我对Kubernetes和traefik有点陌生。我有一个Kubernetes集群并与Calico,MetalLB和traefik一起运行。我以为只显示仪表板将是一个简单的任务,但是对我来说,我无法使其正常工作。以下是我的YAML文件
traefik2-ird.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TraefikService
plural: traefikservices
singular: traefikservice
scope: Namespaced
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutetcps
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- tlsoptions
verbs:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- traefikservices
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: traefik
traefik2-service.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
ports:
- protocol: TCP
name: web
port: 80
- protocol: TCP
name: websecure
port: 443
selector:
app: traefik
type: LoadBalancer
status:
loadBalancer: {}
traefik2-deployment.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: traefik
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: traefik
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.1
args:
- --log.level=DEBUG
#- --api=true
#- --api.insecure
- --api.dashboard=true
- --accesslog
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
- --providers.kubernetescrd
- --certificatesresolvers.default.acme.tlschallenge=true
- --certificatesresolvers.default.acme.httpChallenge.entryPoint=web
- --certificatesresolvers.default.acme.email=franklin.shearer@gmail.com
- --certificatesresolvers.default.acme.storage=acme.json
# - --certificatesResolvers.default.acme.dnsChallenge.provider=godaddy
# - --certificatesResolvers.default.acme.dnsChallenge.delayBeforeCheck=5
# Please note that this is the staging Let's Encrypt server.
# Once you get things working, you should remove that whole line altogether.
#- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
#env:
#- name: GODADDY_API_KEY
# valueFrom:
# secretKeyRef:
# key: 2s7Z15CMe9_8HN6j28ZM47RXdb5bbpXms
# name: godaddy-api-key
#- name: GODADDY_API_SECRET
# valueFrom:
# secretKeyRef:
# key: X35yD64HoJ827Hd4d9k33L
# name: godaddy-api-secret
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
traefik2-dashboard-igr.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: traefik
name: traefik-dashboard
spec:
entryPoints:
- web
routes:
#- match: Host(`traefik.cloud.djcminuz.com`)
# The dashboard can be accessed on http://traefik.domain.com/dashboard/
- match: Host(`traefik.cloud.djcminuz.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
middlewares:
- name: admin-auth
kind: Rule
services:
- name: api@internal
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: admin-auth
spec:
basicAuth:
secret: admin-authsecret
我已经浏览并遵循了类似的traefik + Kubernetes教程,甚至搜索了traefik站点,但是我不理解自己在做什么错,甚至不知道如何检查日志以查看错误。感谢所有帮助。
kubernetes记录traefik pod:
level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"kubernetesCRD\":{}},\"api\":{\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"default\":{\"acme\":{\"email\":\"franklin.shearer@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"tlsChallenge\":{}}}}}"
time="2020-03-01T18:46:46Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v2.0/contributing/data-collection/\n"
time="2020-03-01T18:46:46Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-03-01T18:46:46Z" level=debug msg="Start TCP Server" entryPointName=web
time="2020-03-01T18:46:46Z" level=debug msg="Start TCP Server" entryPointName=websecure
time="2020-03-01T18:46:46Z" level=info msg="Starting provider *crd.Provider {}"
time="2020-03-01T18:46:46Z" level=debug msg="Using label selector: \"\"" providerName=kubernetescrd
time="2020-03-01T18:46:46Z" level=info msg="label selector is: \"\"" providerName=kubernetescrd
time="2020-03-01T18:46:46Z" level=info msg="Creating in-cluster Provider client" providerName=kubernetescrd
time="2020-03-01T18:46:46Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-03-01T18:46:46Z" level=info msg="Starting provider *acme.Provider {\"email\":\"email address\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"tlsChallenge\":{},\"ResolverName\":\"default\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-03-01T18:46:46Z" level=info msg="Testing certificate renew..." providerName=default.acme
time="2020-03-01T18:46:46Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"api\":{},\"dashboard\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2020-03-01T18:46:46Z" level=debug msg="Configuration received from provider default.acme: {\"http\":{},\"tls\":{}}" providerName=default.acme
time="2020-03-01T18:46:46Z" level=debug msg="No default certificate, generating one"
time="2020-03-01T18:46:46Z" level=debug msg="No default certificate, generating one"
time="2020-03-01T18:46:47Z" level=debug msg="Configuration received from provider kubernetescrd: {\"http\":{},\"tcp\":{},\"tls\":{}}" providerName=kubernetescrd
time="2020-03-01T18:46:47Z" level=debug msg="Skipping Kubernetes event kind *v1.Secret" providerName=kubernetescrd
time="2020-03-01T18:46:47Z" level=debug msg="Skipping Kubernetes event kind *v1.Secret" providerName=kubernetescrd
time="2020-03-01T18:46:48Z" level=debug msg="No default certificate, generating one"
time="2020-03-01T18:46:48Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
time="2020-03-01T18:46:48Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
time="2020-03-01T18:46:49Z" level=debug msg="Configuration received from provider kubernetescrd: {\"http\":{\"routers\":{\"kube-system-traefik-dashboard-f900464a898c1ec5833b\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"kube-system-admin-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.cloud.djcminuz.com`)\"}}},\"tcp\":{},\"tls\":{}}" providerName=kubernetescrd
time="2020-03-01T18:46:49Z" level=debug msg="Configuration received from provider kubernetescrd: {\"http\":{\"routers\":{\"kube-system-traefik-dashboard-f900464a898c1ec5833b\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"kube-system-admin-auth\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.cloud.djcminuz.com`)\"}},\"middlewares\":{\"default-admin-auth\":{\"basicAuth\":{\"users\":[\"admin:$apr1$/m9V9Oaa$gFnjDk3bLgJV/S/Itcu1X/\"]}}}},\"tcp\":{},\"tls\":{}}" providerName=kubernetescrd
time="2020-03-01T18:46:49Z" level=debug msg="Middleware name not found in config (ResponseModifier)" entryPointName=web routerName=kube-system-traefik-dashboard-f900464a898c1ec5833b@kubernetescrd middlewareName=kube-system-admin-auth@kubernetescrd middlewareType=undefined
time="2020-03-01T18:46:49Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=kube-system-traefik-dashboard-f900464a898c1ec5833b@kubernetescrd middlewareType=TracingForwarder middlewareName=tracing entryPointName=web
time="2020-03-01T18:46:49Z" level=error msg="middleware \"kube-system-admin-auth@kubernetescrd\" does not exist" routerName=kube-system-traefik-dashboard-f900464a898c1ec5833b@kubernetescrd entryPointName=web
time="2020-03-01T18:46:49Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
time="2020-03-01T18:46:49Z" level=debug msg="No default certificate, generating one"
time="2020-03-01T18:46:50Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
答案 0 :(得分:0)
我看到除了服务之外,所有资源都已命名。我在基础架构中重现了类似的情况,并且可以确认您需要将服务附加到部署所在的名称空间。
如果选中kubectl api-resources,则可以看到服务已命名空间:
$ kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
services svc true Service
因此,将您的服务更改为以下内容:
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: traefik
spec:
ports:
- protocol: TCP
name: web
port: 80
- protocol: TCP
name: websecure
port: 443
selector:
app: traefik
type: LoadBalancer
status:
loadBalancer: {}
possible指向使用FQDN从服务中另一个命名空间进行的部署。