背景:

1、业务有个性化需求,例如需要在nginx 上面部署agent 分析日志并做告警,但该业务不关注其他业务的日志

2、每次业务变更,nginx worker进程都得执行reload。随着业务体量增加,reload会越来越频繁,拆分ingress 可以有效避免业务互相影响


# 为机器加上不同的标签,如azone/bzone 用来区分A专区跟B专区

kubectl label node test-node-1.1.1.1 ingress-role="azone" 

kubectl label node test-node-2.2.2.2 ingress-role="bzone"


# 创建ingress

root@ubuntu:/home/test# kubectl apply -f nginx-ingress-controller-ds-azone.yml 

root@ubuntu:/home/test# kubectl apply -f nginx-ingress-controller-ds-bzone.yml


# 查看部署ingress实例

root@ubuntu:/home/test# kubectl get pod -n kube-system -o wide |grep nginx 

azone-nginx-ingress-controller-d92zq      1/1       Running   0          2m        10.26.129.21     test-node-1.1.1.1

bzone-nginx-ingress-controller-dswv9   1/1       Running   0          2m        10.26.129.22    test-node-2.2.2.2


# nginx-controller 配置如下

apiVersion: extensions/v1beta1

kind: DaemonSet

metadata:

  name: azone-nginx-ingress-controller

  labels:

    app: ingress-nginx

  namespace: kube-system

spec:

  template:

    metadata:

      labels:

        app: ingress-nginx

      annotations:

        prometheus.io/scrape: "true"

        prometheus.io/port: "10254"

        prometheus.io/type: "ingress-nginx"

    spec:

      hostNetwork: true

      tolerations:

      - key: "node-role.kubernetes.io/ingress"

        operator: "Equal"

        value: "true"

        effect: "NoSchedule"

      nodeSelector:

        node-role.kubernetes.io/ingress: "true"

        ingress-role: "azone"                        # 添加指定标签,绑定固定部署机器

      serviceAccountName: admin

      containers:

        - name: azone-nginx-ingress-controller

          image: registry.cn-hangzhou.aliyuncs.com/test/ingress-controller:0.15.0-10

          args:

            - /nginx-ingress-controller

            - --default-backend-service=$(POD_NAMESPACE)/default-http-backend

            - --configmap=$(POD_NAMESPACE)/nginx-configuration

            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services

            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services

            - --publish-service=$(POD_NAMESPACE)/ingress-nginx

            - --annotations-prefix=nginx.ingress.kubernetes.io

            - --v=2

            - --enable-dynamic-configuration=true

            - --ingress-class=azone                # 指定ingress-class 属性

          env:

            - name: POD_NAME

              valueFrom:

                fieldRef:

                  fieldPath: metadata.name

            - name: COLLECT_LOG_DOCKER_DATA_WEBLOG

              value: "true"

            - name: POD_NAMESPACE

              valueFrom:

                fieldRef:

                  fieldPath: metadata.namespace

          ports:

          - name: http

            containerPort: 80

          - name: https

            containerPort: 443

  

          volumeMounts:

          - name: localtime-config

            mountPath: /etc/localtime

          livenessProbe:

            failureThreshold: 3

            httpGet:

              path: /healthz

              port: 10254

              scheme: HTTP

            initialDelaySeconds: 10

            periodSeconds: 10

            successThreshold: 1

            timeoutSeconds: 1

          readinessProbe:

            failureThreshold: 3

            httpGet:

              path: /healthz

              port: 10254

              scheme: HTTP

            periodSeconds: 10

            successThreshold: 1

            timeoutSeconds: 1

      volumes:

        - name: localtime-config

          hostPath:

            path: /etc/localtime



# 创建 ingress,配置里面绑定class

root@ubuntu:/home/test# cat azone-test.aaa.com-ingress.yml

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: azone-test-ingress-https

  annotations:

    kubernetes.io/ingress.class: "azone"                    # 绑定ingress-class

    nginx.ingress.kubernetes.io/ssl-redirect: "false"

spec:

  rules:

  - host: azone-test.aaa.com

    http:

      paths:

      - path: /

        backend:

          serviceName: azone-test-svc

          servicePort: 80


# 查看绑定情况

root@ubuntu:/home/wuguihong1# kubectl -n kube-system get pod -o wide|grep nginx

azone-ingress-controller-d92zq    1/1       Running   0          16h       10.26.129.21    test-node-1.1.1.1

bzone-ingress-controller-62458   1/1       Running   0          15h       10.26.129.22    test-node-2.2.2.2



root@ubuntu:/home/test# kubectl -n kube-system exec  azone-ingress-controller-d92zq cat /etc/nginx/nginx.conf |grep azone-test.aaa.com

server_name azone-test.aaa.com ;


root@ubuntu:/home/test# kubectl -n kube-system exec bzone-ingress-controller-62458  cat /etc/nginx/nginx.conf|grep azone-test.aaa.com


可以看到2台node节点上各运行一个ingress-controller , 并且azone 上面绑定了azone-test.aaa.com 的域名,而bzone 上面没绑定


参考资料:

Multiple Ingress controllers

https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/