traefik集群路由组件安装部署应用

helm repo add traefik https://traefik.github.io/charts
helm install my-traefik traefik/traefik --version 27.0.2

镜像版本为traefik:v2.11.2

deployment 配置调整

    spec:
      hostNetwork: true # 共享宿主机网络命名空间
      containers:
      - args:
        - --entrypoints.web.address=:80/tcp
        - --entrypoints.websecure.address=:443/tcp
        ports
        - containerPort: 80
          name: web
          protocol: TCP
        - containerPort: 443
          name: websecure
          protocol: TCP
        securityContext:
          runAsUser: 0 #允许以root权限运行
          allowPrivilegeEscalation: false
          capabilities:
            add:
            - NET_BIND_SERVICE # 允许绑定80，443端口
            drop:
            - ALL
          readOnlyRootFilesystem: true # 强制以root身份运行
          runAsNonRoot: false  # 关闭非root用户限制

IngressRoute资源yaml配置文件创建

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: my-ingress
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`my-minio.one.test`)
    kind: Rule
    services:
    - name: minio
      port: 9000