kubernetes版本 | nginx-ingress-controller版本 |
---|---|
1.18.18 | 0.45.0 |
下载所需的 yaml 文件官方说明:
mkdir ~/ingress && cd ~/ingress
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.45.0/deploy/static/provider/baremetal/deploy.yaml
修改配置文件
这里演示的是高可用的 nginx-ingress-controller 服务。
# 在 ingress-nginx-controller 容器的 deploy.spec 添加 replicas: 2
spec:
replicas: 2
将原本的 nodeport 修改成 clusterIP
# 在 ingress-nginx-controller service的 svc.spec 注释掉 type: NodePort
spec:
# type: NodePort
将容器端口映射到宿主机
# 在 ingress-nginx-controller 容器的 deploy.spec.template.spec 添加 hostNetwork: true
spec:
hostNetwork: true
# 在 ingress-nginx-controller 容器的 deploy.spec.template.spec.containers.ports 添加 hostPost 字段
ports:
- name: http
containerPort: 80 # 添加的字段
hostPort: 80
protocol: TCP
- name: https
containerPort: 443 # 添加的字段
hostPort: 443
protocol: TCP
- name: webhook
containerPort: 8443
protocol: TCP
修改DNS的策略
# 在 ingress-nginx-controller 容器的 deploy.spec.template.spec 修改 dnsPolicy
spec:
dnsPolicy: ClusterFirstWithHostNet
修改下载镜像路径
# 在 ingress-nginx-controller 容器的 deploy.spec.template.spec.containers 修改 image 字段
containers:
- name: controller
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v0.45.0
启动服务
$ kubectl apply -f deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
$ kubectl -n ingress-nginx get pod
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-vgvgz 0/1 Completed 0 48s
ingress-nginx-admission-patch-m2kg7 0/1 Completed 0 48s
ingress-nginx-controller-656cf6c7fd-26dpt 1/1 Running 0 48s
ingress-nginx-controller-656cf6c7fd-nvvz9 1/1 Running 0 48s
指定 pod 调度特定节点
# 节点添加标签
kubectl label node k8s-node02 kubernetes.io/ingress=nginx
kubectl label node k8s-node03 kubernetes.io/ingress=nginx
# 在 ingress-nginx-controller 容器的 deploy.spec.template.spec 添加 nodeSelector
nodeSelector:
matchLabels:
kubernetes.io/ingress: nginx
# 在 ingress-nginx-controller 容器的 deploy.spec.template.spec 添加 affinity
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
topologyKey: kubernetes.io/hostname
验证