1. 支持了udp
2. traefik2.2 支持使用K/V存储做为动态配置的源,分别是 `consul`, `etcd`, `Redis`, `zookeeper`
3. 能够使用kubernetes CRD自定义资源定义UDP负载平衡 `IngressRouteUDP`。
4. 能够使用 `rancher`, `consul catalog`, `docker`和 `marathon`中的标签定义UDP的负载平衡
5. 增加了对ingress注解的主持
6. 将TLS存储功能 `TLSStores`添加到Kubernetes CRD中,使kubernetes用户无需使用配置文件和安装证书即可提供默认证书。
7. 在日志中增加了http的请求方式,是http还是https
8. 因为TLS的配置可能会影响CPU的使用率,因此增加了 `TLS version`和 `TLS cipher`使用的指标信息
9. 当前的WRR算法对于权重不平衡端点存在严重的偏差问题,将EDF调度算法用于WeightedRoundRobin, `Envoy`也是使用了 `EOF调度算法`
10. 支持请求主体用于流量镜像
11. 增加了 `ElasticAPM`作为traefik的tracing系统。
12. Traefik的Dashboard增加了UDP的页面
13. Traefik也增加了黑暗主题
是不是很期待新版本的Traefik的主题是什么样子的,来,先放两张看看:
那么先来尝试一下将Traefik2.1 升级到Traefik2.2.0,在Traefik2.2.0的新功能介绍了解到,2.2版本的traefik增加了两种资源对象 `TLSStore`和 `IngressRouteUDP`,如果想顺利的使用Traefik2.2版本,就需要将这两种资源对象安装一下,同时也要修改Traefik的ClusterRole,不然Traefik无法使用这两种自定义的CRDs。
#### 准备Traefik2.2所需的 `TLSStore`资源和 `IngressRouteUDP`资源
- traefik2.2.0-tlsstore.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSStore
plural: tlsstores
singular: tlsstorescope: Namespaced
- traefik2.2.0-ingressrouteudp.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteUDP
plural: ingressrouteudps
singular: ingressrouteudpscope: Namespaced
#### 更新Traefik ClusterRole对象
这里,我们可以在原有的Traefik2.1的ClusterRole配置清单中修改,也可以直接通过下面的配置清单,创建一个新的文件 `traefik2.2.0-clusterRole.yaml`:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
-
apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch-
apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch-
apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update-
apiGroups:
- traefik.containo.us
resources:
- middlewares
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
verbs:
- get
- list
- watch
#### 在k8s集群中配置和更新这些资源对象
kubectl apply -f traefik2.2.0-tlsstore.yaml
kubectl apply -f traefik2.2.0-ingressrouteudp.yaml
kubectl apply -f traefik2.2.0-clusterRole.yaml
到这里,我们基本上就完成了升级Traefik版本的所有前期工作,接下来我们要修改一下Traefik的版本镜像为 `traefik:v2.2`,我们直接在原有的Traefik-deployment.yaml上进行修改
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: kube-system
spec:
ports:
- name: web
port: 80
- name: websecure
port: 443
- name: admin
port: 8080
- name: metrics
port: 8082
- name: tcp
port: 8081selector:
app: traefikapiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
app: traefikspec:
selector:
matchLabels:
app: traefiktemplate:
metadata:
name: traefik
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 1
containers:
- image: traefik:v2.2
name: traefik-ingress-lb
ports:
- name: web
containerPort: 80
hostPort: 80 #hostPort方式,将端口暴露到集群节点
- name: websecure
containerPort: 443
hostPort: 443 #hostPort方式,将端口暴露到集群节点
- name: admin
containerPort: 8080
- name: tcp
containerPort: 8081
hostPort: 8081 #hostPort方式,将端口暴露到集群节点
- name: metrics
containerPort: 8082
resources:
limits:
cpu: 2000m
memory: 2048Mi
requests:
cpu: 1000m
memory: 2048Mi
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --configfile=/config/traefik.yaml
volumeMounts:
- mountPath: "/config"
name: "config"
volumes:
- name: config
configMap:
name: traefik-config
tolerations: #设置容忍所有污点,防止节点被设置污点
- operator: "Exists"
nodeSelector: #设置node筛选器,在特定label的节点上启动
kubernetes.io/hostname: dev-k8s-01.kubemaster.top
然后我们更新一下deployment就可以了 `kubectl apply-fTraefik-deployment.yaml`。我们通过命令行查看是否部署成功且运行正常.
☸️ devcluster🔥 tracing ~ 🐳 👉 kubectl get pods -n kube-system | egrep traefik
traefik-ingress-controller-68d74dd67-bvsmr 1/1 Running 0 4d2h
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。