Traefik

Traefik 是一个现代化且易用的 HTTP 反向代理和负载均衡服务,用于部署微服务。你可以使用该插件作为你的集群网关活着微服务系统的网关。

  1. vela addon enable traefik

默认安装情况下 Traefik 无法直接访问,可通过 port-forward 进行本地代理,这仅适用于调试阶段。

  1. vela port-forward -n vela-system addon-traefik

expected output:

  1. Forwarding from 127.0.0.1:9000 -> 9000
  2. Forwarding from [::1]:9000 -> 9000
  4. Forward successfully! Opening browser ...
  5. Handling connection for 9000

你可以通过 http://127.0.0.1:9000/dashboard/ 地址访问到 Traefik 的 UI 可视化面板。

如果你使用云上的集群,使用 LoadBalancer 暴露 Traefik 的访问入口是最佳方案。

  1. vela addon enable traefik serviceType=LoadBalancer

如果在自建集群,需要根据你是作为集群网关还是应用网关来选择流量接入方式。

  1. 为组件配置一个 HTTP 域名
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: example
  5.   namespace: e2e-test
  6. spec:
  7.   components:
  8.   - name: express-server
  9.     type: webservice
  10.     properties:
  11.         image: oamdev/hello-world
  12.         ports:
  13.          - port: 8000
  14.            expose: true
  15.     traits:
  16.     - properties:
  17.         domains:
  18.         - example.domain.com
  19.         rules:
  20.         - path:
  21.             type: PathPrefix
  22.             value: /
  23.           port: 8080
  24.       type: http-route
  1. 为组件配置一个 HTTPS 域名

首先需要准备一个证书并创建一个 Secret。

  2. apiVersion: v1
  3. type: Opaque
  4. data:
  5.   tls.crt: <BASE64>
  6.   tls.key: <BASE64>
  7. kind: Secret
  8. metadata:
  9.   annotations:
  10.     config.oam.dev/alias: ""
  11.     config.oam.dev/description: ""
  12.   labels:
  13.     config.oam.dev/catalog: velacore-config
  14.     config.oam.dev/multi-cluster: "true"
  15.     config.oam.dev/project: addons
  16.     config.oam.dev/type: config-tls-certificate
  17.     workload.oam.dev/type: config-tls-certificate
  18.   name: example

应用配置案例如下:

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: example-https
  5.   namespace: e2e-test
  6. spec:
  7.   components:
  8.   - name: express-server
  9.     type: webservice
  10.     properties:
  11.         image: oamdev/hello-world
  12.         ports:
  13.          - port: 8000
  14.            expose: true
  15.     traits:
  16.     - properties:
  17.         domains:
  18.         - example.domain.com
  19.         rules:
  20.         - path:
  21.             type: PathPrefix
  22.             value: /
  23.           port: 8080
  24.         secrets: 
  25.         - name: example
  26.       type: https-route

基于 HTTP 路由规则来将请求从网关代理到应用。

NameDescriptionTypeRequiredDefault
gatewayNameSpecify the gateway namestringfalsetraefik-gateway
listenerNameSpecify the listener name of the gatewaystringfalseweb
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
portSpecify the service port of component.inttrue
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/

基于 HTTPS 路由规则来将请求从网关代理到应用。

NameDescriptionTypeRequiredDefault
secretsSpecify the TLS secrets[]secretstrue
TLSPortinttrue443
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
portSpecify the service port of component.inttrue
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/
NameDescriptionTypeRequiredDefault
namestringtrue
namespacestringfalse

基于四层的 TCP 路由规则来将请求从网关代理到应用。

NameDescriptionTypeRequiredDefault
rulesSpecify the TCP matchers[]rulestrue
NameDescriptionTypeRequiredDefault
gatewayPortSpecify the gateway listener portinttrue
portSpecify the service port of component.inttrue
serviceNameSpecify the service name of component, the default is component name.stringfalse

用于扩展集成配置的选项,支持用户配置 TLS 证书用于上述 HTTPs规则。

NameDescriptionTypeRequiredDefault
certthe certificate public key encrypted by base64stringtrue
keythe certificate private key encrypted by base64stringtrue

Last updated on 2023年8月4日 by Daniel Higuero