0

我尝试使用 traefik 反向代理部署 google cAdvisor

工作 nginx 配置

使用 nginx docker-compose:

  cadvisor:
container_name: cadvisor
build:
  context: .
  dockerfile: projects/cadvisor/Dockerfile
command:
  - '-port=80'
  - '-url_base_prefix=/admin/cadvisor'
volumes:
  - "/:/rootfs:ro"
  - "/var/run:/var/run:ro"
  - "/sys:/sys:ro"
  - "/var/lib/docker:/var/lib/docker:ro"
  - "/dev/disk:/dev/disk:ro"
expose:
  - 80

Nginx 配置:

location  ~* /admin/cadvisor/.*$ {
    proxy_pass http://cadvisor;
}

traefik 配置失败

 cadvisor:
container_name:cadvisor
image:  gcr.io/google-containers/cadvisor:latest
restart: always
privileged: true
networks:
  - back-network
ports:
  - "8080:8080"
command:
  - '-url_base_prefix=/cadvisor'
volumes:
  - /:/rootfs:ro
  - /var/run:/var/run:rw
  - /sys:/sys:ro
  - /var/lib/docker/:/var/lib/docker:ro
labels:
  - "traefik.http.routers.cadvisor.rule=Host(`localhost`) && PathPrefix(`/cadvisor`)"
  - "traefik.http.services.cadvisor.loadbalancer.server.port=8080"

cAdvisor 的主要问题是重定向,这就是我们需要添加url_base_prefixarg的原因

但是以前使用 traefik 的 docker-compose 不起作用

我不知道如何转置location ~* /admin/cadvisor/.*$ 到 Traefik 配置

4

1 回答 1

1

你在那里用 Nginx 做什么?它是否在主机上运行以处理对其他服务的其他请求?cAdvisor 不需要 Nginx。

这是我当前安装的一个工作示例:

version: '3.8'
services:
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    restart: always
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro
    privileged: true
    devices:
      - "/dev/kmsg:/dev/kmsg"
    command: --url_base_prefix=/cadvisor
    environment:
      - CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz 
    labels:
      - "traefik.enable=true" # enable traefik
      - "traefik.docker.network=traefik-public" # put it in the same network as traefik
      - "traefik.constraint-label=traefik-public" # assign the same label as traefik so it can be discovered

      - "traefik.http.routers.cadvisor-01.service=cadvisor-01-secured"
      - "traefik.http.routers.cadvisor-01.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
      - "traefik.http.routers.cadvisor-01.priority=20"
      - "traefik.http.routers.cadvisor-01.entrypoints=http"
      - "traefik.http.middlewares.cadvisor-01.redirectscheme.scheme=https" # redirect traffic to https
      - "traefik.http.middlewares.cadvisor-01.redirectscheme.permanent=true" # redirect traffic to https

      - "traefik.http.middlewares.def-cadvisor-01.headers.customrequestheaders.X-Forwarded-Server=host.example.com"
      - "traefik.http.middlewares.def-cadvisor-01.headers.referrerPolicy=origin"
      - "traefik.http.middlewares.def-cadvisor-01-auth.basicauth.users=USERNAME:PASSWORD"
      - "traefik.http.routers.cadvisor-01.middlewares=https-redirect"

      - "traefik.http.routers.cadvisor-01-secured.service=cadvisor-01-secured"
      - "traefik.http.routers.cadvisor-01-secured.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
      - "traefik.http.routers.cadvisor-01-secured.priority=20"
      - "traefik.http.routers.cadvisor-01-secured.entrypoints=https"
      - "traefik.http.routers.cadvisor-01-secured.tls.certresolver=le-tls" # use the Let's Encrypt certificate resolver
      - "traefik.http.services.cadvisor-01-secured.loadbalancer.server.port=8080" # ask Traefik to search for port 8080
      - "traefik.http.routers.cadvisor-01-secured.middlewares=secHeaders@file,def-cadvisor-01-auth,def-cadvisor-01,def-compress"
    networks:
      - "traefik-public"


networks:
  traefik-public:
    external: true`

健康检查有点棘手,它是 cAdvisor Dockerfile 中的固定 URL,但使用环境变量会覆盖它。如您所见,我正在使用路径 /cadvisor/ 运行 cAdvisor,因此我必须将其添加为命令选项“--url_base_prefix”并修改 CADVISOR_HEALTHCHECK_URL 环境变量。

Traefik 作为反向代理运行,它侦听端口 443 和 80,我不想向公众开放另一个像 8080 这样的端口,所以 Traefik 负责处理 TLS 内容并从 http 重定向到 https。因此,您无需在 cAdvisor 定义中打开端口 8080 或公开端口 80!这将由 Traefik 处理。Traefik 使用相同的 Docker 网络访问您的容器。

注意优先级设置!如果另一个 Traefik 服务处理根 URL,它必须具有较低的优先级。否则您的服务定义将永远不会匹配。

如果不允许发布 URL,我很抱歉,但也许它对某人有用。我在https://www.kuerbis.org/traefik-und-mehr/上写过介绍文章——在其中一篇文章中,您会发现更多关于 Traefik 和 cAdvisor 的信息。它们是用德语写的,但我想谷歌翻译或类似的东西应该会有所帮助。

亲切的问候,拉尔夫

于 2021-01-05T18:25:47.920 回答