Featured image of post 使用traefik暴露常用kubernetes服务的方法
kubernetes

使用traefik暴露常用kubernetes服务的方法

使用traefik暴露常用kubernetes dashboard、grafana等服务

1.创建自签证书

1

openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 3650 -out tls.crt

2.创建secret

1
2

如果服务在多个ns,需要多个ns中创建secret
kubectl create secret generic dashboard-tls --from-file=tls.crt --from-file=tls.key -n kube-system

3.暴露服务

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

#创建对应的 IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  entryPoints:
  - websecure
  tls:
    secretName: dashboard-tls
  routes:
  - match: Host(`traefik.cluster.local`)  #匹配的域名
    kind: Rule
    services:
    - name: api@internal      #traefik内置服务
      kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: mytransport
  namespace: kubernetes-dashboard
spec:
  serverName: "dashboard.cluster.local"
  insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard-k8s
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
    - match: "Host(`dashboard.cluster.local`)"
      kind: Rule
      services:
      - name: kubernetes-dashboard  #绑定的后端service
        port: 443
        serversTransport: mytransport
  tls:
    secretName: dashboard-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: prometheus-grafana
  namespace: monitoring
spec:
  entryPoints:
  - websecure
  tls:
    secretName: dashboard-tls
  routes:
  - match: Host(`grafana.cluster.local`)
    kind: Rule
    services:
    - name: prometheus-grafana
      port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: hubble-ui
  namespace: kube-system
spec:
  entryPoints:
  - websecure
  tls:
    secretName: dashboard-tls
  routes:
  - match: Host(`hubble.cluster.local`)
    kind: Rule
    services:
    - name: hubble-ui
      port: 80

#应用
kubectl apply -f web.yaml

其中 k8s dashboard 的服务比较特殊,因为原来就是https,需要配置 insecureSkipVerify。

4.配置本地解析

1
2
3
4

10.*.*.131 traefik.cluster.local
10.*.*.131 grafana.cluster.local
10.*.*.131 dashboard.cluster.local
10.*.*.131 hubble.cluster.local

5.使用域名访问相关服务

traefik: https://traefik.cluster.local
traefik

dashboard: https://dashboard.cluster.local/
dashboard

grafana: https://grafana.cluster.local/
grafana

hubble: https://hubble.cluster.local/
hubble

Nickname
Email
Website
0/500
  • OωO
  • |´・ω・)ノ
  • ヾ(≧∇≦*)ゝ
  • (☆ω☆)
  • (╯‵□′)╯︵┴─┴
  •  ̄﹃ ̄
  • (/ω\)
  • ∠( ᐛ 」∠)_
  • (๑•̀ㅁ•́ฅ)
  • →_→
  • ୧(๑•̀⌄•́๑)૭
  • ٩(ˊᗜˋ*)و
  • (ノ°ο°)ノ
  • (´இ皿இ`)
  • ⌇●﹏●⌇
  • (ฅ´ω`ฅ)
  • (╯°A°)╯︵○○○
  • φ( ̄∇ ̄o)
  • ヾ(´・ ・`。)ノ"
  • ( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
  • (ó﹏ò。)
  • Σ(っ °Д °;)っ
  • ( ,,´・ω・)ノ"(´っω・`。)
  • ╮(╯▽╰)╭
  • o(*////▽////*)q
  • >﹏<
  • ( ๑´•ω•) "(ㆆᴗㆆ)
  • 😂
  • 😀
  • 😅
  • 😊
  • 🙂
  • 🙃
  • 😌
  • 😍
  • 😘
  • 😜
  • 😝
  • 😏
  • 😒
  • 🙄
  • 😳
  • 😡
  • 😔
  • 😫
  • 😱
  • 😭
  • 💩
  • 👻
  • 🙌
  • 🖕
  • 👍
  • 👫
  • 👬
  • 👭
  • 🌚
  • 🌝
  • 🙈
  • 💊
  • 😶
  • 🙏
  • 🍦
  • 🍉
  • 😣
  • 颜文字
  • Emoji
  • Bilibili
0 comments
No comment
Powered by Twikoo v1.6.21
© 2014 - 2024 谭明宵博客
一个默默无闻的工程师的日常
Built with Hugo
主题 StackJimmy 设计