- 支持了udp
- traefik2.2 支持使用K/V存储做为动态配置的源,分别是
consul,etcd,Redis,zookeeper - 能够使用kubernetes CRD自定义资源定义UDP负载平衡
IngressRouteUDP。 - 能够使用
rancher,consul catalog,docker和marathon中的标签定义UDP的负载平衡 - 增加了对ingress注解的主持
- 将TLS存储功能
TLSStores添加到Kubernetes CRD中,使kubernetes用户无需使用配置文件和安装证书即可提供默认证书。 - 在日志中增加了http的请求方式,是http还是https
- 因为TLS的配置可能会影响CPU的使用率,因此增加了
TLS version和TLS cipher使用的指标信息 - 当前的WRR算法对于权重不平衡端点存在严重的偏差问题,将EDF调度算法用于WeightedRoundRobin,
Envoy也是使用了EOF调度算法 - 支持请求主体用于流量镜像
- 增加了
ElasticAPM作为traefik的tracing系统。 - Traefik的Dashboard增加了UDP的页面
- Traefik也增加了黑暗主题
是不是很期待新版本的Traefik的主题是什么样子的,来,先放两张看看:
那么先来尝试一下将Traefik2.1 升级到Traefik2.2.0,在Traefik2.2.0的新功能介绍了解到,2.2版本的traefik增加了两种资源对象 TLSStore和 IngressRouteUDP,如果想顺利的使用Traefik2.2版本,就需要将这两种资源对象安装一下,同时也要修改Traefik的ClusterRole,不然Traefik无法使用这两种自定义的CRDs。
准备Traefik2.2所需的 TLSStore资源和 IngressRouteUDP资源
- traefik2.2.0-tlsstore.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSStore
plural: tlsstores
singular: tlsstore
scope: Namespaced- traefik2.2.0-ingressrouteudp.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteUDP
plural: ingressrouteudps
singular: ingressrouteudp
scope: Namespaced更新Traefik ClusterRole对象
这里,我们可以在原有的Traefik2.1的ClusterRole配置清单中修改,也可以直接通过下面的配置清单,创建一个新的文件 traefik2.2.0-clusterRole.yaml:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
verbs:
- get
- list
- watch在k8s集群中配置和更新这些资源对象
代码语言:javascript复制kubectl apply -f traefik2.2.0-tlsstore.yaml
kubectl apply -f traefik2.2.0-ingressrouteudp.yaml
kubectl apply -f traefik2.2.0-clusterRole.yaml到这里,我们基本上就完成了升级Traefik版本的所有前期工作,接下来我们要修改一下Traefik的版本镜像为 traefik:v2.2,我们直接在原有的Traefik-deployment.yaml上进行修改
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
ports:
- name: web
port: 80
- name: websecure
port: 443
- name: admin
port: 8080
- name: metrics
port: 8082
- name: tcp
port: 8081
selector:
app: traefik
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
app: traefik
spec:
selector:
matchLabels:
app: traefik
template:
metadata:
name: traefik
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 1
containers:
- image: traefik:v2.2 # 修改此处的镜像版本为2.2.0
name: traefik-ingress-lb
ports:
- name: web
containerPort: 80
hostPort: 80 #hostPort方式,将端口暴露到集群节点
- name: websecure
containerPort: 443
hostPort: 443 #hostPort方式,将端口暴露到集群节点
- name: admin
containerPort: 8080
- name: tcp
containerPort: 8081
hostPort: 8081 #hostPort方式,将端口暴露到集群节点
- name: metrics
containerPort: 8082
resources:
limits:
cpu: 0.8
memory: 2048Mi
requests:
cpu: 0.4
memory: 2048Mi
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: "/config"
name: "config"
volumes:
- name: config
configMap:
name: traefik-config
tolerations: #设置容忍所有污点,防止节点被设置污点
- operator: "Exists"
nodeSelector: #设置node筛选器,在特定label的节点上启动
kubernetes.io/hostname: dev-k8s-01.kubemaster.top然后我们更新一下deployment就可以了 kubectl apply-fTraefik-deployment.yaml。我们通过命令行查看是否部署成功且运行正常.
☸️ devcluster
