stackoom
  简体   繁体   中英

kubernetes expose services with Traefik 2.x as ingress with CRD

 原文  2020-01-06 15:47:36       kubernetes/ traefik/ kubernetes-ingress/ traefik-ingress

Question

What do i have working

I have a Kubernetes cluster as follow:

  • Single control plane (but plan to extend to 3 control plane for HA)
  • 2 worker nodes



On this cluster i deployed (following this doc from traefik https://docs.traefik.io/user-guides/crd-acme/ ):

  • A deployment that create two pods :

    • traefik itself: which will be in charge of routing with exposed port 80, 8080
    • whoami:a simple http server thats responds to http requests

  • two services

    • traefik service:
    • whoami servic:

  • One traefik IngressRoute:

What do i want

I have multiple services running in the cluster and i want to expose them to the outside using Ingress. More precisely i want to use the new Traefik 2.x CDR ingress methods.

My ultimate goal is to use new traefiks 2.x CRD to expose resources on port 80, 443, 8080 using IngressRoute Custom resource definitions

What's the problem

If i understand well, classic Ingress controllers allow exposition of every ports we want to the outside world (including 80, 8080 and 443).

But with the new traefik CDR ingress approach on it's own it does not exports anything at all. One solution is to define the Traefik service as a loadbalancer typed service and then expose some ports. But you are forced to use the 30000-32767 ports range (same as nodeport), and i don't want to add a reverse proxy in front of the reverse proxy to be able to expose port 80 and 443...

Also i've seed from the doc of the new igress CRD ( https://docs.traefik.io/user-guides/crd-acme/ ) that:

kubectl port-forward --address 0.0.0.0 service/traefik 8000:8000 8080:8080 443:4443 -n default

is required, and i understand that now. You need to map the host port to the service port. But mapping the ports that way feels clunky and counter intuitive. I don't want to have a part of the service description in a yaml and at the same time have to remember that i need to map port with kubectl .

I'm pretty sure there is a neat and simple solution to this problem, but i can't understand how to keep things simple. Do you guys have an experience in kubernetes with the new traefik 2.x CRD config?

3 answers

solution1
 0  2020-01-06 18:13:28

apiVersion: v1
kind: Service
metadata:
  name: traefik

spec:
  ports:
    - protocol: TCP
      name: web
      port: 80
      targetPort: 8000
    - protocol: TCP
      name: admin
      port: 8080
      targetPort: 8080
    - protocol: TCP
      name: websecure
      port: 443
      targetPort: 4443
  selector:
    app: traefik

have you tried to use tragetPort where every request comes on 80 redirect to 8000 but when you use port-forward you need to always use service instead of pod

solution2
 0  2020-01-10 16:21:53

You can try to use LoadBalancer service type for expose the Traefik service on ports 80, 443 and 8080. I've tested the yaml from the link you provided in GKE, and it's works.

You need to change the ports on 'traefik' service and add a 'LoadBalancer' as service type:

kind: Service
metadata:
  name: traefik
spec:
  ports:
    - protocol: TCP
      name: web
      port: 80 <== Port to receive HTTP connections
    - protocol: TCP
      name: admin
      port: 8080 <== Administration port
    - protocol: TCP
      name: websecure
      port: 443 <== Port to receive HTTPS connections
  selector:
    app: traefik
  type: LoadBalancer <== Define the type load balancer

Kubernetes will create a Loadbalancer for you service and you can access your application using ports 80 and 443. 

$ curl https://35.111.XXX.XX/tls -k
Hostname: whoami-5df4df6ff5-xwflt
IP: 127.0.0.1
IP: 10.60.1.11
RemoteAddr: 10.60.1.13:55262
GET /tls HTTP/1.1
Host: 35.111.XXX.XX
User-Agent: curl/7.66.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.60.1.1
X-Forwarded-Host: 35.111.XXX.XX
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: traefik-66dd84c65c-4c5gp
X-Real-Ip: 10.60.1.1

$ curl http://35.111.XXX.XX/notls   
Hostname: whoami-5df4df6ff5-xwflt
IP: 127.0.0.1
IP: 10.60.1.11
RemoteAddr: 10.60.1.13:55262
GET /notls HTTP/1.1
Host: 35.111.XXX.XX
User-Agent: curl/7.66.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.60.1.1
X-Forwarded-Host: 35.111.XXX.XX
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-66dd84c65c-4c5gp
X-Real-Ip: 10.60.1.1

solution3
 0 ACCPTED  2020-06-08 08:52:49

Well after some time i've decided to put an haproxy in front of the kubernetes Cluster. It's seems to be the only solution ATM.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question traefik kubernetes crd health check Expose several services via Ingress at kubernetes cluster How to expose Traefik v2 dashboard with Kubernetes Ingress How to update CRD object for Traefik in Kubernetes Traefik 2.0 IPWhitelist for TCP - Kubernetes CRD Traefik kubernetes crd - proxy external host Kubernetes Ingress gce expose two basic Sping Boot services Kubernetes Ingress not working with Traefik and TLS Traefik Kubernetes: Expose non Kubernetes service Best approach to expose kubernetes ingress?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM