1、安装traefik
helm repo add traefik https://traefik.github.io/charts
helm repo update
helm search repo traefik --versions
若是出现这种情况将版本调低一点或者升级helm版本就好了
[root@master-11 ~]# helm install traefik traefik/traefik --version 34.5.0 -n traefik
Error: template: traefik/templates/deployment.yaml:3:8: executing "traefik/templates/deployment.yaml" at <fail "ERROR: Helm >= 3.9.0 is required">: error calling fail: ERROR: Helm >= 3.9.0 is required
# 推荐将helm版本升高
wget https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
helm version
helm pull traefik traefik/traefik --version 34.5.0 -n traefik
helm install -n traefik traefik -f values.yaml .
验证安装
[root@master-11 ~]# kubectl get pods -n traefik
NAME READY STATUS RESTARTS AGE
traefik-854849556c-qpwq5 1/1 Running 0 3m12s
[root@master-11 traefik]# helm list -n traefik
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik traefik 4 2025-08-24 00:10:45.531152201 +0800 CST deployed traefik-34.5.0 v3.3.4
2、访问dashboar页面 (可选)
helm默认会使用LoadBalancer去给你暴露端口,这里直接改为nodeport,至于dashboard需要暴露的端口需要去values文件里找,大部分版本所对应的端口都不一样,比如1.14的就是9000,不要去对着博客上的照抄,在安装之前一定要检查一下自己的版本,然后在svc上将dashboard给放出来(8080:30080)
# values.yaml
...
web:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8000
# hostPort: 8000
# containerPort: 8000
expose:
default: true
exposedPort: 80
...
[root@master-11 ~]# kubectl get svc -n traefik
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik LoadBalancer 10.200.52.236 <pending> 80:31188/TCP,443:30259/TCP 50m
[root@master-11 traefik]# kubectl get svc -n traefik traefik -oyaml
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: traefik
meta.helm.sh/release-namespace: traefik
creationTimestamp: "2025-08-17T10:26:19Z"
labels:
app.kubernetes.io/instance: traefik-traefik
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-34.5.0
name: traefik
namespace: traefik
resourceVersion: "283341"
uid: 33c78e7f-14a5-40c9-a7fb-d842d3c2aaf7
spec:
clusterIP: 10.200.52.236
clusterIPs:
- 10.200.52.236
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: web
nodePort: 31188
port: 80
protocol: TCP
targetPort: web
- name: websecure
nodePort: 30259
port: 443
protocol: TCP
targetPort: websecure
- name: dashboard
nodePort: 30080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/instance: traefik-traefik
app.kubernetes.io/name: traefik
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
访问http://IP:30080/dashboard
出现webui页面即为成功
3、使用 traefik 去控制 ingress(以registry私有镜像仓库为例)
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: registry-ingress
namespace: kube-system
annotations:
traefik.ingress.kubernetes.io/proxy-body-size: "100G" # 允许大镜像推送
traefik.ingress.kubernetes.io/backend-protocol: "HTTP" # Registry 服务是 HTTP
spec:
entryPoints:
- web
- websecure
tls:
secretName: registry-tls-secret
routes:
- kind: Rule
match: Host(`registry.xwk.local`)
services:
- name: docker-registry
port: 5000
# 查看traefik的svc,并使用traefik去接入ingress登录registry
[root@master-11 registry]# kubectl get svc -A | grep traefik
traefik traefik NodePort 10.200.52.236 <none> 80:31188/TCP,443:30259/TCP,9000:30900/TCP 2d7h
# 复制证书
[root@master-11 certs.d]# ls
registry.xwk.local registry.xwk.local:30259
[root@master-11 certs.d]# nerdctl login registry.xwk.local:30259 -u admin
Enter Password:
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
浙公网安备 33010602011771号