baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Re Orginise k8s docs to make 1.6 usage easier

Browse source 
* Adds some raw.githubusercontent.com links to the kubectl examples to
make following along at home simpler.
* Dedupe the config for rbac so it can just be ommited if not needed.
This commit is contained in:
Ed Robinson 2017-05-15 18:59:57 +01:00 committed by Emile Vauge
parent bc6f764a87
commit c1220b8765
4 changed files with 127 additions and 166 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

154
docs/user-guide/kubernetes.md
View file

@ -12,68 +12,15 @@ on your machine, as it is the quickest way to get a local Kubernetes cluster set
2. The `kubectl` binary should be [installed on your workstation](http://kubernetes.io/docs/getting-started-guides/minikube/#download-kubectl). 2. The `kubectl` binary should be [installed on your workstation](http://kubernetes.io/docs/getting-started-guides/minikube/#download-kubectl).
## Deploy Træfik using a Deployment object ### Role Based Access Control configuration (Kubernetes 1.6+ only)
We are going to deploy Træfik with a Kubernetes introduces [Role Based Access Control (RBAC)](https://kubernetes.io/docs/admin/authorization/rbac/) in 1.6+ to allow fine-grained control
[Deployment](http://kubernetes.io/docs/user-guide/deployments/), as this will
allow you to easily roll out config changes or update the image.
```yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
terminationGracePeriodSeconds: 60
containers:
- image: traefik
name: traefik-ingress-lb
resources:
limits:
cpu: 200m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 80
hostPort: 80
- containerPort: 8080
args:
- --web
- --kubernetes
```
[examples/k8s/traefik.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik.yaml)
> notice that we binding port 80 on the Træfik container to port 80 on the host.
> With a multi node cluster we might expose Træfik with a NodePort or LoadBalancer service
> and run more than 1 replica of Træfik for high availability.
To deploy Træfik to your cluster start by submitting the deployment to the cluster with `kubectl`:
```sh
kubectl apply -f examples/k8s/traefik.yaml
```
### Role Based Access Control configuration (optional)
Kubernetes introduces [Role Based Access Control (RBAC)](https://kubernetes.io/docs/admin/authorization/) in 1.6+ to allow fine-grained control
of Kubernetes resources and api. of Kubernetes resources and api.
If your cluster is configured with RBAC, you need to authorize Traefik to use If your cluster is configured with RBAC, you may need to authorize Traefik to use
kubernetes API using ClusterRole, ServiceAccount and ClusterRoleBinding resources: kubernetes API using ClusterRole and ClusterRoleBinding resources:
_Note: your cluster may have suitable ClusterRoles already setup, but the following should work everywhere_
```yaml ```yaml
--- ---
@ -101,12 +48,6 @@ rules:
- list - list
- watch - watch
--- ---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
@ -121,10 +62,75 @@ subjects:
namespace: kube-system namespace: kube-system
``` ```
Then you add the service account information to Traefik deployment spec: [examples/k8s/traefik-rbac.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik-rbac.yaml)
`serviceAccountName: traefik-ingress-controller`
[examples/k8s/traefik-with-rbac.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik-with-rbac.yaml) ```shell
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
```
## Deploy Træfik using a Deployment object
We are going to deploy Træfik with a
[Deployment](http://kubernetes.io/docs/user-guide/deployments/), as this will
allow you to easily roll out config changes or update the image.
```yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik
name: traefik-ingress-lb
resources:
limits:
cpu: 200m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 80
hostPort: 80
- containerPort: 8080
args:
- --web
- --kubernetes
```
[examples/k8s/traefik.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik.yaml)
> notice that we binding port 80 on the Træfik container to port 80 on the host.
> With a multi node cluster we might expose Træfik with a NodePort or LoadBalancer service
> and run more than 1 replica of Træfik for high availability.
To deploy Træfik to your cluster start by submitting the deployment to the cluster with `kubectl`:
```shell
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik.yaml
```
### Check the deployment ### Check the deployment
@ -132,7 +138,7 @@ Now lets check if our deployment was successful.
Start by listing the pods in the `kube-system` namespace: Start by listing the pods in the `kube-system` namespace:
```sh ```shell
$kubectl --namespace=kube-system get pods $kubectl --namespace=kube-system get pods
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
@ -207,7 +213,7 @@ spec:
[examples/k8s/ui.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/ui.yaml) [examples/k8s/ui.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/ui.yaml)
```shell ```shell
kubectl apply -f examples/k8s/ui.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/ui.yaml
``` ```
Now lets setup an entry in our /etc/hosts file to route `traefik-ui.local` Now lets setup an entry in our /etc/hosts file to route `traefik-ui.local`
@ -334,7 +340,7 @@ spec:
[examples/k8s/cheese-deployments.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-deployments.yaml) [examples/k8s/cheese-deployments.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-deployments.yaml)
```shell ```shell
kubectl apply -f examples/k8s/cheese-deployments.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-deployments.yaml
``` ```
Next we need to setup a service for each of the cheese pods. Next we need to setup a service for each of the cheese pods.
@ -390,7 +396,7 @@ spec:
[examples/k8s/cheese-services.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-services.yaml) [examples/k8s/cheese-services.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-services.yaml)
```shell ```shell
kubectl apply -f examples/k8s/cheese-services.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-services.yaml
``` ```
Now we can submit an ingress for the cheese websites. Now we can submit an ingress for the cheese websites.
@ -431,7 +437,7 @@ spec:
> Notice that we list each hostname, and add a backend service. > Notice that we list each hostname, and add a backend service.
```shell ```shell
kubectl apply -f examples/k8s/cheese-ingress.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-ingress.yaml
``` ```
Now visit the [Træfik dashboard](http://traefik-ui.local/) and you should Now visit the [Træfik dashboard](http://traefik-ui.local/) and you should
@ -491,7 +497,7 @@ spec:
> the containers from the previous example without modification. > the containers from the previous example without modification.
```shell ```shell
kubectl apply -f examples/k8s/cheeses-ingress.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheeses-ingress.yaml
``` ```
```shell ```shell

37
examples/k8s/traefik-rbac.yaml Normal file
View file

@ -0,0 +1,37 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system

87
examples/k8s/traefik-with-rbac.yaml
View file

@ -1,87 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
---
apiVersion: v1
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
hostNetwork: true
containers:
- image: traefik
name: traefik-ingress-lb
resources:
limits:
cpu: 200m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8081
args:
- -d
- --web
- --web.address=:8081
- --kubernetes

15
examples/k8s/traefik.yaml
View file

@ -1,5 +1,11 @@
---
apiVersion: v1 apiVersion: v1
kind: Deployment kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: traefik-ingress-controller name: traefik-ingress-controller
@ -7,16 +13,13 @@ metadata:
labels: labels:
k8s-app: traefik-ingress-lb k8s-app: traefik-ingress-lb
spec: spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template: template:
metadata: metadata:
labels: labels:
k8s-app: traefik-ingress-lb k8s-app: traefik-ingress-lb
name: traefik-ingress-lb name: traefik-ingress-lb
spec: spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
hostNetwork: true hostNetwork: true
containers: containers:
@ -35,6 +38,8 @@ spec:
hostPort: 80 hostPort: 80
- name: admin - name: admin
containerPort: 8081 containerPort: 8081
securityContext:
privileged: true
args: args:
- -d - -d
- --web - --web