kubernetes部署traefik-ingress工具

发表于： 2019-02-20 2019-02-20
分类： SRE
标签： http, https, I/O, ingress, k8s, kubernetes, ssl

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: traefik-conf
  namespace: kube-system
data:
  traefik.toml: |
    insecureSkipVerify = true
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
      [entryPoints.https]
      address = ":443"
        [entryPoints.https.tls]
          [[entryPoints.https.tls.certificates]]
          CertFile = "/ssl/tls.crt"
          KeyFile = "/ssl/tls.key"
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      volumes:
      - name: ssl
        secret:
          secretName: ssl
      - name: config
        configMap:
          name: traefik-conf
      containers:
      - image: k8s.gcr.io/traefik:1.7.5
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        securityContext:
          privileged: true
        args:
        - --configfile=/config/traefik.toml
        - -d
        - --web
        - --kubernetes
        volumeMounts:
        - mountPath: "/ssl"
          name: "ssl"
        - mountPath: "/config"
          name: "config"
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
    - protocol: TCP
      port: 443
      name: https
  type: NodePort
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - port: 80
    targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: ingress.your.com
    http:
      paths:
      - backend:
          serviceName: traefik-web-ui
          servicePort: 80

joker

174

1 对 “kubernetes部署traefik-ingress工具”的想法；

apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZqRENDQTNRQ0NRQ2Zra1NZYzFHVnBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmh6RUxNQWtHQTFVRUJoTUMKUTA0eERqQU1CZ05WQkFnTUJVaDFZbVZwTVE0d0RBWURWUVFIREFWWGRXaGhiakVPTUF3R0ExVUVDZ3dGYzJsdApZV2t4RGpBTUJnTlZCQXNNQlhOcGJXRnBNUmN3RlFZRFZRUUREQTRxTG5OcGJXRnBMbWRzYjJKaGJERWZNQjBHCkNTcUdTSWIzRFFFSkFSWVFaR1YyUUhOcGJXRnBMbWRzYjJKaGJEQWVGdzB4T1RBM01qWXhOekEwTXpoYUZ3MHkKT1RBM01qTXhOekEwTXpoYU1JR0hNUXN3Q1FZRFZRUUdFd0pEVGpFT01Bd0dBMVVFQ0F3RlNIVmlaV2t4RGpBTQpCZ05WQkFjTUJWZDFhR0Z1TVE0d0RBWURWUVFLREFWemFXMWhhVEVPTUF3R0ExVUVDd3dGYzJsdFlXa3hGekFWCkJnTlZCQU1NRGlvdWMybHRZV2t1WjJ4dlltRnNNUjh3SFFZSktvWklodmNOQVFrQkZoQmtaWFpBYzJsdFlXa3UKWjJ4dlltRnNNSUlDSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTJodHhMS2VlK2VmSApmTFZjNHdOZVhIQldISXBJbHpnaDdRdW9tT2pWN1NMWDd2T1gxckE5RlI1UWR4Z1RDM0hreGJvaURWbDVZOERKCnBzTldQeWlUMUhHM2JBRjlDeTNvME1hUEVuTU9ka0REVmpsNnFQWXZEWlMzWlY3WnQ4N0xnZE1QWHdRbFY5SzkKNG03YWVWVmovZU9SKytDQThzdU82Q1IxczQ3alVsc1pUYVZ0NWlVam5JajU5em9zaFpLeFJzcGp5NFJndXRMTQpWaFg1VzgvTjRzbW1ISXpKT1dpRDBFMW1YSytYQ1VJT2dab080Qkdhcisya2EzdEJaMXJmcVZOYkRycXUrcWRKCjRybkJINUNpd3V1bzlUZWYxcnRtUFQ2N3lzQXREOVJSbUdIZngyWTBYMTU1K2pLcjB2QytVbGdoQytORzd2b0oKUXZ5M0g2MStBWWg2azdwd3dYd21mVmQwcDdjOUZ4eWNuRGUxcXZVdUw4U2dsY2dMZjg5SHdibWpzTm5sOGoxUgp0eFR0K0ZheFhHa2VMVnRTZG1JejdoVDB3VkZTNnJ1TnUrU0UyOW10KzNNOU9xLzN4V3NDcUZSWGFUaERyUUlKCnI3UDI3cTVXRTBQZEo4S1cyR2lKZDN6MDFZMllBQVhaUmJQOHcwWUNqL2xtTXR6K1V4SE5sY05YL0FPRkgxdjYKbjR0dG1WWkdWUkJ6YjJQaERCSk9xbUQ2Wnk3N2NBejZoUHBZdFpKODY4STQ2R2h2RFRkVzBqMUNjcXF4YlNYcQpQWnBQSkVYU1BEb0EvamVCbW1MOFJoKzd2TVllWVFjUWxSK3gzb3VtN1BwMEVCdExPSURILzJNcVhrVXlINm1GCjZENmduZCtNclRIeHdhUjI0cWdpT1NYOS84amxadWtDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUEKaVFYNHRwWHNjWWlFUEd6WXNmOTFlWDdIVnA2ZVVnQXlYYk5LcmQzL3ZBZ0xhazR0REpNWVkvYy9DT3RDc0FBZgpKMlBZL0ZNRnN0L0h6N1Q0TVp6dWtHL3BZS1BDV29MWHFDaW9aNlJFYXVhZ0lydG1FYUFCYzBRbVU1bng3ZFNBCnJNT1JnNGVvMy9qS3A2b3VKdCs5ZkdhQlFYZXBDWVNsRWFUSngwaXFWVG55ZlhjVlRFTHBNSm5oOUZ0c0puMEQKWWNFV0ZjeXY5NmJVdnlwenI4YjU3dUJsSVQ2YlZ0TzZXVGIzT2NnTEtSRVRFV0ExWXVyc1dqR2s3Q2dOUUxDNApXZmttdVJmUVNRemQ3QjlmMVZFUDNhUk5pODg4SXlJMGcyRzFzTzdWbi9DSkxlUXVjNW5kK1d6UmZCSVFWSlVWCjFXUUpLMXcwbkNFZlNONjJ0bnFZNmdmN01GOU03Wko2Y0o2SGVDUkY3K0twL1FPVG9RcnN3RWlnNUswVEZMc3kKR0E2M2pQbGVrR2VmcGZ4ZEhCdUJCakNJWHViNkFYTHZiVlVyZXQ3Mjk5V1Y4bTVBZGg5L2NSQXlOZElKNFlLUgpPQ3QvU2htMm93dFRuRW9qdHBtVVN0anFIMkRnSjN6cDhJNmY0bVVLMkVkRXROSlk5TnE0b0ZrTDRFTjJGTk9KCmI4VlFnZVplWWNnWWRGOVFHYWlVM0RTK2hKMFowWXJnT3krZ0VERkQ3UlNxN0NhTXgvT2tiV2lVbUhFSUJwdVAKVDNPQTZjZm13UHpYa3V5bjFSNEtTdjhuUCtTeEpxajdqNnA2ODdVRTFkRnNwL2JaYTdOSW05cVVRZzFCMXRkdApOYlQ0UHNiREVDNGdvdTdrdWdrd2d0NllUWTZWdFBGdjRXOGJhYXRJNVAwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==  
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRGFHM0VzcDU3NTU4ZDgKdFZ6akExNWNjRlljaWtpWE9DSHRDNmlZNk5YdEl0ZnU4NWZXc0QwVkhsQjNHQk1MY2VURnVpSU5XWGxqd01tbQp3MVkvS0pQVWNiZHNBWDBMTGVqUXhvOFNjdzUyUU1OV09YcW85aThObExkbFh0bTN6c3VCMHc5ZkJDVlgwcjNpCmJ0cDVWV1A5NDVINzRJRHl5NDdvSkhXemp1TlNXeGxOcFczbUpTT2NpUG4zT2l5RmtyRkd5bVBMaEdDNjBzeFcKRmZsYno4M2l5YVljak1rNWFJUFFUV1pjcjVjSlFnNkJtZzdnRVpxdjdhUnJlMEZuV3QrcFUxc091cTc2cDBuaQp1Y0Vma0tMQzY2ajFONS9XdTJZOVBydkt3QzBQMUZHWVlkL0haalJmWG5uNk1xdlM4TDVTV0NFTDQwYnUrZ2xDCi9MY2ZyWDRCaUhxVHVuREJmQ1o5VjNTbnR6MFhISnljTjdXcTlTNHZ4S0NWeUF0L3owZkJ1YU93MmVYeVBWRzMKRk8zNFZyRmNhUjR0VzFKMllqUHVGUFRCVVZMcXU0Mjc1SVRiMmEzN2N6MDZyL2ZGYXdLb1ZGZHBPRU90QWdtdgpzL2J1cmxZVFE5MG53cGJZYUlsM2ZQVFZqWmdBQmRsRnMvekRSZ0tQK1dZeTNQNVRFYzJWdzFmOEE0VWZXL3FmCmkyMlpWa1pWRUhOdlkrRU1FazZxWVBwbkx2dHdEUHFFK2xpMWtuenJ3ampvYUc4Tk4xYlNQVUp5cXJGdEplbzkKbWs4a1JkSThPZ0QrTjRHYVl2eEdIN3U4eGg1aEJ4Q1ZIN0hlaTZicytuUVFHMHM0Z01mL1l5cGVSVElmcVlYbwpQcUNkMzR5dE1mSEJwSGJpcUNJNUpmMy95T1ZtNlFJREFRQUJBb0lDQVFDLzVqRTNkdXZiT1dFOWlsMEZwK3NZCkxnYTE2YjFndjVTcCtmNEhPNlV0bGVDamIxUURJdUU3ZVlhV29tbnZRZkJsUUJYQjVSMTI5U0wzUlJyWFN4NTIKWnU5WmFoM1kvalcvcTFRcWlXMEtBb1Zia2dzb0tpTFFNaThDVStmL1gwV1RIbDZCM1NYMkZZZlllR3hsSVFwdgpVaEVacWpnS1o2dCsrTVZPak1QWnJDbWhOWkp5VWU3NVJWT1pnR2UzeG8rUGwzY2lrNENBSUFTRklhUmFjWVhXCnFsRXJBWHZ5dE5CMU1BU0dQRUFKZDBOSUtJSTZCNE13azBoOUFOOVV6cEhIYTMzTWdkaCsxVDJlN0l6TTl2Y2QKeFRiTk9ubTU5dnhIbXJDai9WNG9kVWl0YUQvNk15U1ZYSXk1NUdkbG0wZjVMMjAwQm01Y3lVWG8yRzFPdzlqKwpZN2JkelJkM0NJYXFMTlRSOHd6RE5MM3FBYTg0TFpCV0ZZNWRMMDdaUnhYNGlCem5wSjNZdXU2RDZFbzZRcGhGCjVlNFR5YlJ6TTlNVVFpQmoyOFBJRThOQU1mem1RKy9nQ2U2T1FWdmZ1d0xCTGVCd0kwaUpJbjBuS2dUdW83NlMKMHphUHBOKzVFMC9PTGdoZGYzMFdpKzRUZEF3a2FDSjFteThkcXpjazFiVFpzMGE0MUNiZEFSbUxxOGpZZGlCRQpyaDIybmxsb2JjTGlFeHpYSnMrQjRBVzVvNjJOZkZTTktoSUZwMjlOUmo4bWFhWXVCU29zM0lEbEVmZ3N4YThoCnhrUlVZSkJRa0M3K25aN1laeU5CMXhuK3UxcUFWRWNCa1hzQ3VEZ25QVG9yWmRsN2UwdEJJSVFHSW0rSDJnOWMKN2xHNk5jbTNzVlE1bWllRXZRVllBUUtDQVFFQSszZnVobUtOWVBWZzNQa1ZLdTRXZWVwNm1UY1dHWnNWZ1dHTQpUMjZNamVSRVI2K2tOSmRNU0YzcmRDdVBOUVdpRUZHY3VFUVNzek1DYlhNVHU4YkdIY09WZ2JhZG50QkNndm9PCkd3TDAxUU05ZVNacUlodG43Nk5DZ0VXT3Vxa2RvNTdJcEYyRThpblNOL2U1YkwvTlNsOHdoRHJWVGtRMjkwalAKZmJtOHpmQ1BWaUs4M3c5R2tmeEkvMzlWM21KQlFyb2Y5NURZSWFuaVRlTkViUTBqcmREWEZjY092dHAyV25UeQpQTFJpTE1UaFZUUjFWcHdGdnhrektJLzE2Rkxidk02bUJCV0ZMbDkraGhvcGhkQkNpbzdxWlhpSWdaZmh2anVhCjhZR0l3SzBBMk9SWEZRbmRmcXJIc2k5QkQxZjUvT05TRGZwQitpSFJUb08xVWVOVWdRS0NBUUVBM2dtYjN4RFgKRTlkU0FWcjJ6aUMvdUkrR2RxVy9zbTgwZTl2ZWpNY2taeDdJa0Z2UWVQNGthL1RiY29ZdUFtQ3Z2bm4yT2ZFTwprdkdUb004RVlRS1JQNFZSUzFVc0dvQVV3ck10WFJaRWEvZzk5K2lxVTJDVzdRYVZxT3JaQ1VxWndLRVkxelc0Cm8wWEJka3NRU0s3NHBlcEVXQmtmWVVlSTFYdnNNVG1ZR1c0eUtCLzY3WElEdytIUWNlNERpcTBsYjY1ZUhqeTYKSU03bjQ2VGdGOU9hb0pyeURhRnMwWXc4WTIxV0NOUkRtNk9DbzY1ZzNtRForajIrVTYwRkE4cEVnUXA3ZTczRQpocFJaZ3UzWk9ySG1rbFVuMG9WdThUNTF6OHJlT2hZZlNWUktNMmw2TXRweWI3eVkzSXQxSjBNbXM3NW5kTjY0ClRZMzl4c01Hd2ZDK2FRS0NBUUJtM1JBOCtHTk1uaE1aVU9wUHZVU0VhbDNyL3BTVHROUi9NQi9zL2hPUWx5YzMKQzZubnVWd0MzaWhLUk9jM2tTNVI3cEJrNzdPV2llOGNSazUwS1VNeE9hZ1dmMVRLZWZZN0RYNW5ualg0VEhNQQo4NjNHZGQ5Mkx4b3N6a2NzSTdGMEZLZU9WSkxsWENZWnJzT3lzR0tSWVk2L0NESG82ZzV4Nk42M1Z4cmNRdUxmCklTYVJOL1p1RVB6clJuTWhuSitGWkExZmYyaHBuTXh0ZitHbG1oSldMMjlNQVRrTzZONHc4bFdFYjJVWld3K3gKZ3R2Y3FjWFAvY2JuZUx2bVpMNXQ1VG9Ud1puUTlrOFRHL0NRUkRoejVUSU1mOW1XNlVIMlJ2dUNmcklwM3ByUwpIZFZoVGIvRTZLYjNSRTBnc2FRWXhnUHlvOFFKUlh3UTJkOTV0N3dCQW9JQkFIWkFHZEpmN3B1emhnb1F2dmFpCmZGaTNuMzRhNGhBT3A1MzdSL2dqcXVCOGhZWlVUNS9RZ2VjNDNaS05vWDFFcnZRN2tnWGp1c1pKZ0QwWlk1U2kKd0daYkF5T2l0YjFiVHpNdUo4KzJwelAxWGxOa2h5bW1mRnE1c2dUbkpqV0xsSDBCanZBMnZTRy9hYnd0Vi92TgpxOEQ1RmZMeFZrUUJ5LzhlWTNrSDJsaFkxcitGNEthS25UUzZVOEFKYWJ0MllVU3NVWlc2ODhtN1I4WjJMWjZpCjVHdjZlVVVISHFRdkVvNUZVWmVjTEhGOFVId0p4NjlIVjIrdGFHcTU3N3pJQVZuVUVsV2hpRVBBU0RleG9vcGUKNnBRdVkrbjdoRTFZM1hlUDdIQjFEYTZKQkllQytrQ1JGSGNyc3lGcDZEZkR6SjNYbnRPZ05mbWYwSE1GdE5pZQo5VmtDZ2dFQkFLMmZiOVFnZU1UMWJrWGl2ajR2bWQzL0VkZUJaNjBtM2UxT3Boam5EdDRORFBIcnRlcS9yMzV2Ck9CWUlEQ1BsVTNLWUdScXVySW5rVjlkNlZFSnN2UE15ZklzNWlHNGxLZnBVNVhwMFVJTzdkQ2ErQWtsdnZOTG4KeUNmMVZZeTMxdmtqamdJVTg4RWo3bFhsK2Y4ei9qUDJ5U1JhYXVuS1pjemdudCs2a1A1VEs4K0trc3BmbmIySgprSjdIenBqOHBPcTFZY2tzcmwzVnhpZDFxWkN3amw1bVQzQ0p6UVJtaS9nZkFGVGdyb2FUc0VXaVltWFcyUEtQCjJ4TlNibXhQQm43dXpaUVA2QWtpeDUyOEFOaE4rdVd0QWs1SUppMjFHQXFhR0FlbGdzTkVXeGFINUJKQkpwZkwKdm8yajN2dEE2ZVdOMk55djFidWp3ZEUxRG5BbnlLVT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
  name: ssl
  namespace: kube-system
type: kubernetes.io/tls

发表回复

joker

1 对 “kubernetes部署traefik-ingress工具”的想法；

发表回复 取消回复

发表回复取消回复