Traefik-ingress和Nginx-ingress对比

1 Helm部署Traefik-ingress

1、配置环境变量，设置用户名密码

[root@master01 ~]# export USER=rsq
[root@master01 ~]# export DOMAIN=traefik-ingress.rsq.com

# 若没有htpasswd可以yum安装httpd，附带这个命令组件
[root@master01 ~]# htpasswd -c auth $USER
New password: 123456
Re-type new password: 123456
Adding password for user user

[root@master01 ~]# PASSWORD=$(cat auth| awk -F: '{print $2}')

2、部署Traefik-ingress

# 1. 获取traefik的chart
# 由于stable版本的chart是谷歌源，可能会出现pull失败，可以考虑阿里源的aliyun/stable
[root@master01 ~]# cd /helm
[root@master01 helm]# helm search repo traefik
NAME          	CHART VERSION	APP VERSION	DESCRIPTION                                       
aliyun/traefik	1.24.1       	1.5.3      	A Traefik based Kubernetes ingress controller w...
stable/traefik	1.87.1       	1.7.23     	A Traefik based Kubernetes ingress controller w...
[root@master01 helm]# helm pull stable/traefik --untar

# 2. 修改values文件
[root@master01 helm]# vim traefik/values.yaml
# (1) 由于前端没有slb，故要修改serviceType类型为NodePort
serviceType: NodePort
# (2) 修改持久存储，我这里用的glusterFS，若没有持久存储可以关闭此选项 enabled: false
persistence:
    enabled: true
storageClass: "gluster-04"

# 3. 部署traefik
[root@master01 helm]# helm install stable/traefik --name --namespace kube-system --set rbac.enabled=true,acme.enabled=true,dashboard.enabled=true,acme.staging=false,acme.email=admin@$DOMAIN,dashboard.domain=$DOMAIN,ssl.enabled=true,acme.challengeType=http-01,dashboard.auth.basic.$USER=$PASSWORD
NAME: traefik
LAST DEPLOYED: Wed Jul 15 09:36:10 2020
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get Traefik's load balancer IP/hostname:

     NOTE: It may take a few minutes for this to become available.

     You can watch the status by running:

         $ kubectl get svc traefik --namespace kube-system -w

     Once 'EXTERNAL-IP' is no longer '<pending>':

         $ kubectl describe svc traefik --namespace kube-system | grep Ingress | awk '{print $3}'

2. Configure DNS records corresponding to Kubernetes ingress resources to point to the load balancer IP/hostname found in step 1

# 4. 过一会查看pod状态是否正常
[root@master01 helm]# kubectl -n kube-system get pod -l app=traefik
NAME                       READY   STATUS    RESTARTS   AGE
traefik-5c9755b89b-mx5vf   1/1     Running   0          55m
[root@master01 helm]# kubectl -n kube-system get ingress
NAME                CLASS    HOSTS                     ADDRESS       PORTS   AGE
traefik-dashboard   <none>   traefik-ingress.rsq.com   192.168.9.9   80      55m
[root@master01 helm]# kubectl -n kube-system get svc traefik
NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
traefik   NodePort   10.104.232.80   <none>        443:31868/TCP,80:31510/TCP   55m

2、测试访问traefik-ingress dashboard
这里在登录的时候需要在客户端添加hosts解析，解析tarefik-ingress.rsq.com到任何一个k8s节点ip，访问账号密码是之前设置的rsq/123456


还有健康检查界面

2 部署Nginx-ingress

这里我用的资源清单的安装方式，可参考github的deploy方式

github部署链接

由于资源清单过长，附上资源清单下载地址

nginx-ingress-controller.yaml

# deploy nginx-ingress-controller.yaml
# 会有两个Job Pods处于Completed
[root@master01 elfk]# kubectl apply -f nginx-ingress-controller.yaml 
[root@master01 ~]# kubectl get pods -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-cbpx9        0/1     Completed   0          28d
ingress-nginx-admission-patch-tn4r8         0/1     Completed   0          28d
ingress-nginx-controller-75f84dfcd7-crc8m   1/1     Running     0          23d

# 查看svc
[root@master01 ~]# kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.111.147.241   <none>        80:30080/TCP,443:30443/TCP   28d
ingress-nginx-controller-admission   ClusterIP   10.102.123.229   <none>        443/TCP                      28d

3 Nginx和Traefik横向对比

	Nginx Ingress	Traefix ingress
协议	http/https、http2、grpc、tcp/udp	http/https、http2、grpc、tcp、tcp+tls
路由匹配	host、path	host、path、headers、query、path prefix、method
命名空间支持	-	共用或指定命名空间
部署策略	-	金丝雀部署、蓝绿部署、灰度部署
upstream探测	重试、超时、心跳探测	重试、超时、心跳探测、熔断
负载均衡算法	RR、会话保持、最小连接、最短时间、一致性hash	WRR、动态RR、会话保持
优点	简单易用，易接入	Golang编写，部署容易，支持众多的后端，内置WebUI
缺点	没有解决nginx reload，插件多，但是扩展性能查差	没什么缺点，新版本支持UDP

NGINX、HAProxy和Traefik负载均衡能力对比