easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add deploy traefik-ingress-v2 manifest, use DaemonSet delpoy traefik, use traefik router expose traefik ui

pull/968/head
lushenle 2020-12-18 14:55:23 +08:00 committed by jmgao
parent 576eabc086
commit 32370c5bc6
5 changed files with 371 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

332
manifests/ingress/traefik/traefik-ingress-v2.yaml 100644
View File

@ -0,0 +1,332 @@
## Traefik RBAC
---
# ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kube-system
name: traefik-ingress-controller
---
# ClusterRole
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["services","endpoints","secrets"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses", "ingressclasses"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["traefik.containo.us"]
resources: ["middlewares","ingressroutes","ingressroutetcps","tlsoptions","ingressrouteudps","traefikservices","tlsstores"]
verbs: ["get","list","watch"]
---
# ClusterRoleBinding
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
## Custom Resource Definition
---
# IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
scope: Namespaced
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
shortNames:
- ingr
scope: Namespaced
---
# IngressRouteTCP
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
scope: Namespaced
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
shortNames:
- ingt
scope: Namespaced
---
# Middleware
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
scope: Namespaced
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
# TLSOption
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
scope: Namespaced
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
# TraefikService
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: traefikservices.traefik.containo.us
spec:
scope: Namespaced
group: traefik.containo.us
version: v1alpha1
names:
kind: TraefikService
plural: traefikservices
singular: traefikservice
scope: Namespaced
---
# TLSStore
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSStore
plural: tlsstores
singular: tlsstore
scope: Namespaced
---
# IngressRouteUDP
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteUDP
plural: ingressrouteudps
singular: ingressrouteudp
shortNames:
- ingu
scope: Namespaced
## Traefik ConfigMap
---
kind: ConfigMap
apiVersion: v1
metadata:
name: traefik-config
namespace: kube-system
data:
traefik.yaml: |-
ping: ""
serversTransport:
insecureSkipVerify: true
api:
insecure: true
dashboard: true
debug: false
metrics:
prometheus: ""
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
kubernetesCRD: ""
kubernetesIngress: ""
log:
filePath: ""
level: error
format: json
accessLog:
filePath: "" # stdout
format: json
bufferingSize: 0
filters:
#statusCodes: ["200"]
retryAttempts: true
minDuration: 20
fields:
defaultMode: keep
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
User-Agent: redact
Authorization: drop
Content-Type: keep
#tracing:
# serviceName:
# zipkin:
# sameSpan: true
# id128Bit: true
# sampleRate: 0.1
# httpEndpoint: http://localhost:9411/api/v2/spans
## Deploy Traefik DaemonSet
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
name: traefik
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 1
#hostNetwork: true
containers:
- image: traefik:v2.4
name: traefik-ingress-lb
imagePullPolicy: IfNotPresent
ports:
- name: web
containerPort: 80
hostPort: 80
- name: websecure
containerPort: 443
hostPort: 443
- name: admin
containerPort: 8080
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 1000m
memory: 1024Mi
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: "/config"
name: "config"
readinessProbe:
httpGet:
path: /ping
port: 8080
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /ping
port: 8080
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
volumes:
- name: config
configMap:
name: traefik-config
---
apiVersion: v1
kind: Service
metadata:
name: traefik-svc
namespace: kube-system
spec:
type: ClusterIP
ports:
- name: web
port: 80
protocol: TCP
- name: websecure
port: 443
protocol: TCP
- name: admin
port: 8080
protocol: TCP
selector:
app: traefik
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard-route
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.example.com`)
kind: Rule
services:
- name: traefik-svc
port: 8080

5
roles/cluster-addon/defaults/main.yml
View File

@ -27,7 +27,10 @@ dashboardMetricsScraperVer: "v1.0.4"
metricsscraper_offline: "metrics-scraper_{{ dashboardMetricsScraperVer }}.tar"
# ingress 自动安装,可选 "traefik" 和 "nginx-ingress"
#ingress_install: "no"
ingress_install: "no"
ingress_backend: "traefik_v2"
traefikVer: "v2.4"
traefik_v2_offline: "traefik_{{ traefikVer }}.tar"
# metallb 自动安装
#metallb_install: "no"

30
roles/cluster-addon/tasks/ingress.yml
View File

@ -3,11 +3,11 @@
- name: 尝试推送离线 traefik镜像若执行失败可忽略
copy: src={{ base_dir }}/down/{{ traefik_offline }} dest=/opt/kube/images/{{ traefik_offline }}
when: 'traefik_offline in download_info.stdout'
- name: 获取traefik离线镜像推送情况
command: "ls /opt/kube/images"
register: image_info
- name: 导入 traefik的离线镜像若执行失败可忽略
shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ traefik_offline }}"
when: 'traefik_offline in image_info.stdout and CONTAINER_RUNTIME == "docker"'
@ -23,6 +23,32 @@
when: 'ingress_backend == "traefik"'
ignore_errors: true
# Traefik v2
- block:
- block:
- name: 尝试推送离线 traefik v2 镜像(若执行失败,可忽略)
copy: src={{ base_dir }}/down/{{ traefik_v2_offline }} dest=/opt/kube/images/{{ traefik_v2_offline }}
when: 'traefik_offline in download_info.stdout'
- name: 获取traefik离线镜像推送情况
command: "ls /opt/kube/images"
register: image_info
- name: 导入 traefik的离线镜像若执行失败可忽略
shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ traefik_v2_offline }}"
when: 'traefik_v2_offline in image_info.stdout and CONTAINER_RUNTIME == "docker"'
- name: 导入 traefik的离线镜像若执行失败可忽略
shell: "{{ bin_dir }}/ctr -n=k8s.io images import /opt/kube/images/{{ traefik_v2_offline }}"
when: 'traefik_v2_offline in image_info.stdout and CONTAINER_RUNTIME == "containerd"'
- name: 创建 traefik部署
shell: "{{ base_dir }}/bin/kubectl apply -f {{ base_dir }}/manifests/ingress/traefik/traefik-ingress-v2.yaml"
connection: local
run_once: true
when: 'ingress_backend == "traefik_v2"'
ignore_errors: true
- block:
- block:
- name: 尝试推送离线 nginx-ingress镜像若执行失败可忽略

4
roles/cluster-addon/tasks/main.yml
View File

@ -108,8 +108,8 @@
when: '"kubernetes-dashboard" not in pod_info.stdout and dashboard_install == "yes"'
ignore_errors: true
#- import_tasks: ingress.yml
# when: '"ingress-controller" not in pod_info.stdout and ingress_install == "yes"'
- import_tasks: ingress.yml
when: '"ingress-controller" not in pod_info.stdout and ingress_install == "yes"'
#- block:
# - block:

5
tools/easzup
View File

@ -27,6 +27,7 @@ dashboardMetricsScraperVer=v1.0.6
flannelVer=v0.13.0-amd64
metricsVer=v0.3.6
pauseVer=3.2
traefikVer=v2.4
function download_docker() {
echo -e "[INFO] \033[33mdownloading docker binaries\033[0m $DOCKER_VER"
@ -237,6 +238,10 @@ function get_offline_image() {
docker pull easzlab/kubeasz:${KUBEASZ_VER} && \
docker save -o ${imageDir}/kubeasz_${KUBEASZ_VER}.tar easzlab/kubeasz:${KUBEASZ_VER}
fi
if [[ ! -f "$imageDir/kubeasz_$traefikVer.tar" ]];then
docker pull traefik:${traefikVer} && \
docker save -o ${imageDir}/traefik_${traefikVer}.tar traefik:${traefikVer}
fi
}
function download_all() {