k8s之nginx-ingress、 Daemonset實現生產案例

本文轉載自查看原文 2019-06-16 11:33 1242 docker&k8s

上一篇中用node ip + 非80端口,訪問k8s集群內部的服務.實際生產中更希望用node ip + 80端口的方式,訪問k8s集群內的服務.

# 修改mandatory.yaml中創建控制器部分的內容
apiVersion: apps/v1
kind: Daemonset
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
spec:
  selector:
    matchLabels:
      app: ingress-nginx
  template:
    metadata:
      labels:
        app: ingress-nginx
      annotations:
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
    spec:
      serviceAccountName: nginx-ingress-serviceaccount
      hostNetwork: true
      containers:
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1
          args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
            - --annotations-prefix=nginx.ingress.kubernetes.io
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            # www-data -> 33
            runAsUser: 33
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
      nodeSelector:
        custom/ingress-controller-ready: "true"

修改了這幾處:

將deployment改為DaemonSet;刪掉replicas;

將之前的標簽改的簡單點--app: ingress-nginx;

hostNetwork: true,添加該字段,使pod共享宿主機網絡,暴露所監聽的端口;

nodeSelector: 有custom/ingress-controller-ready標簽的節點才會部署該pod.

# 給節點打標簽
kubectl label nodes k8s-node1 custom/ingress-controller-ready=true
kubectl label nodes k8s-node2 custom/ingress-controller-ready=true

# 通過Ingress把myapp-svc發布出去,這部分內容沒發生變化
cat ingress-myapp.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: myapp.lixiang.com
    http:
      paths: 
      - path: /
        backend:
          serviceName: myapp-svc
          servicePort: 80
kubectl apply -f test-ingress.yaml
常規做法是在node1和node2這兩個節點上安裝keepalive,生成一個vip,在dns上把域名和vip做映射.

參考博客:http://blog.itpub.net/28916011/viewspace-2214747/

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 k8s nginx-ingress 504 timeout k8s ingress使用DaemonSet部署 k8s nginx-ingress 上傳文件大小限制【K8s教程】使用Helm部署Nginx Ingress控制器（DaemonSet hostNetwork 模式） K8s Nginx Ingress 介紹 k8s nginx ingress配置TLS k8s部署ingress-nginx k8s~為服務添加ingress的實現 k8s——ingress K8S 部署 ingress-nginx (三) 啟用 https