1、說明準備
nginx-ingress 三種不同的部署模式
- Deployment+LoadBalancer
採用deployment進行部署nginx-ingress-controller,需要建立一個type:LoadBalancer的service進行關聯nginx-ingress-controller這組pod。通常是在使用公有云進行建立負載均衡器並繫結公網地址。只要將域名解析指向該地址,即可實現叢集服務的對外訪問。
- Deployment+NodePort
採用deployment進行部署nginx-ingress-controller,需要建立一個type:NodePort的service進行關聯nginx-ingress-controller這組pod。ingress暴露在叢集節點ip的特定埠上。由於nodeport暴露的埠是隨機埠,一般會在前面再搭建一套負載均衡器來轉發請求。改方式一般用於宿主機是相對固定的環境ip地址不變的場景。
- DaemonSet+HostNetwork
用DaemonSet 結合nodeselector來部署ingress-controller到特定的Node上。然後使用HostNetwork直接把該pod與宿主機node的網路打通,直接使用宿主機的80/443埠就能訪問服務。該方式整個請求鏈路最簡單,效能相對nodeport模式更好。缺點是由於直接利用宿主機節點的網路和埠,一個node只能部署一個ingress-controller pod。比較適合大併發的生產環境使用
2、二進位制安裝helm
helm官方文件
helm-v3.14.3下載
下載 需要的版本
$ tar -zxvf helm-v3.14.3-linux-amd64.tar.gz
在解壓目錄中找到helm程式,移動到需要的目錄中
$ mv linux-amd64/helm /usr/local/bin/helm
3、新增nginx-ingress-controller repo
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm search repo ingress-nginx
NAME CHART VERSION APP VERSION DESCRIPTION
ingress-nginx/ingress-nginx 4.10.0 1.10.0 Ingress controller for Kubernetes using NGINX a...
$ helm pull ingress-nginx/ingress-nginx --version 4.10.0
由於無法拉取包的網路問題,透過指令碼進行下載helm相關的chart包
ingress-nginx-4.10.0 helm 下載
4、修改values.yaml檔案
4.1、修改映象倉庫
......省略......
controller:
name: controller
enableAnnotationValidations: false
image:
## Keep false as default for now!
chroot: false
#registry: registry.k8s.io
registry: registry.aliyuncs.com
image: google_containers/nginx-ingress-controller
....再省略...........
patch:
enabled: true
image:
registry: registry.aliyuncs.com
image: google_containers/kube-webhook-certgen
tag: v1.4.0
#digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 註釋掉
pullPolicy: IfNotPresent
4.2、修改hostNetwork
hostNetwork: true
4.3、修改dnsPolicy
dnsPolicy: ClusterFirstWithHostNet
4.4、修改kind型別
kind: DaemonSet
4.5、修改nodePort
type: NodePort
.........省略,這裡有倆個nodePorts修改.......
nodePorts:
# -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
http: "80"
# -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
https: "443"
這裡修改為80和443埠,同時要進行修改kube-api.yaml中的引數,增加引數:
#主節點的kube-api都要進行修改,這樣就能支援80和443,否則在安裝過程中會提示埠範圍問題
$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --service-node-port-range=1-65535
$ systemctl daemon-reload
$ systemctl restart kubelet
5、安裝ingress-nginx
在ingress-nginx目錄中
$ kubectl create ns ingress-nginx
$ helm install ingress-nginx -n ingress-nginx . #安裝
$ helm uninstall ingress-nginx -n ingress-nginx #解除安裝
[root@K8SMS0001 ingress-nginx]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-7mgtk 1/1 Running 0 96m
ingress-nginx-controller-gtdsb 1/1 Running 0 96m
ingress-nginx-controller-rnvhl 1/1 Running 0 96m
[root@K8SMS0001 ingress-nginx]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.179.151 <none> 80:80/TCP,443:443/TCP 97m
ingress-nginx-controller-admission ClusterIP 10.96.138.59 <none> 443/TCP 97m