介绍


使用官方默认的mandatory.yaml去部署 nginx-ingress-controller,默认为 Deployment + Nodeport 模式,启动 nginx-ingress-controller 后,先使用 kubectl get pod -A -o wide grep nginx-ingress-controller 查看 nginx-ingress-controller 部署到哪个节点上了,再去 给ingress 创建一个 nodeport 服务,这种方式将集群内部的服务暴露出去。如果这个ingress-nginx出现了故障,将导致整个集群不可用。

本文介绍一种DaemonSet+HostNetwork+nodeSelector方式搭建的多ingress-nginx实例高可用集群。

下载 nginx-ingress-controller 配置


mandatory.yaml 地址,下载默认的配置

https://github.com/leenhem/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml

修改 mandatory.yaml 配置为 DaemonSet


Deployment可能会把多个pod调度到同一个node,那就失去高可用的意义了。而DaemonSet在一个节点上只会有一个Pod,符合我们的要求。

kind: Deployment #修改为 DaemonSet
kind: DaemonSet

修改 mandatory.yaml 配置为 nodeSelector


首先,给要部署 ingress 的节点打上标签 isIngress=“true”

#打标签
kubectl label node k8s-node242 isIngress=”true”

启用hostNetwork网络,并指定运行节点

  nodeSelector:
    isIngress: "true"  # 此处添加一行 isIngress: "true" 配置,选择 node 节点
    kubernetes.io/os: linux

修改 mandatory.yaml 配置为 hostNetwork


启用hostNetwork网络,是为了打通Cluster和node的网络,让Cluster直接监听node的端口,一般是80和443,不用再通过随机绑定的nodePort来访问集群服务

spec:
  hostNetwork: true  # 此处添加一行 hostNetwork 配置
  # wait up to five minutes for the drain of connections
  terminationGracePeriodSeconds: 300

创建 nginx-ingress-controller 服务


[root@k8s-master01 ingress]# kubectl apply -f nginx30-mandatory-deamonset.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created

在这里插入图片描述

hostNetwork: true 自动打通Cluster和node的网络

在这里插入图片描述

高可用,参考下图


在这里插入图片描述