您可以使用Traefik ingress 控制器、MetalLB服务负载平衡器配置k0s,并使用服务示例部署Traefik仪表板。为此,您可以在集群配置期间利用Helm的可扩展引导功能向k0s.yaml文件添加正确的扩展名。
配置k0s在集群引导期间安装Traefik和MetalLB, 通过在k0s配置文件(k0s.yaml)中添加Helm作为扩展,
注:
一个好的做法是在您的网络上有一小部分可寻址的IP地址,最好在DHCP服务器分配的分配池之外(尽管任何有效的IP范围都应该在您的机器上本地工作)。提供可寻址范围允许您从本地网络上的任何地方访问负载均衡器和Ingress服务。
extensions:
helm:
repositories:
- name: traefik
url: https://traefik.github.io/charts
- name: bitnami
url: https://charts.bitnami.com/bitnami
charts:
- name: traefik
chartname: traefik/traefik
version: "20.5.3"
namespace: default
- name: metallb
chartname: bitnami/metallb
version: "2.5.4"
namespace: default
values: |
configInline:
address-pools:
- name: generic-cluster-pool
protocol: layer2
addresses:
- 192.168.0.5-192.168.0.10
启动集群后,运行kubectl get all以确认Traefik和MetalLB的部署。该命令应返回一个包含metallb和traefik资源的响应,以及一个分配了EXTERNAL-IP的服务负载平衡器。
kubectl get all
Output:
NAME READY STATUS RESTARTS AGE
pod/metallb-1607085578-controller-864c9757f6-bpx6r 1/1 Running 0 81s
pod/metallb-1607085578-speaker-245c2 1/1 Running 0 60s
pod/traefik-1607085579-77bbc57699-b2f2t 1/1 Running 0 81s
service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s
在这里收到404响应是正常的,因为您还没有配置任何Ingress资源来响应:
curl http://192.168.0.5
# 404 page not found
有了集群上可用且可寻址的负载均衡器,现在您可以快速部署Traefik仪表板,并从局域网上的任何地方访问它(假设MetalLB配置了可寻址范围)。
1 . 创建 一个 Traefik仪表板IngressRoute YAML文件:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
spec:
entryPoints:
- web
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
2 . 部署资源:
kubectl apply -f traefik-dashboard.yaml
此时,您应该能够通过访问上述EXTERNAL-IP访问仪表板
在浏览器中:
http://192.168.0.5/dashboard/
3 . 创建一个简单的whoami Deployment, Service, 和Ingress manifest:
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami-deployment
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami-container
image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
name: whoami-service
spec:
ports:
- name: http
targetPort: 80
port: 80
selector:
app: whoami
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-ingress
spec:
rules:
- http:
paths:
- path: /whoami
pathType: Exact
backend:
service:
name: whoami-service
port:
number: 80
4 . 部署
kubectl apply -f whoami.yaml
5 . 测试入口和服务:
curl http://192.168.0.5/whoami
ngrok: https://ngrok.com/
Let’s Encrypt: https://letsencrypt.org/
cert-manager.https://cert-manager.io/docs/
ACME provider. https://doc.traefik.io/traefik/v2.0/user-guides/crd-acme/