1

这是我的k3d集群创建命令:

$ k3d cluster create arxius \
   --agents 3 \
   --k3s-server-arg --disable=traefik \
   -p "8888:80@loadbalancer" -p "9000:9000@loadbalancer" \
   --volume ${HOME}/.k3d/registries.yaml:/etc/rancher/k3s/registries.yaml

这是我的节点:

 CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                                                                   NAMES
c83f2f746621        rancher/k3d-proxy:v3.0.1   "/bin/sh -c nginx-pr…"   2 weeks ago         Up 21 minutes       0.0.0.0:9000->9000/tcp, 0.0.0.0:8888->80/tcp, 0.0.0.0:45195->6443/tcp   k3d-arxius-serverlb
0ed525443da2        rancher/k3s:v1.18.6-k3s1   "/bin/k3s agent"         2 weeks ago         Up 21 minutes                                                                               k3d-arxius-agent-2
561a0a51e6d7        rancher/k3s:v1.18.6-k3s1   "/bin/k3s agent"         2 weeks ago         Up 21 minutes                                                                               k3d-arxius-agent-1
fc131df35105        rancher/k3s:v1.18.6-k3s1   "/bin/k3s agent"         2 weeks ago         Up 21 minutes                                                                               k3d-arxius-agent-0
4cfceabad5af        rancher/k3s:v1.18.6-k3s1   "/bin/k3s server --d…"   2 weeks ago         Up 21 minutes                                                                               k3d-arxius-server-0
873a4f157251        registry:2                 "/entrypoint.sh /etc…"   3 months ago        Up About an hour    0.0.0.0:5000->5000/tcp                                                  registry.localhost

我已经使用默认的 helm 安装命令安装了 traefik:

$ helm install traefik traefik/traefik

之后,ingressroute还安装了一个以到达仪表板:

Name:         traefik-dashboard
Namespace:    traefik
Labels:       app.kubernetes.io/instance=traefik
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=traefik
              helm.sh/chart=traefik-9.1.1
Annotations:  helm.sh/hook: post-install,post-upgrade
API Version:  traefik.containo.us/v1alpha1
Kind:         IngressRoute
Metadata:
  Creation Timestamp:  2020-12-09T19:07:41Z
  Generation:          1
  Managed Fields:
    API Version:  traefik.containo.us/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:helm.sh/hook:
        f:labels:
          .:
          f:app.kubernetes.io/instance:
          f:app.kubernetes.io/managed-by:
          f:app.kubernetes.io/name:
          f:helm.sh/chart:
      f:spec:
        .:
        f:entryPoints:
        f:routes:
    Manager:         Go-http-client
    Operation:       Update
    Time:            2020-12-09T19:07:41Z
  Resource Version:  141805
  Self Link:         /apis/traefik.containo.us/v1alpha1/namespaces/traefik/ingressroutes/traefik-dashboard
  UID:               1cbcd5ec-d967-440c-ad21-e41a59ca1ba8
Spec:
  Entry Points:
    traefik
  Routes:
    Kind:   Rule
    Match:  PathPrefix(`/dashboard`) || PathPrefix(`/api`)
    Services:
      Kind:  TraefikService
      Name:  api@internal
Events:      <none>

如你看到的:

Match:  PathPrefix(`/dashboard`) || PathPrefix(`/api`)

我正在尝试访问仪表板。尽管如此:

在此处输入图像描述

细节没有显示。

我也尝试过启动一个curl命令:

curl 'http://localhost:9000/api/overview'
curl: (52) Empty reply from server

有任何想法吗?

4

1 回答 1

3

traefik首先,使用 traefik helm chart(版本 9.1.1)的默认配置在端口上设置 entryPoint ,9000但不会自动公开它。因此,如果您检查为您创建的服务,您会发现这仅映射了webwebsecure端点。

检查此片段来自kubectl get svc traefik -o yaml

spec:
  clusterIP: xx.xx.xx.xx
  externalTrafficPolicy: Cluster
  ports:
  - name: web
    nodePort: 30388
    port: 80
    protocol: TCP
    targetPort: web
  - name: websecure
    nodePort: 31115
    port: 443
    protocol: TCP
    targetPort: websecure
  selector:
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
  sessionAffinity: None
  type: LoadBalancer

文档中所述,有两种方法可以访问您的仪表板。或者,您启动一​​个端口转发到本地计算机的端口 9000,或者您通过另一个入口点上的 ingressroute 公开仪表板。

请注意,即使您的 k3d 代理已经绑定到 9000,您仍然可以进行端口转发。这只是在某些负载平衡服务想要在该外部端口上公开时的保留。目前,这没有被使用,也不是任何解决方案所必需的。您仍然需要将端口转发到 traefik pod。建立端口转发后,您可以访问仪表板http://localhost:9000/dashboard/(注意PathPrefix规则所需的尾部斜杠)。

在另一个入口点公开的另一种解决方案不需要端口转发,但您需要注意正确的域名(dns 条目 + 主机规则),并注意不要通过例如添加身份验证中间件将其公开给全世界。

请参阅下面突出显示的更改:

# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard
spec:
  entryPoints:
    - web           # <-- using the web entrypoint, not the traefik (9000) one
  routes:           # v-- adding a host rule
    - match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
于 2020-12-20T18:44:57.207 回答