使用k3d快速创建一个kubernetes集群

[v5tech]

安装文档

https://k3d.io/ https://k3s.io/ https://doc.traefik.io/traefik/

安装k3d

brew install k3d
brew install kubectl
brew install kubecm

创建集群

• 禁用 traefik、metrics-server

k3d cluster create dev \
-p "8081:80@loadbalancer" \
--k3s-arg "--disable=traefik@server:0" \
--k3s-arg "--disable=metrics-server@server:0"

• 禁用 traefik

k3d cluster create dev \
-p "8081:80@loadbalancer" \
--k3s-arg "--disable=traefik@server:0"

此处使用--registry-config配置镜像仓库认证。文档地址:https://k3d.io/v5.1.0/usage/registries/#registries-file

常用参数：

--k3s-arg : 文档地址：https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/#k3s-server-cli-help

可选的组件有：coredns, servicelb, traefik, local-storage, metrics-server

如：--k3s-arg "--disable=traefik@server:0"

k3d cluster create dev \
--port "80:80@loadbalancer" \
--port "443:443@loadbalancer" \
--registry-config "registries.yaml"

registries.yaml

mirrors:
  "registry.cn-beijing.aliyuncs.com":
    endpoint:
      - https://registry.cn-beijing.aliyuncs.com

configs:
  "registry.cn-beijing.aliyuncs.com":
    auth:
      username: username
      password: password

注："registry.cn-beijing.aliyuncs.com" 名字保持一致

• 替换flannel为calico

不想使用默认flannel的可以选择其他网络组件.如：calico 参考：https://github.com/rancher/k3d/blob/main/docs/usage/advanced/calico.md

 k3d cluster create dev \
 --image "rancher/k3s:v1.20.12-k3s1" \
 --volume "$(pwd)/calico.yaml:/var/lib/rancher/k3s/server/manifests/calico.yaml" \
 --port "80:80@loadbalancer" \
 --port "443:443@loadbalancer" \
 --k3s-arg "--flannel-backend=none@server:0" \
 --k3s-arg "--disable=traefik@server:0" \
 --registry-config "registries.yaml"

• 创建集群

k3d cluster create k3s-local \
--port 80:80@loadbalancer \
--port 8443:443@loadbalancer \
--api-port 6443 \
--servers 1 \
--agents 2

• 部署nginx、tomcat进行测试

kubectl create deployment nginx --image=nginx:alpine
kubectl create service clusterip nginx --tcp=80:80

kubectl create deployment tomcat --image=tomcat:alpine
kubectl create service clusterip tomcat --tcp=8080:8080

创建ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx
  annotations:
    ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx
            port:
              number: 80

---

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: stripprefix
spec:
  stripPrefix:
    prefixes:
      - /nginx
      - /tomcat
    forceSlash: false

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/ssl-redirect: "false"
    traefik.ingress.kubernetes.io/router.entrypoints: web
    # <middleware-namespace>-<middleware-name>@kubernetescrd
    # traefik.ingress.kubernetes.io/router.middlewares: appspace-stripprefix@kubernetescrd
    traefik.ingress.kubernetes.io/router.middlewares: default-stripprefix@kubernetescrd
  name: traefik
spec:
  rules:
    - http:
        paths:
          - path: /nginx
            pathType: Prefix
            backend:
              service:
                name:  nginx
                port:
                  number: 80
          - path: /tomcat
            pathType: Prefix
            backend:
              service:
                name: tomcat
                port:
                  number: 8080

访问traefik dashboard

kubectl -n kube-system port-forward $(kubectl -n kube-system get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000

浏览器访问：http://localhost:9000/dashboard/

参考文档

Traefik 路由规则及中间件 Traefik Middlewares 的配置 https://doc.traefik.io/traefik/providers/overview/ https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/ https://doc.traefik.io/traefik/middlewares/overview/

[v5tech]

ingress.yaml

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`traefik.example.com`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx
  annotations:
    ingress.kubernetes.io/ssl-redirect: "false"
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    # traefik.ingress.kubernetes.io/router.middlewares: default-stripprefix@kubernetescrd
spec:
  rules:
    - host: nginx.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx
                port:
                  number: 80
    - host: tomcat.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: tomcat
                port:
                  number: 8080

traefik.example.com nginx.example.com tomcat.example.com

[v5tech]

Log Aggregation for Traefik and Kubernetes with the Elastic Stack https://traefik.io/blog/log-aggregation-for-traefik-and-kubernetes-with-the-elastic-stack/

Capture Traefik Metrics for Apps on Kubernetes with Prometheus https://traefik.io/blog/capture-traefik-metrics-for-apps-on-kubernetes-with-prometheus/

Application Request Tracing with Traefik and Jaeger on Kubernetes https://traefik.io/blog/application-request-tracing-with-traefik-and-jaeger-on-kubernetes/

HTTPS on Kubernetes Using Traefik Proxy https://traefik.io/blog/https-on-kubernetes-using-traefik-proxy/

Traefik Proxy 2.x and Kubernetes 101 https://traefik.io/blog/traefik-proxy-kubernetes-101/

From Zero to Hero: Getting Started with k0s and Traefik https://traefik.io/blog/from-zero-to-hero-getting-started-with-k0s-and-traefik/

Kubernetes Ingress & Service API Demystified https://traefik.io/blog/kubernetes-ingress-service-api-demystified/

Getting Started with Traefik and the New Kubernetes Gateway API https://traefik.io/blog/getting-started-with-traefik-and-the-new-kubernetes-gateway-api/

Rate limiting on Kubernetes applications with Traefik Proxy and Codefresh https://traefik.io/blog/rate-limiting-on-kubernetes-applications/

Integrating Consul Connect Service Mesh with Traefik 2.5 https://traefik.io/blog/integrating-consul-connect-service-mesh-with-traefik-2-5/