Traefik

Traefik 是一个现代化且易用的 HTTP 反向代理和负载均衡服务,用于部署微服务。你可以使用该插件作为你的集群网关活着微服务系统的网关。

插件安装

  1. vela addon enable traefik

访问 Traefik 的 UI

默认安装情况下 Traefik 无法直接访问,可通过 port-forward 进行本地代理,这仅适用于调试阶段。

  1. vela port-forward -n vela-system addon-traefik

expected output:

  1. Forwarding from 127.0.0.1:9000 -> 9000
  2. Forwarding from [::1]:9000 -> 9000
  3. Forward successfully! Opening browser ...
  4. Handling connection for 9000

你可以通过 http://127.0.0.1:9000/dashboard/ 地址访问到 Traefik 的 UI 可视化面板。

设置网关流量接入方式

如果你使用云上的集群,使用 LoadBalancer 暴露 Traefik 的访问入口是最佳方案。

  1. vela addon enable traefik serviceType=LoadBalancer

如果在自建集群,需要根据你是作为集群网关还是应用网关来选择流量接入方式。

如何使用

  1. 为组件配置一个 HTTP 域名
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4. name: example
  5. namespace: e2e-test
  6. spec:
  7. components:
  8. - name: express-server
  9. type: webservice
  10. properties:
  11. image: oamdev/hello-world
  12. ports:
  13. - port: 8000
  14. expose: true
  15. traits:
  16. - properties:
  17. domains:
  18. - example.domain.com
  19. rules:
  20. - path:
  21. type: PathPrefix
  22. value: /
  23. port: 8080
  24. type: http-route
  1. 为组件配置一个 HTTPS 域名

首先需要准备一个证书并创建一个 Secret。

  1. apiVersion: v1
  2. type: Opaque
  3. data:
  4. tls.crt: <BASE64>
  5. tls.key: <BASE64>
  6. kind: Secret
  7. metadata:
  8. annotations:
  9. config.oam.dev/alias: ""
  10. config.oam.dev/description: ""
  11. labels:
  12. config.oam.dev/catalog: velacore-config
  13. config.oam.dev/multi-cluster: "true"
  14. config.oam.dev/project: addons
  15. config.oam.dev/type: config-tls-certificate
  16. workload.oam.dev/type: config-tls-certificate
  17. name: example

应用配置案例如下:

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4. name: example-https
  5. namespace: e2e-test
  6. spec:
  7. components:
  8. - name: express-server
  9. type: webservice
  10. properties:
  11. image: oamdev/hello-world
  12. ports:
  13. - port: 8000
  14. expose: true
  15. traits:
  16. - properties:
  17. domains:
  18. - example.domain.com
  19. rules:
  20. - path:
  21. type: PathPrefix
  22. value: /
  23. port: 8080
  24. secrets:
  25. - name: example
  26. type: https-route

XDefinitions

http-route(trait)

基于 HTTP 路由规则来将请求从网关代理到应用。

参数说明

NameDescriptionTypeRequiredDefault
gatewayNameSpecify the gateway namestringfalsetraefik-gateway
listenerNameSpecify the listener name of the gatewaystringfalseweb
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
rules
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
portSpecify the service port of component.inttrue
headers
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
path
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/

https-route(trait)

基于 HTTPS 路由规则来将请求从网关代理到应用。

参数说明

NameDescriptionTypeRequiredDefault
secretsSpecify the TLS secrets[]secretstrue
TLSPortinttrue443
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
rules
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
portSpecify the service port of component.inttrue
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
headers
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
path
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/
secrets
NameDescriptionTypeRequiredDefault
namestringtrue
namespacestringfalse

tcp-route(trait)

基于四层的 TCP 路由规则来将请求从网关代理到应用。

参数说明

NameDescriptionTypeRequiredDefault
rulesSpecify the TCP matchers[]rulestrue
rules
NameDescriptionTypeRequiredDefault
gatewayPortSpecify the gateway listener portinttrue
portSpecify the service port of component.inttrue
serviceNameSpecify the service name of component, the default is component name.stringfalse

config-tls-certificate(config)

用于扩展集成配置的选项,支持用户配置 TLS 证书用于上述 HTTPs规则。

参数说明

NameDescriptionTypeRequiredDefault
certthe certificate public key encrypted by base64stringtrue
keythe certificate private key encrypted by base64stringtrue