private key
1$ ll *.pem
2-rw-r--r-- 1 pmo_jd_a pmo_jd_a 3554 Dec 20 16:04 fullchain.pem
3-rw------- 1 pmo_jd_a pmo_jd_a 1708 Dec 20 16:04 privkey.pem
Copy the code
Create Secret to hold certificate and private key:
1$ kubectl create secret generic traefik-cert --from-file=fullchain.pem --from-file=privkey.pem -n kube-system
2secret "traefik-cert" created
Copy the code
Traefik configuration file (HTTP access is redirected to HTTPS, certificates and private keys are stored in the/SSL/directory, and Secret needs to be mounted to this directory for Traefik to read) :
1# cat traefik.toml
2defaultEntryPoints = ["http"."https"]
3[entryPoints]
4 [entryPoints.http]
5 address = ": 80"
6 [entryPoints.http.redirect]
7 entryPoint = "https"
8 [entryPoints.https]
9 address = ": 443"
10 [entryPoints.https.tls]
11 [[entryPoints.https.tls.certificates]]
12 CertFile = "/ssl/fullchain.pem"
13 KeyFile = "/ssl/privkey.pem"
Copy the code
Create ConfigMap to save configuration file traefik.toml:
Copy the code1$ kubectl create configmap traefik-conf –from-file=traefik.toml -n kube-system
2configmap “traefik-conf” created
Traefik needs to be redeployed. The new Yaml file is as follows:
Copy the code1$ cat traefik-deployment-new.yaml
2kind: Deployment
3apiVersion: extensions/v1beta1
4metadata:
5 name: traefik-ingress-controller
6 namespace: kube-system
7 labels:
8 k8s-app: traefik-ingress-lb
9spec:
10 replicas: 1
11 selector:
12 matchLabels:
13 k8s-app: traefik-ingress-lb
14 template:
15 metadata:
16 labels:
17 k8s-app: traefik-ingress-lb
18 name: traefik-ingress-lb
19 spec:
20 serviceAccountName: traefik-ingress-controller
21 terminationGracePeriodSeconds: 60
22 containers:
23 – image: traefik
24 name: traefik-ingress-lb
25 ports:
26 – name: http
27 containerPort: 80
28 – name: admin
29 containerPort: 8080
30 args:
31 – –api
32 – –kubernetes
33 – –logLevel=INFO
34 – –configfile=/config/traefik.toml
35 volumeMounts:
36 – mountPath: “/ssl”
37 name: “ssl”
38 – mountPath: “/config”
39 name: “config”
40 volumes:
41 – name: ssl
42 secret:
43 secretName: traefik-cert
44 – name: config
45 configMap:
46 name: traefik-conf
Redeploy:
1$ kubectl replace -f traefik-deployment-new.yaml
2deployment "traefik-ingress-controller"replaced 3$ kubectl get pod -n kube-system | grep traefik 4traefik-ingress-controller-668679b744-jvmbg 0/1 Terminating 0 4d 5traefik-ingress-controller-7d6cd769c9-2p57t 0/1 ContainerCreating 0 3s
6$ kubectl get pod -n kube-system | grep traefik
7traefik-ingress-controller-7d6cd769c9-2p57t 1/1 Running 0 19sCopy the code
The redeployed Pod is running normally.
Viewing Pod Logs
1$ kubectl logs traefik-ingress-controller-7d6cd769c9-2p57t -n kube-system
2time="2018-12-20T09:29:30Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dbc0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
3time="2018-12-20T09:29:30Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00059de40 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072db80} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
4time="2018-12-20T09:29:30Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000216c60 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00072dba0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
5time="2018-12-20T09:29:30Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
6time="2018-12-20T09:29:30Z" level=info msg="Starting server on :8080"
7time="2018-12-20T09:29:30Z" level=info msg="Starting server on :80"
8time="2018-12-20T09:29:30Z" level=info msg="Starting server on :443"
9time="2018-12-20T09:29:30Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\" :false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\" :false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
10time="2018-12-20T09:29:30Z" level=info msg="ingress label selector is: \"\""
11time="2018-12-20T09:29:30Z" level=info msg="Creating in-cluster Provider client"
12time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :8080"
13time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :80"
14time="2018-12-20T09:29:30Z" level=info msg="Server configuration reloaded on :443"
Copy the code
Update the Ingress
1$ cat my-cheeses-ingress.yaml
2apiVersion: extensions/v1beta1
3kind: Ingress
4metadata:
5 name: cheeses
6 annotations:
7 traefik.frontend.rule.type: PathPrefixStrip
8spec:
9 rules:
10 - host: www.<your-domain-name>.com
11 http:
12 paths:
13 - path: /stilton
14 backend:
15 serviceName: stilton
16 servicePort: http
17 - path: /cheddar
18 backend:
19 serviceName: cheddar
20 servicePort: http
21 - path: /wensleydale
22 backend:
23 serviceName: wensleydale
24 servicePort: http
Copy the code
To rebuild the Ingress
1$ kubectl replace -f my-cheeses-ingress.yaml
Copy the code
Update Traefik Service to open port 443:
1$ cat traefik-service.yaml
2kind: Service
3apiVersion: v1
4metadata:
5 name: traefik-ingress-service
6 namespace: kube-system
7spec:
8 selector:
9 k8s-app: traefik-ingress-lb
10 ports:
11 - protocol: TCP
12 port: 80
13 name: web
14 - protocol: TCP
15 port: 8080
16 name: admin
17 - protocol: TCP
18 port: 443
19 name: tls
20 type: LoadBalancer
Copy the code
Apply Service update:
1$ kubectl apply -f traefik-service.yaml -n kube-system
2Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
3service "traefik-ingress-service" configured
Copy the code
The HTTPS access:
https://www.your-domain-name.com/stilton
And HTTP:
http://www.your-domain-name.com/stilton
All are accessible, and HTTP access is redirected to HTTPS.
Conclusion:
This article only tested traefik route distribution, of course, Traefik is far more than that, its general features are as follows:
-
It’s very fast
-
A single executable written in the Go language without installing additional dependencies
-
Support the Rest API
-
Multiple backend support: Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, and more
-
Background monitoring, which can listen for background changes and automatically apply new configuration file Settings
-
The configuration file is hot updated without restarting the process
-
End the HTTP connection
-
Back end circuit breaker
-
Polling, rebalancer load balancing
-
Rest Metrics
-
Support for minimizing official Docker images
-
Background SUPPORT SSL
-
Front Desk SSL support (including SNI)
-
Clean AngularJS front end page
-
Support Websocket
-
Support HTTP / 2
-
Network error retry
-
Support for Let’s Encrypt (automatic update of HTTPS certificates)
-
High availability cluster mode
Docs.jdcloud.com/cn/jcs-for-…
Welcome to click on the “link” to learn more about jingdong Cloud content
, END,