k3s 基础 —— 将 traefik 替换为 ingress-nginx

移除 traefik

修改 systemd

systemctl edit --full k3s

编辑下面这行,增加 --disable=traefik

ExecStart=/usr/local/bin/k3s \
    server --disable=traefik

重启服务

systemctl restart k3s

部署 ingress-nginx

创建 ingress-nginx.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: ingress-nginx
  namespace: kube-system
spec:
  chart: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.13.3/ingress-nginx-4.13.3.tgz
#  repo:  https://helm-charts.itboon.top/ingress-nginx
#  chart: ingress-nginx
  version: 4.13.3
  set:
    controller.service.type: "LoadBalancer"
    controller.replicaCount: "1"
    global.image.registry: "k8s.nju.edu.cn"

注:若 chart 拉取失败可以考虑使用镜像仓库

部署

kubectl -f ingress-nginx.yaml

配置 HTTPS

1.申请证书

2.生成secret

kubectl create secret tls nginx-tls-secret \
  --cert=tls.crt \
  --key=tls.key \
  -n kube-system

3.修改 ingress-nginx.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: ingress-nginx
  namespace: kube-system
spec:
  chart: https://xxxx/ingress-nginx-4.13.3.tgz
  version: 4.13.3
  set:
    controller.service.type: "LoadBalancer"
    controller.replicaCount: "1"
    global.image.registry: "k8s.nju.edu.cn"
    controller.extraArgs.default-ssl-certificate: "kube-system/nginx-tls-secret" # 新增

4.重新部署

kubectl -f ingress-nginx.yaml

配置路由示例

启动一个 rabbitmq 服务

rabbitmq.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: msq
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: rabbitmq
  namespace: kube-system
spec:
  repo: https://helm-charts.itboon.top/bitnami
  chart: rabbitmq
  version: 16.0.14
  targetNamespace: msq
  #set:
    #global.imageRegistry: docker.m.daocloud.io
  valuesContent: |-
    communityPlugins: "https://github.com/rabbitmq/rabbitmq-delayed-message-exchange/releases/download/v4.1.0/rabbitmq_delayed_message_exchange-4.1.0.ez"
    extraPlugins: "rabbitmq_auth_backend_ldap rabbitmq_delayed_message_exchange"
    auth:
      username: xxxx
      password: aaaa

配置路由
rabbitmq-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rabbitmq-management-ingress
  namespace: msq
spec:
  ingressClassName: nginx
  rules:
  - host: xxx-rabbitmq.domain.com
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: rabbitmq
              port:
                number: 15672

k3s ingress 服务架构说明

L4 层负载均衡

  • 服务名称: svclb-ingress-nginx-controller-037bed5e-tzwzx
  • 工作层级: L4(传输层)
  • 部署方式: 每个节点部署一个实例
  • 主要职责: 拦截节点流量并转发至 L7 层的 Ingress Controller

L7 层 Ingress 控制器

  • 服务名称: ingress-nginx-controller-589bfd97d9-zh6vc
  • 工作层级: L7(应用层)
  • 部署方式: 单一实例(高可用场景可扩展)
  • 主要职责: 根据域名将流量路由至对应的后端服务

流量流向

客户端请求 → L4 负载均衡 → L7 Ingress Controller → 后端服务

posted on 2025-10-28 23:20  Lemo_wd  阅读(3)  评论(0)    收藏  举报

导航