kubernetes traefik multiple namespaces

曲珂發表於2018-04-11
namespace

官方文件在此 https://docs.traefik.io/user-guide/kubernetes/

官方文件在配置 RBAC 時使用了 ClusterRoleBinding, 當你想用多名稱空間時,官方給了你一個提示

For namespaced restrictions, one RoleBinding is required per watched namespace along with a corresponding configuration of Træfik's kubernetes.namespaces parameter.

這就是坑人的地方了 !!!

traefik --help 這麼顯示的

預設值是一個"[]", 這到底是一個字串還是列表

那麼我是--kubernetes.namespaces="[env-a, env-b]"  還是 --kubernetes.namespaces=["env-a", "env-b"]

我們把幫助文件往上拉

好 有個說明,那麼我們就認為是這麼填 --kubernetes.namespaces='env-a,env-b'

還是報錯

經過萬能的 google 搜尋,發現了這個頁面 https://github.com/containous/traefik/issues/1153

看一下-- help 就知道這裡這個引數是個 map, 那麼變通一下 --kubernetes.namespaces=env-a,env-b    沒有引號, 官方文件真的能坑死人

讓我們來看一下完整的配置

RBAC 我們使用 Role 和 RoleBinding

這樣就能在不同的 namespace 啟動不同的 traefik 例項來指向不同的 ingress

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: default
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: default  

 deployment 

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: default
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: default
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik-ingress-lb
        args:
        - --api
        - --kubernetes
        - --kubernetes.namespaces=default           #### 就是這裡
        - --logLevel=INFO
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: default
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 8080
      name: admin
  type: NodePort  

ui

---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: default
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: default
spec:
  rules:
  - host: traefik-ui.minikube
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui
          servicePort: web

  

相關文章