Ingress-Nginx availability

The latest version of nginx-ingress-controller: 0.30.0 Case Study 

Ingress high availability architecture is as follows:

 

Open  https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml  then download Raw mandatory.yaml, modify nginx-ingress-controller portion thereof

1, modify Deployment is DaemonSet, and comment out the number of copies

2, enable hostNetwork network, and run specified node

hostNetwork exposure of ingress-nginx controller port to a host of related businesses, other hosts on the network where the host node of this node, this application can be accessed through the port.

Add ingress-controller = true tag previously designated node nodeSelector

3, the mirror address modification

4, increased tolerance master node (optional)

tolerations: # increase tolerance, can be assigned to the master node
       - Key: " node-role.kubernetes.io/master " 
        operator : " the Exists " 
        Effect: " NoSchedule "

 

After modification:

apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
  labels:
    k8s-app: ingress-controller
spec:
  #replicas: 1
  selector:
    matchLabels:
      k8s-app: ingress-controller
  template:
    metadata:
      labels:
        k8s-app: ingress-controller
      annotations:
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
    spec:
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300
      serviceAccountName: nginx-ingress-serviceaccount
      hostNetwork: true
      nodeSelector:
        ingress-controller: "true"

        tolerations: # increase tolerance, can be assigned to the master node
          - Key: "node-role.kubernetes.io/master"
            operator: "the Exists"
            Effect: "NoSchedule"

       containers:
        - name: nginx-ingress-controller
          image: registry-vpc.cn-beijing.aliyuncs.com/base/nginx-ingress-controller:0.30.0
          args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
            - --annotations-prefix=nginx.ingress.kubernetes.io
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            # www-data -> 101
            runAsUser: 101
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: https
              containerPort: 443
              protocol: TCP
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          lifecycle:
            Transfers:
              exec:
                command:
                  - /wait-shutdown

 

Node tagging:

# kubectl label node master-92 ingress-controller="true"