Nomad+traefik+nginx的服务暴露

MinghsinLee
422 阅读2分钟
Nomad是另一款容器调度平台,不同于k8s,它的占用相当低,于是准备将它使用在自己的nas上进行容器管理,目前仅测试了简单的服务暴露,还未测试详细的应用情况,不得不说相比起k8s,它的生态是真的差很远,k8s光靠一个官方文档就足够玩到敢把kubernetes应用到生产环境,可这东西无论如何也不敢直接上生产,而且官方文档又不友好,不支持中文,需要直接啃英文,而且条理不清晰,但至少它是另一种选择。

Nomad部署

Nomad启动

[root@nomad ~]# nomad agent -config server.hcl

Nomad启动配置文件:
#nomad配置文件
datacenter="planet"
data_dir="/data/app/nomad/data"

server {
    enabled=true
    bootstrap_expect=1
}

client {
    enabled=true
traefik配置清单:
job "traefik" {
  datacenters = ["*"]
  type        = "service"

  group "traefik" {
    count = 1

    network {
      port  "ingress"{
         static = 65001
      }
      port  "admin"{
         static = 8080
      }
    }

    service {
      name = "traefik-ingress"
      provider = "nomad"
      port = "ingress"
    }

    task "server" {
      driver = "docker"
      config {
        image = "traefik:v3.0"
        ports = ["admin", "ingress"]
        args = [
          "--api.dashboard=true",
          "--api.insecure=true", ### For Test only, please do not use that in production
          "--entrypoints.web.address=:${NOMAD_PORT_ingress}",
          "--entrypoints.traefik.address=:${NOMAD_PORT_admin}",
          "--providers.nomad=true",
          "--providers.nomad.endpoint.address=http://192.168.31.8:4646", ### IP to your nomad server
          "--providers.nomad.refreshInterval=10s",
          "--providers.nomad.exposedByDefault=false" #配置成了false,这样可以自行控制哪个服务去开启暴露
        ]
      }
    }
  }
}
后端服务(用whoami代表后端服务)
job "whoami" {
  datacenters = ["*"]
  type = "service"
  update {
    max_parallel = 2
    min_healthy_time = "10s"
    healthy_deadline = "3m"
    progress_deadline = "10m"
    auto_revert = false
    canary = 0
  }
  migrate {
    max_parallel = 1
    health_check = "checks"
    min_healthy_time = "10s"
    healthy_deadline = "5m"
  }
  group "whoami" {
    count = 10
    network {
      port "web" {
        to = 80
      }
    }
    service {
      name     = "whoami"
      tags     = ["traefik.enable=true"] # 添加tags,让traefik开启代理,默认是7层代理
      port     = "web"
      provider = "nomad"
    }
    restart {
      attempts = 2
      interval = "30m"
      delay = "15s"
      mode = "fail"
    }
    task "whoami" {
      driver = "docker"
      config {
        image = "traefik/whoami:latest"
        ports = ["web"]
        auth_soft_fail = true
      }
      identity {
        env  = true
        file = true
      }
      resources {
      }
    }
  }
}

此时在traefik dashboard中可以看到会自动添加host名为whoami的7层代理 图片.png

接下来使用nginx代理添加proxy_set_header的方式可以让你访问特定端口来走不同的七层路由(或者可以自己改host或者可以自己建dns解析都可以)

nginx添加header为例:

# server块配置
server {
    listen 65001;
    server_name whoami;
    location / {
        proxy_pass  http://192.168.31.8:65000;
        proxy_set_header Host whoami; #指定header
    }
}

两次刷新可以看到负载被轮询

第一次: 图片.png 第二次: 图片.png

========================================

还可以直接让traefik代理tcp来实现相同的处理,具体看使用情形,只测试过在nomad的服务tags里按traefik的格式添加traefik配置即可被traefik自动识别配置,但目前还未深入研究。如此可以只走4层代理。

avatar
文章
阅读
粉丝