Traefik IngressRoute CRD 没有注册任何路由
[英]Traefik IngressRoute CRD not Registering Any Routes
问题描述
I'm configuring Traefik Proxy to run on a GKE cluster to handle proxying to various microservices.
我正在将 Traefik Proxy 配置为在 GKE 集群上运行以处理对各种微服务的代理。 I'm doing everything through their CRDs and deployed Traefik to the cluster using a custom deployment.我正在通过他们的 CRD 做所有事情,并使用自定义部署将 Traefik 部署到集群。 The Traefik dashboard is accessible and working fine, however when I try to setup an IngressRoute for the service itself, it is not accessible and it does not appear in the dashboard. Traefik 仪表板可以访问并且工作正常,但是当我尝试为服务本身设置 IngressRoute 时,它不可访问并且没有出现在仪表板中。 I've tried setting it up with a regular k8s Ingress object and when doing that, it did appear in the dashboard, however I ran into some issues with middleware, and for ease-of-use I'd prefer to go the CRD route.我尝试使用常规的 k8s Ingress object 进行设置,这样做时,它确实出现在仪表板中,但是我遇到了一些中间件问题,为了易于使用,我更喜欢 go CRD 路由. Also, the deployment and service for the microservice seem to be deploying fine, they both appear in the GKE dashboard and are running normally.此外,微服务的部署和服务似乎部署良好,它们都出现在 GKE 仪表板中并且运行正常。 No ingress is created, however I'm unsure of if a custom CRD IngressRoute is supposed to create one or not.没有创建入口,但是我不确定自定义 CRD IngressRoute 是否应该创建一个。
Some information about the configuration:有关配置的一些信息:
I'm using Kustomize to handle overlays and general data我正在使用 Kustomize 来处理叠加层和一般数据
I have a setting through kustomize to apply the namespace users to everything我通过 kustomize 进行设置,将命名空间users应用于所有内容
Below are the config files I'm using, and the CRDs and RBAC are defined by calling下面是我正在使用的配置文件,CRD 和 RBAC 是通过调用定义的
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
deployment.yml部署.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: users-service
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: users-service
spec:
containers:
- name: users-service
image: ${IMAGE}
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: ${HTTP_PORT}
readinessProbe:
httpGet:
path: /ready
port: web
initialDelaySeconds: 10
periodSeconds: 2
envFrom:
- secretRef:
name: users-service-env-secrets
service.yml服务.yml
apiVersion: v1
kind: Service
metadata:
name: users-service
spec:
ports:
- name: web
protocol: TCP
port: 80
targetPort: web
selector:
app: users-service
ingress.yml入口.yml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: users-stripprefix
spec:
stripPrefix:
prefixes:
- /userssrv
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: users-service-ingress
spec:
entryPoints:
- service-port
routes:
- kind: Rule
match: PathPrefix(`/userssrv`)
services:
- name: users-service
namespace: users
port: service-port
middlewares:
- name: users-stripprefix
If any more information is needed, just lmk.如果需要更多信息,请 lmk。 Thanks!谢谢!
1 个解决方案
解决方案1
1 已采纳 2022-12-04 13:39:08
A default Traefik installation on Kube.netes creates two entrypoints: Kube.netes 上的默认 Traefik 安装会创建两个入口点:
-
webfor http access, andweb用于 http 访问,以及 websecurefor https access用于websecure访问的网络安全
But you have in your IngressRoute configuration:但是您的IngressRoute配置中有:
entryPoints:
- service-port
Unless you have explicitly configured Traefik with an entrypoint named "service-port", this is probably your problem.除非您已明确配置 Traefik 具有名为“服务端口”的入口点,否则这可能是您的问题。 You want to remove the entryPoints section, or specify something like:您想要删除entryPoints部分,或指定如下内容:
entryPoints:
- web
If you omit the entryPoints configuration, the service will be available on all entrypoints.如果省略entryPoints配置,该服务将在所有入口点上可用。 If you include explicit entrypoints, then the service will only be available on those specific entrypoints (eg with the above configuration, the service would be available via http:// and not via https:// ).如果您包含显式入口点,则该服务将仅在那些特定入口点可用(例如,使用上述配置,该服务将通过http://而不是通过https://可用)。
Not directly related to your problem, but if you're using Kustomize, consider:与您的问题没有直接关系,但如果您使用的是 Kustomize,请考虑:
Drop the
app: users-servicelabel from the deployment, the service selector, etc, and instead set that in yourkustomization.yamlusing thecommonLabelsdirective.从部署、服务选择器等中删除app: users-servicelabel,然后使用commonLabels指令在您的kustomization.yaml中设置它。Drop the explicit namespace from the service specification in your IngressRoute and instead use kustomize's namespace transformer to set it (this lets you control the namespace exclusively from your
kustomization.yaml).从 IngressRoute 中的服务规范中删除显式命名空间,而是使用 kustomize 的命名空间转换器来设置它(这使您可以从kustomization.yaml中专门控制命名空间)。
I've put together a deployable example with all the changes mentioned in this answer here .我将一个可部署的示例与此答案中提到的所有更改放在一起here 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.