2017-11-21 09:01:24 +08:00
|
|
|
|
---
|
|
|
|
|
kind: ClusterRole
|
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
|
metadata:
|
|
|
|
|
name: traefik-ingress-controller
|
|
|
|
|
rules:
|
|
|
|
|
- apiGroups:
|
|
|
|
|
- ""
|
|
|
|
|
resources:
|
|
|
|
|
- pods
|
|
|
|
|
- services
|
|
|
|
|
- endpoints
|
|
|
|
|
- secrets
|
|
|
|
|
verbs:
|
|
|
|
|
- get
|
|
|
|
|
- list
|
|
|
|
|
- watch
|
|
|
|
|
- apiGroups:
|
|
|
|
|
- extensions
|
|
|
|
|
resources:
|
|
|
|
|
- ingresses
|
|
|
|
|
verbs:
|
|
|
|
|
- get
|
|
|
|
|
- list
|
|
|
|
|
- watch
|
|
|
|
|
---
|
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
|
metadata:
|
|
|
|
|
name: traefik-ingress-controller
|
|
|
|
|
roleRef:
|
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
|
kind: ClusterRole
|
|
|
|
|
name: traefik-ingress-controller
|
|
|
|
|
subjects:
|
|
|
|
|
- kind: ServiceAccount
|
|
|
|
|
name: traefik-ingress-controller
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
---
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: ServiceAccount
|
|
|
|
|
metadata:
|
|
|
|
|
name: traefik-ingress-controller
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
---
|
|
|
|
|
kind: Deployment
|
|
|
|
|
apiVersion: extensions/v1beta1
|
|
|
|
|
metadata:
|
|
|
|
|
name: traefik-ingress-controller
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
labels:
|
|
|
|
|
k8s-app: traefik-ingress-lb
|
|
|
|
|
spec:
|
|
|
|
|
replicas: 1
|
|
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
k8s-app: traefik-ingress-lb
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
k8s-app: traefik-ingress-lb
|
|
|
|
|
name: traefik-ingress-lb
|
|
|
|
|
spec:
|
|
|
|
|
serviceAccountName: traefik-ingress-controller
|
|
|
|
|
terminationGracePeriodSeconds: 60
|
|
|
|
|
containers:
|
|
|
|
|
- image: traefik
|
|
|
|
|
name: traefik-ingress-lb
|
|
|
|
|
args:
|
|
|
|
|
- --web
|
|
|
|
|
- --kubernetes
|
|
|
|
|
---
|
|
|
|
|
kind: Service
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
metadata:
|
|
|
|
|
name: traefik-ingress-service
|
|
|
|
|
namespace: kube-system
|
|
|
|
|
spec:
|
|
|
|
|
selector:
|
|
|
|
|
k8s-app: traefik-ingress-lb
|
|
|
|
|
ports:
|
|
|
|
|
- protocol: TCP
|
2017-12-17 22:41:27 +08:00
|
|
|
|
# 该端口为 traefik ingress-controller的服务端口
|
2017-11-21 09:01:24 +08:00
|
|
|
|
port: 80
|
2017-12-17 22:41:27 +08:00
|
|
|
|
# 集群hosts文件中设置的 NODE_PORT_RANGE 作为 NodePort的可用范围
|
|
|
|
|
# 从默认20000~40000之间选一个可用端口,让ingress-controller暴露给外部的访问
|
|
|
|
|
nodePort: 23456
|
2017-11-21 09:01:24 +08:00
|
|
|
|
name: web
|
|
|
|
|
- protocol: TCP
|
2017-12-17 22:41:27 +08:00
|
|
|
|
# 该端口为 traefik 的管理WEB界面
|
2017-11-21 09:01:24 +08:00
|
|
|
|
port: 8080
|
|
|
|
|
name: admin
|
|
|
|
|
type: NodePort
|