个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
28
4
大家好,我刚刚创建了一个新的 Kubernetes 集群并创建了一个名为“路由”的命名空间
在这里,我通过 helm chart (2.2) 创建了最新的 traefik
我可以看到 pods 运行良好。
没有来自 traefik pod 的日志。
当我运行时:
kubectl get svc --namespace routing
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik LoadBalancer cluster-ip-is-here external-ip-is-here 80:32252/TCP,443:30252/TCP 33m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 7d
kube-system kube-dns ClusterIP 10.245.0.10 <none> 53/UDP,53/TCP,9153/TCP 7d
routing traefik LoadBalancer 10.245.69.214 external-ip 80:32252/TCP,443:30252/TCP 2d
kubectl apply -f dashboard.yml --namespace routing
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
kind: Rule
services:
- name: api@internal
kind: TraefikService
image:
name: traefik
tag: 2.2.8
pullPolicy: IfNotPresent
#
# Configure the deployment
#
deployment:
enabled: true
# Number of pods of the deployment
replicas: 1
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
podAnnotations: {}
# Additional containers (e.g. for metric offloading sidecars)
additionalContainers: []
# Additional initContainers (e.g. for setting file permission as shown below)
initContainers: []
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/containous/traefik/issues/6972
# - name: volume-permissions
# image: busybox:1.31.1
# command: ["sh", "-c", "chmod -Rv 600 /data/*"]
# volumeMounts:
# - name: data
# mountPath: /data
# Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet
# Pod disruption budget
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# minAvailable: 0
# Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
#
# Configure providers
#
providers:
kubernetesCRD:
enabled: true
kubernetesIngress:
enabled: true
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
#
# Add volumes to the traefik pod.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
volumes: []
# - name: public-cert
# mountPath: "/certs"
# type: secret
# - name: configs
# mountPath: "/config"
# type: configMap
# Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
# By default, logs are written using the Common Log Format (CLF).
# To write logs in JSON, use json in the format option.
# If the given format is unsupported, the default (CLF) is used instead.
# format: json
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
globalArguments:
- "--global.checknewversion"
- "--global.sendanonymoususage"
#
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments: []
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# Environment variables to be passed to Traefik's binary
env: []
# - name: SOME_VAR
# value: some-var-value
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# Configure ports
ports:
# The name of this one can't be changed as it is used for the readiness and
# liveness probes, but you can adjust its config to your liking
traefik:
port: 9000
# Use hostPort if set.
# hostPort: 9000
#
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You SHOULD NOT expose the traefik port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl proxy` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
port: 8000
# hostPort: 8000
expose: true
exposedPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
# Use nodeport if set. This is useful if you have configured Traefik in a
# LoadBalancer
# nodePort: 32080
# Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection
# redirectTo: websecure
websecure:
port: 8443
# hostPort: 8443
expose: true
exposedPort: 443
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
enabled: true
type: LoadBalancer
# Additional annotations (e.g. for cloud provider specific config)
annotations: {}
# Additional entries here will be added to the service spec. Cannot contains
# type, selector or ports entries.
spec: {}
# externalTrafficPolicy: Cluster
# loadBalancerIP: "1.2.3.4"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges: []
# - 192.168.0.1/32
# - 172.16.0.0/16
externalIPs: []
# - 1.2.3.4
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# targetAverageUtilization: 60
# - type: Resource
# resource:
# name: memory
# targetAverageUtilization: 60
# Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
# It will persist TLS certificates.
persistence:
enabled: false
# existingClaim: ""
accessMode: ReadWriteOnce
size: 128Mi
# storageClass: ""
path: /data
annotations: {}
# subPath: "" # only mount a subpath of the Volume into the pod
# If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default.
hostNetwork: false
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
namespaced: false
# The service account the pods will use to interact with the Kubernetes API
serviceAccount:
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name: ""
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
affinity: {}
# # This example pod anti-affinity forces the scheduler to put traefik pods
# # on nodes where no other traefik pods are scheduled.
# # It should be used when hostNetwork: true to prevent port conflicts
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - {{ template "traefik.name" . }}
# topologyKey: failure-domain.beta.kubernetes.io/zone
nodeSelector: {}
tolerations: []
# Pods can have priority.
# Priority indicates the importance of a Pod relative to other Pods.
priorityClassName: ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name -n routing) 9000:9000 -n routing
http://localhost:9000/dashboard/#/
最佳答案
看来你需要暴露端口 9000正如配置评论所说。请记住生产环境的警告:
traefik:
port: 9000
# Use hostPort if set.
# hostPort: 9000
#
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You SHOULD NOT expose the traefik port on production deployments. 👈 Keep in mind this
# If you want to access it from outside of your cluster,
# use `kubectl proxy` or create a secure ingress
expose: true 👈 Change this
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
external-ip-is-here:9000获得.
80 服务它或
443您将不得不修改现有的或创建另一个
IngressRoute/
TraefikService一对。
关于kubernetes - Traefik Helm Chart 404,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63658154/
28
4
0
有没有办法根据全局 values.yaml 有条件地安装 helm 子图?我将所有内部服务和组件都作为子图表,其中之一是消息队列图表。在我的开发和测试环境(本地 k8s)中,我使用 RabbitMQ,
我是 Helm 新手。 我在父图表中有一个默认值。我想默认在每个子图中使用这个值,但也有可能覆盖特定子图的值。 例子: # Parent-chart values.yaml global: sch
我正在使用 Helm chart 来部署大约 15 个微服务。有一个带有 requirements.yaml 的父 Helm chart 其中所有必需的微服务都列为依赖项。 sample requir
我正在为我的应用程序创建一个 Helm chart 。在模板目录中,我有一个包含这个的 config-map.yaml {{- with Values.xyz }} xyz.abc-def: {{ .
我已将图表发布到Chartmuseum。是的,我已经运行了“helm repo更新”。 $ helm search chartmuseum/ NAME C
我正在尝试找到一种方法来删除 Helm 中所有已部署的版本。 看来 Helm does not support删除所有版本,使用 --all否则。 是否有另一种方法可以在一个命令中删除所有 Helm
我想知道helm template --debug之间哪个最好 和 helm install --dry-run --debug 谢谢 最佳答案 两个命令的区别在于helm install --dry
我已经使用 helm 在我的 GKE 集群上部署了 jupyterhub。但是,当我运行 helm list --all(或 helm list --failed 等)时,我看不到任何输出。 我可以确
我正在尝试使用 OCI 注册表 (ACR) 来存储我的 helm 图表。我找到了推送和拉取图表的方法,但我无法以 OCI native 方式登录注册表。 目前我可以通过以下方式登录: az acr l
我正在使用 helm 图表(带有子图表)来部署我的应用程序。我正在使用值文件来设置值。 我正在寻找一种在我的值文件(或任何其他地方)中设置对我的值文件有效的变量的方法。 我的值文件中有一些部分(服务)
我有一个包含以下键/值对的值文件: domains: - name: "one.dev.beta.com" - name: "two.dev.beta.com" - name: "thre
我正在尝试在我的 helm 模板中提供一个条件,以使用 regexMatch 函数检查有效(或相当无效)的主机名。 这是我正在使用的代码行: {{- if regexMatch "(?:[0-9]{1
我有一个带有可选组件的 Helm chart 。似乎支持可选组件的首选方法是将它们分成单独的图表并用标签切换它们。 我试过了,但我的可选组件需要知道图表其余部分的变量(特定服务的地址)。这会导致事情破
我目前正在为多容器应用程序编写 Helm 图表。我们有一堆微服务容器(我们称它们为“应用程序”),它们在通过 K8s 处理的方式上非常相似,并且可以(因此应该)由相同的 Helm 模板处理以避免重复。
我正在安装 prometheus-redis-exporter Helm chart .其Deployment对象有一种注入(inject)注解的方法: # deployment.yaml ...
我无法摆脱这种状态:PENDING_INSTALL .这导致 terraform 无法部署。有没有办法不删除? # helm status core-api LAST DEPLOYED: Mon Ju
我正在寻找一种解决方案,将我的 values.yaml 中的列表转换为逗号分隔的列表。 值.yaml app: logfiletoexclude: - "/var/log/containe
我有一个 k8s 资源的通用模板,我想将其扩展 n 次(如果您好奇,这样我就可以创建 mongo 集群的 n 个成员,并且他们使用 statefulset 资源,以便每个成员都有一个稳定的网络姓名)。
我正在为 Web 服务开发一组 Helm 模板,该模板将整数 ID 作为其配置的一部分。该 Id 成为服务端点的一部分,编码为网络安全的 base64 字符集: 0=A 1=B 2=C ... 26=
我正在尝试将字典从一个 helm 模板传递到另一个 helm 模板,但它在被调用模板中解析为 null。 调用模板 - deployment.yaml 调用模板 - storageNodeAffini
我是一名优秀的程序员,十分优秀!