没错,Traefik V2已经GA了,代表着Traefik v2已经在生产环境使用。进入官网https://traefik.io/ ,可以看到醒目的Traefik 2.0 Now GA。
相较于Traefik v1,v2版本已经更新了很多特性,增加了许多新功能,特别是令人期待的TCP和k8s CRD功能。接下来我们就来探索下 Traefik 2.0 中有哪些新增的功能呢?
01 Frontends && Backends are dead
Frontends and Backends Are Dead... ... Long Live Routers, Middlewares, and Services
没错,Frontends 与 Backends 已经被去掉,无法使用,取代它们的将是Routers,Middlewares和Services:routers替代frontends,services替代backends,routers使用middlewares。来看下v1与v2 k8s ingress的前后使用区别:
V1
代码语言:javascript复制apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/rule-type: PathPrefix
spec:
rules:
- host: test.locahost
http:
paths:
- path: /test
backend:
serviceName: server0
servicePort: 80
- path: /test
backend:
serviceName: server1
servicePort: 80
V2
代码语言:javascript复制apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basicauth
namespace: foo
spec:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- http
routes:
- match: Host(`test.localhost`) && PathPrefix(`/test`)
kind: Rule
services:
- name: server0
port: 80
- name: server1
port: 80
middlewares:
- name: basicauth
namespace: foo
可以看到,通过kubernetesCRD,traefik可以使用IngressRoute功能,并且v2跟v1的使用有很大的差异,说之为完全不一样的两个也不为过。
02 TLS
TLS configuration is now dynamic, per router.
TLS不再固定,从而将变成可以被routers引用的动态配置。
V1
代码语言:javascript复制# static configuration
[entryPoints]
[entryPoints.web-secure]
address = ":443"
[entryPoints.web-secure.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
[[entryPoints.web-secure.tls.certificates]]
certFile = "path/to/my.cert"
keyFile = "path/to/my.key"
V2
代码语言:javascript复制# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption
namespace: default
spec:
minVersion: VersionTLS13
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- web
routes:
- match: Host(`bar.com`)
kind: Rule
services:
- name: whoami
port: 80
tls:
options:
name: mytlsoption
namespace: default
03 HTTP && HTTPS
HTTP to HTTPS Redirection is now configured on Routers
HTTPS现在已经可以在routers里面使用middlewares配置HTTP跳转了。
V1
代码语言:javascript复制# static configuration
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "examples/traefik.crt"
keyFile = "examples/traefik.key"
V2
代码语言:javascript复制##K8S IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: http-redirect-ingressRoute
spec:
entryPoints:
- web
routes:
- match: Host(`foo.com`)
kind: Rule
services:
- name: whoami
port: 80
middlewares:
- name: redirect
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: https-ingressRoute
spec:
entryPoints:
- web-secure
routes:
- match: Host(`foo`)
kind: Rule
services:
- name: whoami
port: 80
tls: {}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect
spec:
redirectScheme:
scheme: https
04 TCP
Traefik v2不再单单仅支持7层负载,现在已经可以支持4层负载,支持TCP。
代码语言:javascript复制tcp:
services:
app:
weighted:
services:
- name: appv1
weight: 3
- name: appv2
weight: 1
appv1:
loadBalancer:
servers:
- address: "xxx.xxx.xxx.xxx:8080"
appv2:
loadBalancer:
servers:
- address: "xxx.xxx.xxx.xxx:8080"
TCP与HTTP同时使用:
代码语言:javascript复制tcp:
routers:
to-db-1:
entrypoints:
- web-secure
rule: "HostSNI(`db1.domain`)"
service: "db-1"
tls: {}
http:
routers:
to-db1-dashboard:
entrypoints:
- web-secure
rule: "Host(`dashboard.db1.domain`)"
service: "db1-dashboard"
tls: {}
上面这个示例中, dashboard.db1.domain 上的 HTTP 请求将路由到数据库的 Dashboard 服务上,而上面的 db1.domain 上的 TCP 请求将路由到数据库上面去。So cool!
另外,v2版本还支持Metrics、Tracing...新版本的功能真是令人期待啊,下次作者将更新v2版本的实操--从v1版本升级到v2版本,大家敬请期待...