用来作反向代理和负载均衡的,比较适用于微服务化的场景,支持多种分布式的Key-Value存储系统,支持容器技术,下面这个图诠释了它的工作.
Traefik 特性
- 速度快
- 不需要安装其他依赖,使用 GO 语言编译可执行文件
- 支持最小化官方 Docker 镜像
- 支持多种后台,如 Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS 等等
- 支持 REST API
- 配置文件热重载,不需要重启进程
- 支持自动熔断功能
- 支持轮训、负载均衡
- 提供简洁的 UI 界面
- 支持 Websocket, HTTP/2, GRPC
- 自动更新 HTTPS 证书
- 支持高可用集群模式
源码安装
通过github下载源码
git clone https://github.com/containous/traefik.git
####
helm 安装
traefik 配置
正常的traefik通过下面的配置为指定的后端开启sticky
[backends]
[backends.backend1]
# Enable sticky session
[backends.backend1.loadbalancer.stickiness]
1
2
3
4
5
6
| # Customize the cookie name
#
# Optional
# Default: a sha1 (6 chars)
#
# cookieName = "my_cookie"
|
但此处由于我们将Traefik作为ingress controller安装在kubernetes中,因此Traefik的配置文件是托管给K8s来动态更新的,因此不能通过修改配置文件配置sticky
Kubernetes中可以通过为指定的service对象或ingress对象声明annotation来为ingress controller做额外的详细配置。例如,如果要开启sticky,只需要在想要开启sticky的服务端对应的service上添加以下的annotation即可。
(配置页面)[https://docs.traefik.io/configuration/backends/kubernetes/#annotations]
General annotations¶
The following general annotations are applicable on the Ingress object:
Annotation Description
traefik.ingress.kubernetes.io/buffering: (3) See buffering section.
traefik.ingress.kubernetes.io/error-pages: (1) See custom error pages section.
traefik.ingress.kubernetes.io/frontend-entry-points: http,https Override the default frontend endpoints.
traefik.ingress.kubernetes.io/pass-tls-cert: "true" Override the default frontend PassTLSCert value. Default: false.
traefik.ingress.kubernetes.io/preserve-host: "true" Forward client Host header to the backend.
traefik.ingress.kubernetes.io/priority: "3" Override the default frontend rule priority.
traefik.ingress.kubernetes.io/rate-limit: (2) See rate limiting section.
traefik.ingress.kubernetes.io/redirect-entry-point: https Enables Redirect to another entryPoint for that frontend (e.g. HTTPS).
traefik.ingress.kubernetes.io/redirect-permanent: "true" Return 301 instead of 302.
traefik.ingress.kubernetes.io/redirect-regex: ^http://localhost/(.*) Redirect to another URL for that frontend. Must be set with traefik.ingress.kubernetes.io/redirect-replacement.
traefik.ingress.kubernetes.io/redirect-replacement: http://mydomain/$1 Redirect to another URL for that frontend. Must be set with traefik.ingress.kubernetes.io/redirect-regex.
traefik.ingress.kubernetes.io/rewrite-target: /users Replaces each matched Ingress path with the specified one, and adds the old path to the X-Replaced-Path header.
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip Override the default frontend rule type. Default: PathPrefix.
traefik.ingress.kubernetes.io/whitelist-source-range: "1.2.3.0/24, fe80::/16" A comma-separated list of IP ranges permitted for access. all source IPs are permitted if the list is empty or a single range is ill-formatted. Please note, you may have to set service.spec.externalTrafficPolicy to the value Local to preserve the source IP of the request for filtering. Please see this link for more information.
ingress.kubernetes.io/whitelist-x-forwarded-for: "true" Use X-Forwarded-For header as valid source of IP for the white list.
traefik.ingress.kubernetes.io/app-root: "/index.html" Redirects all requests for / to the defined path. (4)
