Ingress-Nginx 安装 高可用

Ingress-Nginx 安装 高可用

• • • 介绍
    • 下载 nginx-ingress-controller 配置
    • 修改 mandatory.yaml 配置为 DaemonSet
    • 修改 mandatory.yaml 配置为 nodeSelector
    • 修改 mandatory.yaml 配置为 hostNetwork
    • 创建 nginx-ingress-controller 服务
    • hostNetwork: true 自动打通Cluster和node的网络
    • 高可用，参考下图

介绍

---

使用官方默认的mandatory.yaml去部署 nginx-ingress-controller，默认为 Deployment + Nodeport 模式，启动 nginx-ingress-controller 后，先使用 kubectl get pod -A -o wide |grep nginx-ingress-controller 查看 nginx-ingress-controller 部署到哪个节点上了，再去 给ingress 创建一个 nodeport 服务，这种方式将集群内部的服务暴露出去。如果这个ingress-nginx出现了故障，将导致整个集群不可用。

本文介绍一种DaemonSet+HostNetwork+nodeSelector方式搭建的多ingress-nginx实例高可用集群。

下载 nginx-ingress-controller 配置

---

mandatory.yaml 地址，下载默认的配置

https://github.com/leenhem/ingress-nginx/blob/nginx-0.30.0/deploy/static/mandatory.yaml

修改 mandatory.yaml 配置为 DaemonSet

---

Deployment可能会把多个pod调度到同一个node，那就失去高可用的意义了。而DaemonSet在一个节点上只会有一个Pod，符合我们的要求。

kind: Deployment #修改为 DaemonSet
kind: DaemonSet

修改 mandatory.yaml 配置为 nodeSelector

---

首先，给要部署 ingress 的节点打上标签 isIngress=“true”

#打标签
kubectl label node k8s-node242 isIngress="true"

启用hostNetwork网络，并指定运行节点

      nodeSelector:
        isIngress: "true"  # 此处添加一行 isIngress: "true" 配置,选择 node 节点
        kubernetes.io/os: linux

修改 mandatory.yaml 配置为 hostNetwork

---

启用hostNetwork网络，是为了打通Cluster和node的网络，让Cluster直接监听node的端口，一般是80和443，不用再通过随机绑定的nodePort来访问集群服务

    spec:
      hostNetwork: true  # 此处添加一行 hostNetwork 配置
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300

创建 nginx-ingress-controller 服务

---

[root@k8s-master01 ingress]# kubectl apply -f nginx30-mandatory-deamonset.yaml 
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role
role.rbac.authorization.k8s.io/nginx-ingress-role created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
daemonset.apps/nginx-ingress-controller created
limitrange/ingress-nginx created

hostNetwork: true 自动打通Cluster和node的网络

高可用，参考下图

---

CSDN_码404：Ingress-Nginx 安装 高可用

标签：Ingress,nginx,ingress,rbac,Nginx,io,k8s,安装,authorization
来源： https://blog.csdn.net/leenhem/article/details/122338341