1、准备traefik相关yaml

ingress 服务器ip 192.168.30.35

1.1 创建traefik-rbac

vi traefik-rbac.yaml
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik
  namespace: kube-system
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
    - extensions
    resources:
    - ingresses/status
    verbs:
    - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik
subjects:
- kind: ServiceAccount
  name: traefik
  namespace: kube-system

1.2 创建traefik-deployment

vi traefik-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik
  namespace: kube-system
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik
  namespace: kube-system
  labels:
    k8s-app: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik
  template:
    metadata:
      labels:
        k8s-app: traefik
        name: traefik
    spec:
      serviceAccountName: traefik
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --web
        - --logLevel=INFO
        - --web.metrics
        - --metrics.prometheus
        - --web.metrics.prometheus
      nodeSelector:
        ingress: "yes"
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/ingress
        operator: Equal
---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: traefik
  name: traefik
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik
  clusterIP: None
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: ClusterIP

1.3 创建traefik-dashboard

vi traefik-dashboard.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-dashboard
  namespace: kube-system
spec:
  rules:
  - host: traefik.mddgame.com
    http:
      paths:
        - path: /
          backend:
            serviceName: traefik
            servicePort: 8080

1.4 创建prometheus-serviceMonitortraefik

vi prometheus-serviceMonitortraefik.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    k8s-app: traefik
  name: traefik
  namespace: monitoring
spec:
  endpoints:
  - honorLabels: true
    interval: 15s
    port: admin
  jobLabel: k8s-app
  namespaceSelector:
    matchNames:
    - kube-system
  selector:
    matchLabels:
      k8s-app: traefik

2 创建traefik 服务

## 指定traefik 在ingress 节点运行
kubectl label nodes ingress  ingress=yes 
## 创建traefik
kubectl apply -f .

3、验证 traefik 部署是否正常

kubectl get all -A | grep traefik
root@Qist:/mnt/e/work/k8s/traefik# kubectl get all -A | grep traefik
kube-system      pod/traefik-76f6ccc479-f7prx                  1/1     Running   0          26m

kube-system   service/traefik                   ClusterIP   None                    80/TCP,8080/TCP          26m

kube-system      deployment.apps/traefik                  1/1     1            1           26m

kube-system      replicaset.apps/traefik-76f6ccc479                  1         1         1       26m
登录 ingress 服务器查看iptables nat 规则是否创建如果

使用traefik作为ingress对外访问服务http_第1张图片

这里使用的是hostPort 所以只是ingress 部署的服务端口对外暴露
还有一种hostNetwork: true 模式对外暴露端口这样需要容器特权模式安全性有所降低,网络性能是最好的

4、查看创建的ingress 服务是否能正常对外提供服务

root@Qist:/mnt/e/work/k8s/traefik# kubectl get ingress -n kube-system
NAME                HOSTS                 ADDRESS   PORTS   AGE
traefik-dashboard   traefik.mddgame.com             80      35m
绑定host 
192.168.30.35 traefik.mddgame.com
http://traefik.mddgame.com/dashboard/

使用traefik作为ingress对外访问服务http_第2张图片

5、grafana,prometheus 创建ingress

vi traefik-grafana.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: grafana-dashboard
  namespace: monitoring

spec:
  rules:
  - host: grafana.mddgame.com
    http:
      paths:
      - path: /
        backend:
          serviceName: grafana
          servicePort: 3000

vi prometheus-traefik.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: prometheus
  namespace: monitoring

spec:
  rules:
  - host: prometheus.mddgame.com
    http:
      paths:
      - path: /
        backend:
          serviceName: prometheus-k8s
          servicePort: 9090

创建 Ingress
kubectl apply -f  traefik-grafana.yaml
kubectl apply -f  prometheus-traefik.yaml
root@Qist:/mnt/e/work/k8s/traefik# kubectl get ingress -n monitoring
NAME                HOSTS                    ADDRESS   PORTS   AGE
grafana-dashboard   grafana.mddgame.com                80      3d1h
prometheus          prometheus.mddgame.com             80      5h4m
绑定host 查看使用域名能否正常访问如果能正常部署正常

traefik prometheus 监控json 下载

https://grafana.com/dashboards?dataSource=prometheus&search=traefik
导入 grafana