Ingress-Nginx 安装 高可用

介绍


使用官方默认的mandatory.yaml去部署 nginx-ingress-controller,默认为 Deployment + Nodeport 模式,启动 nginx-ingress-controller 后,先使用 kubectl get pod -A -o wide |grep nginx-ingress-controller 查看 nginx-ingress-controller 部署到哪个节点上了,再去 给ingress 创建一个 nodeport 服务,这种方式将集群内部的服务暴露出去。如果这个ingress-nginx出现了故障,将导致整个集群不可用。

本文介绍一种DaemonSet+HostNetwork+nodeSelector方式搭建的多ingress-nginx实例高可用集群。

下载 nginx-ingress-controller 配置


mandatory.yaml 地址,下载默认的配置

https://github.com/leenhem/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml

修改 mandatory.yaml 配置为 DaemonSet


Deployment可能会把多个pod调度到同一个node,那就失去高可用的意义了。而DaemonSet在一个节点上只会有一个Pod,符合我们的要求。

kind: Deployment #修改为 DaemonSet
kind: DaemonSet

修改 mandatory.yaml 配置为 nodeSelector


首先,给要部署 ingress 的节点打上标签 isIngress=“true”

#打标签
kubectl label node k8s-node242 isIngress="true"

启用hostNetwork网络,并指定运行节点

      nodeSelector:
        isIngress: "true"  # 此处添加一行 isIngress: "true" 配置,选择 node 节点
        kubernetes.io/os: linux

修改 mandatory.yaml 配置为 hostNetwork


启用hostNetwork网络,是为了打通Cluster和node的网络,让Cluster直接监听node的端口,一般是80和443,不用再通过随机绑定的nodePort来访问集群服务

    spec:
      hostNetwork: true  # 此处添加一行 hostNetwork 配置
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300

创建 nginx-ingress-controller 服务


[root@k8s-master01 ingress]# kubectl apply -f nginx30-mandatory-deamonset.yaml 
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created
在这里插入图片描述

hostNetwork: true 自动打通Cluster和node的网络

在这里插入图片描述

高可用,参考下图


在这里插入图片描述

版权声明:本文为作者原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原创文章,作者:老C,如若转载,请注明出处:https://www.code404.icu/1554.html

发表评论

登录后才能评论