# vim traefik-crd.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.2 creationTimestamp: null name: ingressroutes.traefik.containo.us spec: group: traefik.containo.us names: kind: IngressRoute listKind: IngressRouteList plural: ingressroutes singular: ingressroute scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: IngressRoute is an Ingress CRD specification. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IngressRouteSpec is a specification for a IngressRouteSpec resource. properties: entryPoints: items: type: string type: array routes: items: description: Route contains the set of routes. properties: kind: enum: - Rule type: string match: type: string middlewares: items: description: MiddlewareRefisareftotheMiddlewareresources. properties: name: type: string namespace: type: string required: - name type: object type: array priority: type: integer services: items: description: Servicedefinesanupstreamtoproxytraffic. properties: kind: enum: - Service - TraefikService type: string name: description: NameisareferencetoaKubernetesService object (foraload-balancerofservers), ortoaTraefikService object (serviceload-balancer, mirroring, etc). The differentiationbetweenthetwoisspecifiedinthe Kindfield. type: string namespace: type: string passHostHeader: type: boolean port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true responseForwarding: description: ResponseForwardingholdsconfigurationfor theforwardoftheresponse. properties: flushInterval: type: string type: object scheme: type: string serversTransport: type: string sticky: description: Stickyholdsthestickyconfiguration. properties: cookie: description: Cookieholdsthestickyconfiguration basedoncookie. properties: httpOnly: type: boolean name: type: string sameSite: type: string secure: type: boolean type: object type: object strategy: type: string weight: description: WeightshouldonlybespecifiedwhenName referencesaTraefikServiceobject (andtobeprecise, onethatembedsaWeightedRoundRobin). type: integer required: - name type: object type: array required: - kind - match type: object type: array tls: description: "TLScontainstheTLScertificatesconfigurationofthe routes. ToenableLet'sEncrypt, useanemptyTLSstruct, e.g. in YAML: \n \ttls: {} # inline format \n \t tls: \t secretName: # block format" properties: certResolver: type: string domains: items: description: Domain holds a domain name with SANs. properties: main: type: string sans: items: type: string type: array type: object type: array options: description: Options is a reference to a TLSOption, that specifies the parameters of the TLS connection. properties: name: type: string namespace: type: string required: - name type: object secretName: description: SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. type: string store: description: Store is a reference to a TLSStore, that specifies the parameters of the TLS store. properties: name: type: string namespace: type: string required: - name type: object type: object required: - routes type: object required: - metadata - spec type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []
--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.2 creationTimestamp: null name: ingressroutetcps.traefik.containo.us spec: group: traefik.containo.us names: kind: IngressRouteTCP listKind: IngressRouteTCPList plural: ingressroutetcps singular: ingressroutetcp scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: IngressRouteTCP is an Ingress CRD specification. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec resource. properties: entryPoints: items: type: string type: array routes: items: description: RouteTCP contains the set of routes. properties: match: type: string middlewares: description: Middlewares contains references to MiddlewareTCP resources. items: description: ObjectReference is a generic reference to a Traefik resource. properties: name: type: string namespace: type: string required: - name type: object type: array services: items: description: ServiceTCP defines an upstream to proxy traffic. properties: name: type: string namespace: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true proxyProtocol: description: ProxyProtocol holds the ProxyProtocol configuration. properties: version: type: integer type: object terminationDelay: type: integer weight: type: integer required: - name - port type: object type: array required: - match type: object type: array tls: description: "TLSTCP contains the TLS certificates configuration of the routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: # block format" properties: certResolver: type: string domains: items: description: Domain holds a domain name with SANs. properties: main: type: string sans: items: type: string type: array type: object type: array options: description: Options is a reference to a TLSOption, that specifies the parameters of the TLS connection. properties: name: type: string namespace: type: string required: - name type: object passthrough: type: boolean secretName: description: SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. type: string store: description: Store is a reference to a TLSStore, that specifies the parameters of the TLS store. properties: name: type: string namespace: type: string required: - name type: object type: object required: - routes type: object required: - metadata - spec type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []
--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.2 creationTimestamp: null name: ingressrouteudps.traefik.containo.us spec: group: traefik.containo.us names: kind: IngressRouteUDP listKind: IngressRouteUDPList plural: ingressrouteudps singular: ingressrouteudp scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: IngressRouteUDP is an Ingress CRD specification. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec resource. properties: entryPoints: items: type: string type: array routes: items: description: RouteUDP contains the set of routes. properties: services: items: description: ServiceUDP defines an upstream to proxy traffic. properties: name: type: string namespace: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true weight: type: integer required: - name - port type: object type: array type: object type: array required: - routes type: object required: - metadata - spec type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []
--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.6.2 creationTimestamp: null name: middlewares.traefik.containo.us spec: group: traefik.containo.us names: kind: Middleware listKind: MiddlewareList plural: middlewares singular: middleware scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Middleware is a specification for a Middleware resource. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: MiddlewareSpec holds the Middleware configuration. properties: addPrefix: description: AddPrefix holds the AddPrefix configuration. properties: prefix: type: string type: object basicAuth: description: BasicAuth holds the HTTP basic authentication configuration. properties: headerField: type: string realm: type: string removeHeader: type: boolean secret: type: string type: object buffering: description: Buffering holds the request/response buffering configuration. properties: maxRequestBodyBytes: format: int64 type: integer maxResponseBodyBytes: format: int64 type: integer memRequestBodyBytes: format: int64 type: integer memResponseBodyBytes: format: int64 type: integer retryExpression: type: string type: object chain: description: Chain holds a chain of middlewares. properties: middlewares: items: description: MiddlewareRef is a ref to the Middleware resources. properties: name: type: string namespace: type: string required: - name type: object type: array type: object circuitBreaker: description: CircuitBreaker holds the circuit breaker configuration. properties: expression: type: string type: object compress: description: Compress holds the compress configuration. properties: excludedContentTypes: items: type: string type: array type: object contentType: description: ContentType middleware - or rather its unique `autoDetect` option - specifies whether to let the `Content-Type` header, if it has not been set by the backend, be automatically set to a value derived from the contents of the response. As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. However, the historic default was to always auto-detect and set the header if it was nil, and it is going to be kept that way in order to support users currently relying on it. This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. properties: autoDetect: type: boolean type: object digestAuth: description: DigestAuth holds the Digest HTTP authentication configuration. properties: headerField: type: string realm: type: string removeHeader: type: boolean secret: type: string type: object errors: description: ErrorPage holds the custom error page configuration. properties: query: type: string service: description: Service defines an upstream to proxy traffic. properties: kind: enum: - Service - TraefikService type: string name: description: NameisareferencetoaKubernetesServiceobject (foraload-balancerofservers), ortoaTraefikService object (serviceload-balancer, mirroring, etc). Thedifferentiation betweenthetwoisspecifiedintheKindfield. type: string namespace: type: string passHostHeader: type: boolean port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true responseForwarding: description: ResponseForwardingholdsconfigurationforthe forwardoftheresponse. properties: flushInterval: type: string type: object scheme: type: string serversTransport: type: string sticky: description: Stickyholdsthestickyconfiguration. properties: cookie: description: Cookieholdsthestickyconfigurationbased oncookie. properties: httpOnly: type: boolean name: type: string sameSite: type: string secure: type: boolean type: object type: object strategy: type: string weight: description: WeightshouldonlybespecifiedwhenNamereferences aTraefikServiceobject (andtobeprecise, onethatembeds aWeightedRoundRobin). type: integer required: - name type: object status: items: type: string type: array type: object forwardAuth: description: ForwardAuthholdsthehttpforwardauthenticationconfiguration. properties: address: type: string authRequestHeaders: items: type: string type: array authResponseHeaders: items: type: string type: array authResponseHeadersRegex: type: string tls: description: ClientTLSholdsTLSspecificconfigurationsasclient. properties: caOptional: type: boolean caSecret: type: string certSecret: type: string insecureSkipVerify: type: boolean type: object trustForwardHeader: type: boolean type: object headers: description: Headersholdsthecustomheaderconfiguration. properties: accessControlAllowCredentials: description: AccessControlAllowCredentialsisonlyvalidiftrue. falseisignored. type: boolean accessControlAllowHeaders: description: AccessControlAllowHeadersmustbeusedinresponse toapreflightrequestwithAccess-Control-Request-Headersset. items: type: string type: array accessControlAllowMethods: description: AccessControlAllowMethodsmustbeusedinresponse toapreflightrequestwithAccess-Control-Request-Methodset. items: type: string type: array accessControlAllowOriginList: description: AccessControlAllowOriginListisalistofallowable origins. Canalsobeawildcardorigin "*". items: type: string type: array accessControlAllowOriginListRegex: description: AccessControlAllowOriginListRegexisalistofallowable originswrittenfollowingtheRegularExpressionsyntax (https://golang.org/pkg/regexp/). items: type: string type: array accessControlExposeHeaders: description: AccessControlExposeHeaderssetsvalidheadersfor theresponse. items: type: string type: array accessControlMaxAge: description: AccessControlMaxAgesetsthetimethatapreflight requestmaybecached. format: int64 type: integer addVaryHeader: description: AddVaryHeadercontrolsiftheVaryheaderisautomatically added/updatedwhentheAccessControlAllowOriginListisset. type: boolean allowedHosts: items: type: string type: array browserXssFilter: type: boolean contentSecurityPolicy: type: string contentTypeNosniff: type: boolean customBrowserXSSValue: type: string customFrameOptionsValue: type: string customRequestHeaders: additionalProperties: type: string type: object customResponseHeaders: additionalProperties: type: string type: object featurePolicy: description: 'Deprecated: usePermissionsPolicyinstead.' type: string forceSTSHeader: type: boolean frameDeny: type: boolean hostsProxyHeaders: items: type: string type: array isDevelopment: type: boolean permissionsPolicy: type: string publicKey: type: string referrerPolicy: type: string sslForceHost: description: 'Deprecated: useRedirectRegexinstead.' type: boolean sslHost: description: 'Deprecated: useRedirectRegexinstead.' type: string sslProxyHeaders: additionalProperties: type: string type: object sslRedirect: description: 'Deprecated: useEntryPointredirectionorRedirectScheme instead.' type: boolean sslTemporaryRedirect: description: 'Deprecated: useEntryPointredirectionorRedirectScheme instead.' type: boolean stsIncludeSubdomains: type: boolean stsPreload: type: boolean stsSeconds: format: int64 type: integer type: object inFlightReq: description: InFlightReqlimitsthenumberofrequestsbeingprocessed andservedconcurrently. properties: amount: format: int64 type: integer sourceCriterion: description: SourceCriteriondefineswhatcriterionisusedto grouprequestsasoriginatingfromacommonsource. Ifnone areset, thedefaultistousetherequest'sremoteaddress field. Allfieldsaremutuallyexclusive. properties: ipStrategy: description: IPStrategyholdstheipstrategyconfiguration. properties: depth: type: integer excludedIPs: items: type: string type: array type: object requestHeaderName: type: string requestHost: type: boolean type: object type: object ipWhiteList: description: IPWhiteListholdstheipwhitelistconfiguration. properties: ipStrategy: description: IPStrategyholdstheipstrategyconfiguration. properties: depth: type: integer excludedIPs: items: type: string type: array type: object sourceRange: items: type: string type: array type: object passTLSClientCert: description: PassTLSClientCertholdstheTLSclientcertheadersconfiguration. properties: info: description: TLSClientCertificateInfoholdstheclientTLScertificate infoconfiguration. properties: issuer: description: TLSClientCertificateDNInfoholdstheclientTLS certificatedistinguishednameinfoconfiguration. cfhttps://tools.ietf.org/html/rfc3739 properties: commonName: type: boolean country: type: boolean domainComponent: type: boolean locality: type: boolean organization: type: boolean province: type: boolean serialNumber: type: boolean type: object notAfter: type: boolean notBefore: type: boolean sans: type: boolean serialNumber: type: boolean subject: description: TLSClientCertificateDNInfoholdstheclientTLS certificatedistinguishednameinfoconfiguration. cfhttps://tools.ietf.org/html/rfc3739 properties: commonName: type: boolean country: type: boolean domainComponent: type: boolean locality: type: boolean organization: type: boolean province: type: boolean serialNumber: type: boolean type: object type: object pem: type: boolean type: object plugin: additionalProperties: x-kubernetes-preserve-unknown-fields: true type: object rateLimit: description: RateLimitholdstheratelimitingconfigurationfora givenrouter. properties: average: format: int64 type: integer burst: format: int64 type: integer period: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true sourceCriterion: description: SourceCriteriondefineswhatcriterionisusedto grouprequestsasoriginatingfromacommonsource. Ifnone areset, thedefaultistousetherequest'sremoteaddress field. Allfieldsaremutuallyexclusive. properties: ipStrategy: description: IPStrategyholdstheipstrategyconfiguration. properties: depth: type: integer excludedIPs: items: type: string type: array type: object requestHeaderName: type: string requestHost: type: boolean type: object type: object redirectRegex: description: RedirectRegexholdstheredirectionconfiguration. properties: permanent: type: boolean regex: type: string replacement: type: string type: object redirectScheme: description: RedirectSchemeholdstheschemeredirectionconfiguration. properties: permanent: type: boolean port: type: string scheme: type: string type: object replacePath: description: ReplacePathholdstheReplacePathconfiguration. properties: path: type: string type: object replacePathRegex: description: ReplacePathRegexholdstheReplacePathRegexconfiguration. properties: regex: type: string replacement: type: string type: object retry: description: Retryholdstheretryconfiguration. properties: attempts: type: integer initialInterval: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true type: object stripPrefix: description: StripPrefixholdstheStripPrefixconfiguration. properties: forceSlash: type: boolean prefixes: items: type: string type: array type: object stripPrefixRegex: description: StripPrefixRegexholdstheStripPrefixRegexconfiguration. properties: regex: items: type: string type: array type: object type: object required: - metadata - spec type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []
# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE traefik ClusterIP 10.96.174.88 <none> 80/TCP,8080/TCP,443/TCP,8083/TCP,8084/UDP 6h44m
1 2 3
# kubectl get endpoints -n kube-system NAME ENDPOINTS AGE traefik 10.244.135.204:80,10.244.159.141:80,10.244.194.92:80 + 17 more... 6h44m
NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/whoami 2/22235m deployment.apps/whoamitcp 2/22235m deployment.apps/whoamiudp 2/22235m
NAME DESIRED CURRENT READY AGE replicaset.apps/whoami-7d666f84d822235m replicaset.apps/whoamitcp-744cc4b4722235m replicaset.apps/whoamiudp-58f6cf7b822235m
3.2.2 创建whoami应用ingress route资源清单文件并应用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# vim whoami-ingressroute.yaml apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: myingressroute namespace: default spec: entryPoints: - web
# mysql -h mysql.kubemsb.com -uroot -pabc123 -P3306 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.36 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Type'help;' or '\h'for help. Type'\c' to clear the current input statement.
# wget http://download.redis.io/releases/redis-3.2.8.tar.gz # tar xf redis-3.2.8.tar.gz # make
1 2 3 4 5 6 7
# ./src/redis-cli -h redis.kubemsb.com -p 6379 redis.kubemsb.com:6379> ping PONG redis.kubemsb.com:6379> set hello world OK redis.kubemsb.com:6379> get hello "world"
输出: customresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/referencepolicies.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/tcproutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/tlsroutes.gateway.networking.k8s.io created customresourcedefinition.apiextensions.k8s.io/udproutes.gateway.networking.k8s.io created
