Traefik

K3s traefik ingress 사용 서비스 테스트 traefik ingress traefik : https://cdecl.github.io/devops/traefik-proxy/{:target="_blank"} traefik 을 활용한 ingress 구현체 : K3s 에서 번들로 제공 서비스 테스트 traefik/whoami 서비스 테스트 type: NodePort # whoami-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: whoami spec: selector: matchLabels: app: whoami replicas: 2 template: metadata: labels: app: whoami spec: containers: - name: whoami image: traefik/whoami imagePullPolicy: Always ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: whoami spec: type: NodePort selector: app: whoami ports: - port: 80 targetPort: 80 nodePort: 30080 $ kubectl apply -f whoami-deploy.yaml $ kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system local-path-provisioner-7b7dc8d6f5-jnmt5 1/1 Running 0 11m kube-system coredns-b96499967-brb9f 1/1 Running 0 11m kube-system helm-install-traefik-crd-hrfr5 0/1 Completed 0 11m kube-system metrics-server-668d979685-xj5jj 1/1 Running 0 11m kube-system helm-install-traefik-nr5jq 0/1 Completed 1 11m kube-system svclb-traefik-632fd507-mdwnl 2/2 Running 0 11m kube-system traefik-7cd4fcff68-47ms4 1/1 Running 0 11m default whoami-6bbfdbb69c-phxts 1/1 Running 0 102s default whoami-6bbfdbb69c-9rpxv 1/1 Running 0 102s $ kubectl get svc -A NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 26m kube-system kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 26m kube-system metrics-server ClusterIP 10.43.90.12 <none> 443/TCP 26m kube-system traefik LoadBalancer 10.43.147.171 192.168.136.5 80:32391/TCP,443:31718/TCP 25m default whoami NodePort 10.43.116.252 <none> 80:30080/TCP 16m $ curl localhost:30080 Hostname: whoami-6bbfdbb69c-9rpxv IP: 127.0.0.1 IP: ::1 IP: 10.42.0.10 IP: fe80::7c46:beff:fe57:f495 RemoteAddr: 10.42.0.1:43930 GET / HTTP/1.1 Host: localhost:30080 User-Agent: curl/7.81.0 Accept: */* Ingress 적용 # ingress-rule.yml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: main-ingress spec: rules: # - host: domain - http: paths: - path: / pathType: ImplementationSpecific backend: service: name: whoami port: number: 80 Ingress 가 Proxy 역할로 X-Forwarded-For 등이 추가됨 ...

Docker 기반 서비스 자동 감지 및 요청을 처리하는 Reverse proxy Traefik Proxy https://doc.traefik.io/traefik/{:target="_blank"} docker.sock 을 통해 Rule 기반 서비스를 찾고 요청을 처리함 Docker 이외에 Kubernetes, Docker Swarm, AWS, Mesos, Marathon 등을 지원 Quick Start https://doc.traefik.io/traefik/getting-started/quick-start/{:target="_blank"} docker-compose.yml reverse-proxy : traefik reverse proxy 서비스 Docker Out of Docker (DooD) 같은 형태로 서비스 감지 서비스와 같은 Docker network 내에 있어야 호출이 가능 whoami : Client 호출정보를 보여주는 간단한 서비스 labels 을 통해 whoami 서비스 Rule 등록 Host 기반 Rule 적용 : "traefik.http.routers.whoami.rule=Host(whoami.localhost)" traefik.http.routers.<router_name>.rule= Docker Routers 규칙{:target="_blank"} Rule 종류{:target="_blank"} 서비스에 Port 가 노출 되어야 함 : Expose port (or Publish port) version: '3' services: reverse-proxy: # The official v2 Traefik docker image image: traefik:v2.6 # Enables the web UI and tells Traefik to listen to docker command: --api.insecure=true --providers.docker ports: # The HTTP port - "80:80" # The Web UI (enabled by --api.insecure=true) - "8080:8080" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock whoami: # A container that exposes an API to show its IP address image: traefik/whoami labels: - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)" # reverse-proxy 서비스 시작 $ docker-compose up -d reverse-proxy # whoami 서비스 시작 $ docker-compose up -d whoami $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e457ff5e01cb traefik/whoami "/whoami" 59 minutes ago Up 59 minutes 80/tcp traefik_whoami_1 Dashboard Router 확인 ...