The latest version of nginx-ingress-controller: 0.30.0 Case Study
Ingress high availability architecture is as follows:
Open https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml then download Raw mandatory.yaml, modify nginx-ingress-controller portion thereof
1, modify Deployment is DaemonSet, and comment out the number of copies
2, enable hostNetwork network, and run specified node
hostNetwork exposure of ingress-nginx controller port to a host of related businesses, other hosts on the network where the host node of this node, this application can be accessed through the port.
Add ingress-controller = true tag previously designated node nodeSelector
3, the mirror address modification
4, increased tolerance master node (optional)
tolerations: # increase tolerance, can be assigned to the master node - Key: " node-role.kubernetes.io/master " operator : " the Exists " Effect: " NoSchedule "
After modification:
apiVersion: apps/v1 #kind: Deployment kind: DaemonSet metadata: name: nginx-ingress-controller namespace: ingress-nginx labels: k8s-app: ingress-controller spec: #replicas: 1 selector: matchLabels: k8s-app: ingress-controller template: metadata: labels: k8s-app: ingress-controller annotations: prometheus.io/port: "10254" prometheus.io/scrape: "true" spec: # wait up to five minutes for the drain of connections terminationGracePeriodSeconds: 300 serviceAccountName: nginx-ingress-serviceaccount hostNetwork: true nodeSelector: ingress-controller: "true"
tolerations: # increase tolerance, can be assigned to the master node
- Key: "node-role.kubernetes.io/master"
operator: "the Exists"
Effect: "NoSchedule"
containers: - name: nginx-ingress-controller image: registry-vpc.cn-beijing.aliyuncs.com/base/nginx-ingress-controller:0.30.0 args: - /nginx-ingress-controller - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: allowPrivilegeEscalation: true capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 101 runAsUser: 101 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 lifecycle: Transfers: exec: command: - /wait-shutdown
Node tagging:
# kubectl label node master-92 ingress-controller="true"