Trefik 的作用与应用场景
Traefik 是一个现代的 HTTP 反向代理和负载均衡器,它被设计用于简化微服务架构中的网络流量管理。
1、动态路由与服务发现
2、负载均衡
3、TLS/SSL 终止与证书管理
4、认证、限流、IP 白名单/黑名单、重定向、Header 操作
Trefik 的架构
Trefik 安装
1、准备 traefik-values.yaml 配置文件
cat traefik-values.yaml
deployment:
enabled: true
image:
repository: harbor250.oldboyedu.com/greytracks/traefik
tag: 3.4.3
pullPolicy: IfNotPresent
ports:
traefik:
port: 9000
expose:
enabled: true
exposedPort: 9000
web:
port: 8000
expose:
enabled: true
exposedPort: 80
protocol: TCP
nodePort: 7777
websecure:
port: 8443
expose:
enabled: true
exposedPort: 443
protocol: TCP
service:
enabled: true
type: NodePort
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesCRD:
enabled: true
kubernetesIngress:
enabled: true
logs:
general:
level: INFO
access:
enabled: true
additionalArguments:
- "--api.insecure=true"
- "--api.dashboard=true"
2、安装命令
helm install traefik ./traefik-36.3.0.tgz \
--namespace traefik-system \
--create-namespace \
-f value.yamlingress 与 service 的区别
1.Service是实现了四层代理,通过 kube-proxy 实现负载均衡,无需额外部署组件,是 Kubernetes 原生资源。
2.Ingress实现的是七层代理,但需要部署附加组件(IngressClass[如 Nginx Ingress Controller、Traefik 等])来解析Ingress资源清单;
Trefik 发布 http 域名案例
cat traefik-xiuxian-ingress.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: xiuxian-v1
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`v1.oldboyedu.com`)
kind: Rule
services:
- name: svc-xiuxian-v1
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: xiuxian-v2
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`v2.oldboyedu.com`)
kind: Rule
services:
- name: svc-xiuxian-v2
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: xiuxian-v3
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`v3.oldboyedu.com`)
kind: Rule
services:
- name: svc-xiuxian-v3
port: 80
应用资源
kubectl apply -f traefik-xiuxian-ingress.yaml
增加 hosts
10.0.0.231 v1.oldboyedu.com v2.oldboyedu.com v3.oldboyedu.com
访问测试
Trefik 通过 IngressRoute 实现负载均衡
cat xiuxian-loadbalancer.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: xiuxian-loadbalancer
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`xiuxian.oldboyedu.com`)
kind: Rule
services:
- name: svc-xiuxian-v1
port: 80
- name: svc-xiuxian-v2
port: 80
应用资源
kubectl apply -f xiuxian-loadbalancer.yaml
测试负载
for i in {1..1000}; do curl -s http://xiuxian.oldboyedu.com:7777; done | grep -o "凡人修仙传 v[12]" | sort | uniq -c
500 凡人修仙传 v1
500 凡人修仙传 v2成功!
Trefik 基于 TraefikService 与 IngressRoute 实现金丝雀发布(灰度发布)
vim grayrelease-xiuxian.yaml
# grayrelease-xiuxian.yaml
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: xiuxian-grayrelease-service
namespace: default # 确保与你的 IngressRoute 命名空间一致
spec:
weighted:
services:
- name: svc-xiuxian-v1
port: 80
weight: 90 # 90% 的流量导向稳定版 v1
- name: svc-xiuxian-v2
port: 80
weight: 10 # 10% 的流量导向开发版 v2
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: xiuxian-canary-ingressroute
namespace: default # 确保与你的 TraefikService 命名空间一致
spec:
entryPoints:
- web # 假设你的 Traefik 监听了名为 'web' 的入口点
routes:
- match: Host(`xiuxian.oldboyedu.com`)
kind: Rule
services:
- name: xiuxian-grayrelease-service # 指向我们上面定义的 TraefikService
kind: TraefikService # 明确指出这是一个 TraefikService
应用资源
kubectl apply -f grayrelease-xiuxian.yaml
测试负载
for i in {1..1000}; do curl -s http://xiuxian.oldboyedu.com:7777; done | grep -o “凡人修仙传 v[12]” | sort | uniq -c
900 凡人修仙传 v1
100 凡人修仙传 v2成功!