Docker Swarm 配置 Traefik 作为网关和负载均衡

前言

业务升级后,现有的业务打算用Docker作为布署的解决方案。集群的方案目前有主流的K8S ,权衡 之后选择了Docker自己的Docker Swarm.本来老的业务是走阿里云的负载均衡,443和80到LB,然后80到每台节点服务器使用了Nginx 作为反向代理,监听80.但现在增添了Docker Swarm ,新的业务和老的业务就混在一起用了,这样也可以有一个过渡期,慢慢替换老的布署方式。就决定将新的业务的域名在阿里的LB设置了一个转发策略,所有的新的业务的域名,HTTP S和HTTP的都转发到节点的82端口,然后Docker Swarm 这边配置了云原生网关Traefik 来做网关和负载均衡。用Traefik也是在横向比较了LVS ,Nginx ,HAproxy之后选择了更契合Docker 的Traefik 这个新起之秀来做为解决方案。具体的细节,网上有一堆,可以去搜一搜。

 

安装和配置Traefik

因为之前已经安装了 Docker 和Docker Swarm ,这里就不赘述了。这里主要讲一下在安装Traefik 的过程中遇到的坑。因为之前对这一块不是很了解,网上搜了一堆的方案。但发现安装是成功了,但是访问具体的业务确是404Page.有问题的具体Traefik的配置如下

version: "3.3"

services:
  traefik:
    image: traefik
    restart: always
      #container_name: traefik
    ports:
      - "82:80"
      - "8080:8080" # traefik dashboard
    command:
      - --api.insecure=true # set to 'false' on production
      - --api.dashboard=true # see https://docs.traefik.io/v2.0/operations/dashboard/#secure-mode for how to secure the dashboard
      - --api.debug=true # enable additional endpoints for debugging and profiling
      - --log.level=DEBUG # debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/
      - --providers.docker=true
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=proxy
      - --entryPoints.web.address=:80
        #- --entryPoints.elderServer.address=:7122
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - proxy
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.api.rule=Host(`traefik.xxx.com`)"
        - "traefik.http.routers.api.service=api@internal" # Let the dashboard access the traefik api

networks:
  proxy:
    external: true

传到服务器上执行:

docker stack deploy -c trafik.yml traefik

安装成功,访问IP:8080也能打开 traefik的Dashboard

再添加一个测试用的 yaml

version: '3'
services:
  helloworld:
    image: tutum/hello-world:latest
    networks:
     # 与traefik同一个网络
     - proxy
    deploy:
      labels:
        # 对外暴露容器服务
        - "traefik.enable=true"
        # 对外访问的路由地址,路由规则请参考官网
        # https://docs.traefik.io/routing/routers/
        - "traefik.http.routers.helloworld.rule=Host(`dockertest.xxxxx.com`)"
        # 对外暴露的入口点
        - "traefik.http.routers.helloworld.entrypoints=web"
        # 容器内的入口点,treafik无法获知你的服务的访问入口点
        # 所以你必须以此告诉Traefik
        # Traefik同时会在此对横向拓展的容器建立负载均衡
        # 更多见https://docs.traefik.io/routing/services/
        - "traefik.http.services.helloworld.loadbalancer.server.port=80"
networks:
  proxy:
    external: true

传到服务器上执行

docker stack deploy -c helloworld.yml helloworld

也安装成功,但无论打开是这个helloworld的域名还是traefik自己的都是404  page ,执行

docker service logs -f  traefik_traefik

看了一直日志,有两个错误一个是 ” port is missing ” 还有一个是 没有 manager 的权限。更新了一下traefik.yaml文件

version: "3.3"

services:
  traefik:
    image: traefik
    restart: always
      #container_name: traefik
    ports:
      - "82:80"
      - "8080:8080" # traefik dashboard
    command:
      - --api.insecure=true # set to 'false' on production
      - --api.dashboard=true # see https://docs.traefik.io/v2.0/operations/dashboard/#secure-mode for how to secure the dashboard
      - --api.debug=true # enable additional endpoints for debugging and profiling
      - --log.level=DEBUG # debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/
      - --providers.docker=true
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=proxy
      - --entryPoints.web.address=:80
        #- --entryPoints.elderServer.address=:7122
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - proxy
    deploy:
      placement:
        constraints:
          - node.role == manager #加了这个是为了将traefik布署到manager节点,这样就有了权限
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.api.rule=Host(`traefik.xxxx.com`)"
        - "traefik.http.routers.api.service=api@internal" # Let the dashboard access the traefik api
        - "traefik.http.routers.api.entrypoints=web" # Let the dashboard access the traefik api
        - "traefik.http.services.dummyService.loadbalancer.server.port=9090" #增加了一个负载均衡的端品到taefik的dashboard业务,端口只要是业务没有用的随机的就可以

networks:
  proxy:
    external: true

在上传重新执行一下,再打开网址OK。

Related Posts