[Kubernetes Series] Part 5 Introduction to Ingress controller - traefik components

Keywords: Operation & Maintenance Kubernetes Nginx Docker

1. overview

In order for Ingress resources to work, there must be at least one running ingress controller component in the Kubernetes cluster. That is to say, if there is no ingress controller component in the kubernetes cluster, only the ingress resource is defined, in fact, it will not realize the functions of http, https protocol request forwarding, load balancing and so on. Common ingress controller components are as follows:

  • Nginx
  • Traefik
  • Kong
  • Istio
  • HAProxy

There is no detailed comparison of the above components at present. We can give some detailed comparative information on the basis of having a certain understanding and use of each component. This article will mainly introduce the installation and deployment of traefik components and will be demonstrated through a specific application.

2. Installation and deployment of traefik components

2.1 Deployment of traefik through helm chart

The helm traefik chart package contains the resources needed to deploy the traefik component. We can rapidly deploy the traefik component by using this component. The following is the deployment command line information:

> helm install --name inner-traefik --namespace kube-system \
  --set image=registry.docker.hankercloud.com/ingress-controller/traefik \
  --set serviceType=NodePort \
  stable/traefik

When deployment is complete, execute the kubectl get pods-n kube-system command, and you can see that a Pod named inner-traefik already exists in the namespace of kube-system.

2.2 RBAC configuration

In version 1.6 of kubernetes, RBAC (Role Based Access Control) mechanism is introduced to better manage access to resources and APIs. If RBAC is configured in the cluster, Treafik needs to be authorized to use Kubernetes API. There are two ways to set the appropriate policy: Role Binding through a specific namespace and Cluster Role Binding. For simplicity, we use Cluster RoleBinding directly, and the resource definition is as follows:

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system

Next, we execute the following command to create the resource and modify the resource definition file of deployment.

kubectl apply -f traefik-rbac.yml
kubectl edit deploy inner-traefik -n kube-system

After performing the above operations, we can check that the related resources have been properly started.

kubectl logs $(kubectl get pods -n kube-system |grep traefik | awk '{print $1}') -n kube-system

2.3 Load Balancing Configuration

Since we use the Deployment deployed traefik component, whose Service Type is NodePort, we can see the end-to-end mapping relationship through kubectl get svc-n kube-system | grep traefik. Next, we apply for a load balancing device in Aliyun, and then complete this step after the corresponding configuration.

Another alternative is to deploy traefik components in the DaemonSet way and set the mapping relationship between the host port and the Pod instance port, which can also accomplish this task.

3. Create and debug ingress resources

Next, we create an ingress resource in the kubernetes cluster. Since we have deployed a wordpress application in the cluster before, the resource definition file is as follows:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: wordpress-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: blog.hankercloud.com
    http:
      paths:
      - path: /
        backend:
          serviceName: wordpress-test-wordpress
          servicePort: 80

After doing this, we modify the / etc/hosts file locally, manually configure the domain name resolution record of blog.hankercloud.com, and enter it in the browser address bar. http://blog.hankercloud.com You can see the page, so we have completed the installation, deployment and debugging of traefik components.

4. Reference documents:

https://docs.traefik.io/v1.5/user-guide/kubernetes/
https://kubernetes.io/docs/concepts/services-networking/ingress/

Posted by TexasMd91 on Thu, 10 Oct 2019 23:37:51 -0700

Hot Keywords

©2024 Programmer Group