1

What do i have working

I have a Kubernetes cluster as follow:

  • Single control plane (but plan to extend to 3 control plane for HA)
  • 2 worker nodes



On this cluster i deployed (following this doc from traefik https://docs.traefik.io/user-guides/crd-acme/):

  • A deployment that create two pods :

    • traefik itself: which will be in charge of routing with exposed port 80, 8080
    • whoami:a simple http server thats responds to http requests

  • two services

    • traefik service:
    • whoami servic:

  • One traefik IngressRoute:

What do i want

I have multiple services running in the cluster and i want to expose them to the outside using Ingress. More precisely i want to use the new Traefik 2.x CDR ingress methods.

My ultimate goal is to use new traefiks 2.x CRD to expose resources on port 80, 443, 8080 using IngressRoute Custom resource definitions

What's the problem

If i understand well, classic Ingress controllers allow exposition of every ports we want to the outside world (including 80, 8080 and 443).

But with the new traefik CDR ingress approach on it's own it does not exports anything at all. One solution is to define the Traefik service as a loadbalancer typed service and then expose some ports. But you are forced to use the 30000-32767 ports range (same as nodeport), and i don't want to add a reverse proxy in front of the reverse proxy to be able to expose port 80 and 443...

Also i've seed from the doc of the new igress CRD (https://docs.traefik.io/user-guides/crd-acme/) that:

kubectl port-forward --address 0.0.0.0 service/traefik 8000:8000 8080:8080 443:4443 -n default

is required, and i understand that now. You need to map the host port to the service port. But mapping the ports that way feels clunky and counter intuitive. I don't want to have a part of the service description in a yaml and at the same time have to remember that i need to map port with kubectl.

I'm pretty sure there is a neat and simple solution to this problem, but i can't understand how to keep things simple. Do you guys have an experience in kubernetes with the new traefik 2.x CRD config?

4

3 回答 3

1

您可以尝试使用 LoadBalancer 服务类型在端口 80、443 和 8080 上公开 Traefik 服务。我已经从您在 GKE 中提供的链接中测试了 yaml,它是有效的。

您需要更改“traefik”服务上的端口并添加“LoadBalancer”作为服务类型:

kind: Service
metadata:
  name: traefik
spec:
  ports:
    - protocol: TCP
      name: web
      port: 80 <== Port to receive HTTP connections
    - protocol: TCP
      name: admin
      port: 8080 <== Administration port
    - protocol: TCP
      name: websecure
      port: 443 <== Port to receive HTTPS connections
  selector:
    app: traefik
  type: LoadBalancer <== Define the type load balancer

Kubernetes 将为您的服务创建一个负载均衡器,您可以使用端口 80 和 443 访问您的应用程序。

$ curl https://35.111.XXX.XX/tls -k
Hostname: whoami-5df4df6ff5-xwflt
IP: 127.0.0.1
IP: 10.60.1.11
RemoteAddr: 10.60.1.13:55262
GET /tls HTTP/1.1
Host: 35.111.XXX.XX
User-Agent: curl/7.66.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.60.1.1
X-Forwarded-Host: 35.111.XXX.XX
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: traefik-66dd84c65c-4c5gp
X-Real-Ip: 10.60.1.1

$ curl http://35.111.XXX.XX/notls   
Hostname: whoami-5df4df6ff5-xwflt
IP: 127.0.0.1
IP: 10.60.1.11
RemoteAddr: 10.60.1.13:55262
GET /notls HTTP/1.1
Host: 35.111.XXX.XX
User-Agent: curl/7.66.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.60.1.1
X-Forwarded-Host: 35.111.XXX.XX
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-66dd84c65c-4c5gp
X-Real-Ip: 10.60.1.1
于 2020-01-10T16:21:53.977 回答
1 
apiVersion: v1
kind: Service
metadata:
  name: traefik

spec:
  ports:
    - protocol: TCP
      name: web
      port: 80
      targetPort: 8000
    - protocol: TCP
      name: admin
      port: 8080
      targetPort: 8080
    - protocol: TCP
      name: websecure
      port: 443
      targetPort: 4443
  selector:
    app: traefik

您是否尝试过使用 tragetPort,其中每个请求都来自 80 重定向到 8000,但是当您使用端口转发时,您需要始终使用服务而不是 pod

于 2020-01-06T18:13:28.337 回答
0

一段时间后,我决定在 kubernetes 集群前面放置一个 haproxy。它似乎是唯一的解决方案 ATM。

于 2020-06-08T08:52:49.220 回答