google 使用 Traefik 的 cAdvisor
google cAdvisor with Traefik
我尝试使用 traefik 反向代理部署 google cAdvisor
正在运行的 nginx 配置
使用nginx docker-compose:
cadvisor:
container_name: cadvisor
build:
context: .
dockerfile: projects/cadvisor/Dockerfile
command:
- '-port=80'
- '-url_base_prefix=/admin/cadvisor'
volumes:
- "/:/rootfs:ro"
- "/var/run:/var/run:ro"
- "/sys:/sys:ro"
- "/var/lib/docker:/var/lib/docker:ro"
- "/dev/disk:/dev/disk:ro"
expose:
- 80
Nginx 配置:
location ~* /admin/cadvisor/.*$ {
proxy_pass http://cadvisor;
}
traefik 配置失败
cadvisor:
container_name:cadvisor
image: gcr.io/google-containers/cadvisor:latest
restart: always
privileged: true
networks:
- back-network
ports:
- "8080:8080"
command:
- '-url_base_prefix=/cadvisor'
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
labels:
- "traefik.http.routers.cadvisor.rule=Host(`localhost`) && PathPrefix(`/cadvisor`)"
- "traefik.http.services.cadvisor.loadbalancer.server.port=8080"
cAdvisor 的主要问题是重定向,这就是我们需要添加 url_base_prefix arg
的原因
但是之前的 docker-compose with traefik 不工作
我不知道如何将 location ~* /admin/cadvisor/.*$ 转换为 Traefik 配置
你在那里用 Nginx 做什么?它是否 运行 在主机上处理对其他服务的其他请求? cAdvisor 不需要 Nginx。
这是我当前安装的一个工作示例:
version: '3.8'
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
restart: always
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
privileged: true
devices:
- "/dev/kmsg:/dev/kmsg"
command: --url_base_prefix=/cadvisor
environment:
- CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz
labels:
- "traefik.enable=true" # enable traefik
- "traefik.docker.network=traefik-public" # put it in the same network as traefik
- "traefik.constraint-label=traefik-public" # assign the same label as traefik so it can be discovered
- "traefik.http.routers.cadvisor-01.service=cadvisor-01-secured"
- "traefik.http.routers.cadvisor-01.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
- "traefik.http.routers.cadvisor-01.priority=20"
- "traefik.http.routers.cadvisor-01.entrypoints=http"
- "traefik.http.middlewares.cadvisor-01.redirectscheme.scheme=https" # redirect traffic to https
- "traefik.http.middlewares.cadvisor-01.redirectscheme.permanent=true" # redirect traffic to https
- "traefik.http.middlewares.def-cadvisor-01.headers.customrequestheaders.X-Forwarded-Server=host.example.com"
- "traefik.http.middlewares.def-cadvisor-01.headers.referrerPolicy=origin"
- "traefik.http.middlewares.def-cadvisor-01-auth.basicauth.users=USERNAME:PASSWORD"
- "traefik.http.routers.cadvisor-01.middlewares=https-redirect"
- "traefik.http.routers.cadvisor-01-secured.service=cadvisor-01-secured"
- "traefik.http.routers.cadvisor-01-secured.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
- "traefik.http.routers.cadvisor-01-secured.priority=20"
- "traefik.http.routers.cadvisor-01-secured.entrypoints=https"
- "traefik.http.routers.cadvisor-01-secured.tls.certresolver=le-tls" # use the Let's Encrypt certificate resolver
- "traefik.http.services.cadvisor-01-secured.loadbalancer.server.port=8080" # ask Traefik to search for port 8080
- "traefik.http.routers.cadvisor-01-secured.middlewares=secHeaders@file,def-cadvisor-01-auth,def-cadvisor-01,def-compress"
networks:
- "traefik-public"
networks:
traefik-public:
external: true`
健康检查有点棘手,它是在cAdvisor Docker文件中固定的URL,但是使用环境变量覆盖了它。
如您所见,我 运行ning cAdvisor 的路径为 /cadvisor/,因此我必须将其添加为命令选项“--url_base_prefix”并修改 CADVISOR_HEALTHCHECK_URL 环境变量。
Traefik 运行s作为反向代理,它监听443和80端口,我不想给public打开另一个端口比如8080,所以Traefik负责处理TLS 内容并从 http 重定向到 https。所以您不需要在您的 cAdvisor 定义中打开端口 8080 或公开端口 80!这将由 Traefik 处理。
Traefik 使用相同的 Docker 网络访问您的容器。
注意优先级设置!如果另一个 Traefik 服务处理根 URL,它必须具有较低的优先级。否则您的服务定义将永远不会匹配。
如果不允许 post URLs,我很抱歉,但也许它对某些人有用。我在 https://www.kuerbis.org/traefik-und-mehr/ 上写过介绍性文章——在其中一篇文章中,您会找到有关 Traefik 和 cAdvisor 的更多信息。它们是用德语写的,但我想 Google 翻译或类似的东西应该有帮助。
亲切的问候,
拉尔夫
我尝试使用 traefik 反向代理部署 google cAdvisor
正在运行的 nginx 配置
使用nginx docker-compose:
cadvisor:
container_name: cadvisor
build:
context: .
dockerfile: projects/cadvisor/Dockerfile
command:
- '-port=80'
- '-url_base_prefix=/admin/cadvisor'
volumes:
- "/:/rootfs:ro"
- "/var/run:/var/run:ro"
- "/sys:/sys:ro"
- "/var/lib/docker:/var/lib/docker:ro"
- "/dev/disk:/dev/disk:ro"
expose:
- 80
Nginx 配置:
location ~* /admin/cadvisor/.*$ {
proxy_pass http://cadvisor;
}
traefik 配置失败
cadvisor:
container_name:cadvisor
image: gcr.io/google-containers/cadvisor:latest
restart: always
privileged: true
networks:
- back-network
ports:
- "8080:8080"
command:
- '-url_base_prefix=/cadvisor'
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
labels:
- "traefik.http.routers.cadvisor.rule=Host(`localhost`) && PathPrefix(`/cadvisor`)"
- "traefik.http.services.cadvisor.loadbalancer.server.port=8080"
cAdvisor 的主要问题是重定向,这就是我们需要添加 url_base_prefix arg
但是之前的 docker-compose with traefik 不工作
我不知道如何将 location ~* /admin/cadvisor/.*$ 转换为 Traefik 配置
你在那里用 Nginx 做什么?它是否 运行 在主机上处理对其他服务的其他请求? cAdvisor 不需要 Nginx。
这是我当前安装的一个工作示例:
version: '3.8'
services:
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
restart: always
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
privileged: true
devices:
- "/dev/kmsg:/dev/kmsg"
command: --url_base_prefix=/cadvisor
environment:
- CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz
labels:
- "traefik.enable=true" # enable traefik
- "traefik.docker.network=traefik-public" # put it in the same network as traefik
- "traefik.constraint-label=traefik-public" # assign the same label as traefik so it can be discovered
- "traefik.http.routers.cadvisor-01.service=cadvisor-01-secured"
- "traefik.http.routers.cadvisor-01.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
- "traefik.http.routers.cadvisor-01.priority=20"
- "traefik.http.routers.cadvisor-01.entrypoints=http"
- "traefik.http.middlewares.cadvisor-01.redirectscheme.scheme=https" # redirect traffic to https
- "traefik.http.middlewares.cadvisor-01.redirectscheme.permanent=true" # redirect traffic to https
- "traefik.http.middlewares.def-cadvisor-01.headers.customrequestheaders.X-Forwarded-Server=host.example.com"
- "traefik.http.middlewares.def-cadvisor-01.headers.referrerPolicy=origin"
- "traefik.http.middlewares.def-cadvisor-01-auth.basicauth.users=USERNAME:PASSWORD"
- "traefik.http.routers.cadvisor-01.middlewares=https-redirect"
- "traefik.http.routers.cadvisor-01-secured.service=cadvisor-01-secured"
- "traefik.http.routers.cadvisor-01-secured.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
- "traefik.http.routers.cadvisor-01-secured.priority=20"
- "traefik.http.routers.cadvisor-01-secured.entrypoints=https"
- "traefik.http.routers.cadvisor-01-secured.tls.certresolver=le-tls" # use the Let's Encrypt certificate resolver
- "traefik.http.services.cadvisor-01-secured.loadbalancer.server.port=8080" # ask Traefik to search for port 8080
- "traefik.http.routers.cadvisor-01-secured.middlewares=secHeaders@file,def-cadvisor-01-auth,def-cadvisor-01,def-compress"
networks:
- "traefik-public"
networks:
traefik-public:
external: true`
健康检查有点棘手,它是在cAdvisor Docker文件中固定的URL,但是使用环境变量覆盖了它。 如您所见,我 运行ning cAdvisor 的路径为 /cadvisor/,因此我必须将其添加为命令选项“--url_base_prefix”并修改 CADVISOR_HEALTHCHECK_URL 环境变量。
Traefik 运行s作为反向代理,它监听443和80端口,我不想给public打开另一个端口比如8080,所以Traefik负责处理TLS 内容并从 http 重定向到 https。所以您不需要在您的 cAdvisor 定义中打开端口 8080 或公开端口 80!这将由 Traefik 处理。 Traefik 使用相同的 Docker 网络访问您的容器。
注意优先级设置!如果另一个 Traefik 服务处理根 URL,它必须具有较低的优先级。否则您的服务定义将永远不会匹配。
如果不允许 post URLs,我很抱歉,但也许它对某些人有用。我在 https://www.kuerbis.org/traefik-und-mehr/ 上写过介绍性文章——在其中一篇文章中,您会找到有关 Traefik 和 cAdvisor 的更多信息。它们是用德语写的,但我想 Google 翻译或类似的东西应该有帮助。
亲切的问候, 拉尔夫