Skip to main content
版本:预览版

Traefik

Traefik 是一个现代化且易用的 HTTP 反向代理和负载均衡服务,用于部署微服务。你可以使用该插件作为你的集群网关活着微服务系统的网关。

插件安装

vela addon enable traefik

访问 Traefik 的 UI

默认安装情况下 Traefik 无法直接访问,可通过 port-forward 进行本地代理,这仅适用于调试阶段。

vela port-forward -n vela-system addon-traefik 

expected output:

Forwarding from 127.0.0.1:9000 -> 9000
Forwarding from [::1]:9000 -> 9000

Forward successfully! Opening browser ...
Handling connection for 9000

你可以通过 http://127.0.0.1:9000/dashboard/ 地址访问到 Traefik 的 UI 可视化面板。

设置网关流量接入方式

如果你使用云上的集群,使用 LoadBalancer 暴露 Traefik 的访问入口是最佳方案。

vela addon enable traefik serviceType=LoadBalancer

如果在自建集群,需要根据你是作为集群网关还是应用网关来选择流量接入方式。

如何使用

  1. 为组件配置一个 HTTP 域名
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: example
namespace: e2e-test
spec:
components:
- name: express-server
type: webservice
properties:
image: oamdev/hello-world
ports:
- port: 8000
expose: true
traits:
- properties:
domains:
- example.domain.com
rules:
- path:
type: PathPrefix
value: /
port: 8080
type: http-route
  1. 为组件配置一个 HTTPS 域名

首先需要准备一个证书并创建一个 Secret。


apiVersion: v1
type: Opaque
data:
tls.crt: <BASE64>
tls.key: <BASE64>
kind: Secret
metadata:
annotations:
config.oam.dev/alias: ""
config.oam.dev/description: ""
labels:
config.oam.dev/catalog: velacore-config
config.oam.dev/multi-cluster: "true"
config.oam.dev/project: addons
config.oam.dev/type: config-tls-certificate
workload.oam.dev/type: config-tls-certificate
name: example

应用配置案例如下:

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: example-https
namespace: e2e-test
spec:
components:
- name: express-server
type: webservice
properties:
image: oamdev/hello-world
ports:
- port: 8000
expose: true
traits:
- properties:
domains:
- example.domain.com
rules:
- path:
type: PathPrefix
value: /
port: 8080
secrets:
- name: example
type: https-route

XDefinitions

http-route(trait)

基于 HTTP 路由规则来将请求从网关代理到应用。

参数说明

NameDescriptionTypeRequiredDefault
gatewayNameSpecify the gateway namestringfalsetraefik-gateway
listenerNameSpecify the listener name of the gatewaystringfalseweb
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
rules
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.pathfalse
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
portSpecify the service port of component.inttrue
headers
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
path
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/

https-route(trait)

基于 HTTPS 路由规则来将请求从网关代理到应用。

参数说明

NameDescriptionTypeRequiredDefault
secretsSpecify the TLS secrets[]secretstrue
TLSPortinttrue443
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
rules
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.pathfalse
portSpecify the service port of component.inttrue
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
headers
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
path
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/
secrets
NameDescriptionTypeRequiredDefault
namestringtrue
namespacestringfalse

tcp-route(trait)

基于四层的 TCP 路由规则来将请求从网关代理到应用。

参数说明

NameDescriptionTypeRequiredDefault
rulesSpecify the TCP matchers[]rulestrue
rules
NameDescriptionTypeRequiredDefault
gatewayPortSpecify the gateway listener portinttrue
portSpecify the service port of component.inttrue
serviceNameSpecify the service name of component, the default is component name.stringfalse

config-tls-certificate(config)

用于扩展集成配置的选项,支持用户配置 TLS 证书用于上述 HTTPs规则。

参数说明

NameDescriptionTypeRequiredDefault
certthe certificate public key encrypted by base64stringtrue
keythe certificate private key encrypted by base64stringtrue