Ingress 可用于将流量从端点(或名称)路由到服务,然后将其转发到具有匹配标签的 pod。但是,入口不会暴露任意端口或协议,这就是为什么服务需要是 typeLoadBalancer或NodePort.
到目前为止,一切都很好。我按照指南将 Traefik 安装为入口控制器,一切都已启动并运行,但我不明白为什么它甚至可以工作。这个问题与 Traefik 无关;我多次看到这种模式。
第一个清单包含入口部署和称为traefik-ingress-service类型的服务LoadBalancer(NodePort也可以使用)。
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
labels:
k8s-app: traefik-ingress-lb-dep
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.7
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
- name: admin
containerPort: 8080
args:
- --api
- --kubernetes
- --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
# type: NodePort (works as well, but don't forget to add port to uri)
type: LoadBalancer
为了公开 Traefik 的 UI,还有另一个清单,包括第二个服务(类型:默认)traefik-web-ui和一个将流量从 连接/到traefik-web-ui.
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
spec:
#type: NodePort
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: dashboard.localhost #optional, otherwise cluster's ip
http:
#- http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web
我不明白为什么这是有效的,因为服务traefik-web-ui不应该从外部访问。另一个服务traefik-ingress-service是,但它们没有连接。那么,这是如何工作的呢?
此外,我很好奇为什么我不只创建一个traefik-web-ui类型的服务NodePort或LoadBalancer?
