1、说明准备
nginx-ingress 三种不同的部署模式
- Deployment+LoadBalancer
采用deployment进行部署nginx-ingress-controller,需要创建一个type:LoadBalancer的service进行关联nginx-ingress-controller这组pod。通常是在使用公有云进行创建负载均衡器并绑定公网地址。只要将域名解析指向该地址,即可实现集群服务的对外访问。
- Deployment+NodePort
采用deployment进行部署nginx-ingress-controller,需要创建一个type:NodePort的service进行关联nginx-ingress-controller这组pod。ingress暴露在集群节点ip的特定端口上。由于nodeport暴露的端口是随机端口,一般会在前面再搭建一套负载均衡器来转发请求。改方式一般用于宿主机是相对固定的环境ip地址不变的场景。
- DaemonSet+HostNetwork
用DaemonSet 结合nodeselector来部署ingress-controller到特定的Node上。然后使用HostNetwork直接把该pod与宿主机node的网络打通,直接使用宿主机的80/443端口就能访问服务。该方式整个请求链路最简单,性能相对nodeport模式更好。缺点是由于直接利用宿主机节点的网络和端口,一个node只能部署一个ingress-controller pod。比较适合大并发的生产环境使用
2、二进制安装helm
下载 需要的版本
$ tar -zxvf helm-v3.14.3-linux-amd64.tar.gz
在解压目录中找到helm程序,移动到需要的目录中
$ mv linux-amd64/helm /usr/local/bin/helm
3、添加nginx-ingress-controller repo
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm search repo ingress-nginx
NAME CHART VERSION APP VERSION DESCRIPTION
ingress-nginx/ingress-nginx 4.10.0 1.10.0 Ingress controller for Kubernetes using NGINX a...
$ helm pull ingress-nginx/ingress-nginx --version 4.10.0
由于无法拉取包的网络问题,通过脚本进行下载helm相关的chart包
4、修改values.yaml文件
4.1、修改镜像仓库
......省略......
controller:
name: controller
enableAnnotationValidations: false
image:
## Keep false as default for now!
chroot: false
#registry: registry.k8s.io
registry: registry.aliyuncs.com
image: google_containers/nginx-ingress-controller
....再省略...........
patch:
enabled: true
image:
registry: registry.aliyuncs.com
image: google_containers/kube-webhook-certgen
tag: v1.4.0
#digest: sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 注释掉
pullPolicy: IfNotPresent
4.2、修改hostNetwork
hostNetwork: true
4.3、修改dnsPolicy
dnsPolicy: ClusterFirstWithHostNet
4.4、修改kind类型
kind: DaemonSet
4.5、修改nodePort
type: NodePort
.........省略,这里有俩个nodePorts修改.......
nodePorts:
# -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
http: "80"
# -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
https: "443"
这里修改为80和443端口,同时要进行修改kube-api.yaml中的参数,增加参数:
#主节点的kube-api都要进行修改,这样就能支持80和443,否则在安装过程中会提示端口范围问题
$ vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --service-node-port-range=1-65535
$ systemctl daemon-reload
$ systemctl restart kubelet
5、安装ingress-nginx
在ingress-nginx目录中
$ kubectl create ns ingress-nginx
$ helm install ingress-nginx -n ingress-nginx . #安装
$ helm uninstall ingress-nginx -n ingress-nginx #卸载
[root@K8SMS0001 ingress-nginx]# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-7mgtk 1/1 Running 0 96m
ingress-nginx-controller-gtdsb 1/1 Running 0 96m
ingress-nginx-controller-rnvhl 1/1 Running 0 96m
[root@K8SMS0001 ingress-nginx]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.179.151 <none> 80:80/TCP,443:443/TCP 97m
ingress-nginx-controller-admission ClusterIP 10.96.138.59 <none> 443/TCP 97m