1. 功能

开源的云原生应用代理，可以作为K8S Ingress Controller，通过Ingress配置去访问后端服务，如果需要全面的功能，需要使用Traefik自定义的CRD，通过IngressRoute来定义转发规则。

2. 部署

需要使用CRD IngressRoute的安装方式：

1.创建ServiceAccount

apiVersion: v1
 
kind: ServiceAccount
 
metadata:
 
  name: traefik-ingress-controller

2.创建CRD和RBAC

# Install Traefik Resource Definitions:

kubectl apply -f raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
 
# Install RBAC for Traefik:
 
kubectl apply -f raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml

3.创建Traefik和对应的Service

kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: default
  name: traefik
  labels:
    app: traefik
 
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:v3.1
          args:
            - --entryPoints.web.Address=:8000
            - --entryPoints.websecure.Address=:4443
            - --providers.kubernetescrd
          ports:
            - name: web
              containerPort: 8000
            - name: websecure
              containerPort: 4443

apiVersion: v1
kind: Service
metadata:
  name: traefik-web-service
 
spec:
  type: LoadBalancer
  ports:
    - targetPort: web
      port: 8000
  selector:
    app: traefik
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-secure-web-service
 
spec:
  type: LoadBalancer
  ports:
    - targetPort: websecure
      port: 4443
  selector:
    app: traefik

创建完成之后，Traefik就部署完成了。

3. 使用验证

1.创建后端的应用whoami和service:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: whoami
  labels:
    app: whoami
 
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          command: ["/whoami"]
          args: ["--verbose"]
          ports:
            - name: web
              containerPort: 80

apiVersion: v1
kind: Service
metadata:
  name: whoami
  
spec:
  ports:
    - name: web
      port: 80
      targetPort: web
 
  selector:
    app: whoami

2.创建Middleware（这里的作用是进行路径rewrite，官方提供的还有其他的middleware可以实现不同的功能）:

# Replace the path by /data
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: test-replacepath
  namespace: test
spec:
  replacePath:
    path: /data

3.创建IngressRoute:

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
  namespace: test
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`whoami.example.io`) && PathPrefix(`/notls`)
    middlewares:
    - name: test-replacepath   
      namespace: test 
    kind: Rule
    services:
    - name: whoami
      port: 80

在本地/etc/hosts增加

127.0.0.1 whoami.example.io

测试验证：

curl whoami.example.io:8000/notls?size=10
|ABCDEFGH|