随着微服务架构的普及,Kubernetes 成为了许多现代应用程序的基础平台。Ingress 控制器作为 Kubernetes 集群的一个重要组成部分,负责管理进入集群的 HTTP 和 HTTPS 流量,通过路由规则将请求转发到不同的服务。为了保证系统的高可用性和稳定性,部署一个可靠的 Ingress 控制器至关重要。本文将指导您如何使用 Helm 包管理器来部署一个高可用的 Ingress 控制器,从而简化您的流量管理任务。
ingress-nginx
| Supported | Ingress-NGINX version | k8s supported version | Alpine Version | Nginx Version | Helm Chart Version |
|---|---|---|---|---|---|
| 🔄 | v1.11.2 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.2 |
| 🔄 | v1.11.1 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.1 |
| 🔄 | v1.11.0 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.11.0 |
| 🔄 | v1.10.4 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.4 |
| 🔄 | v1.10.3 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.3 |
| 🔄 | v1.10.2 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.20.0 | 1.25.5 | 4.10.2 |
| 🔄 | v1.10.1 | 1.30, 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.1 |
| 🔄 | v1.10.0 | 1.29, 1.28, 1.27, 1.26 | 3.19.1 | 1.25.3 | 4.10.0 |
| v1.9.6 | 1.29, 1.28, 1.27, 1.26, 1.25 | 3.19.0 | 1.21.6 | 4.9.1 | |
| v1.9.5 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.9.0 | |
| v1.9.4 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.3 | |
| v1.9.3 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | |
| v1.9.1 | 1.28, 1.27, 1.26, 1.25 | 3.18.4 | 1.21.6 | 4.8.* | |
| v1.9.0 | 1.28, 1.27, 1.26, 1.25 | 3.18.2 | 1.21.6 | 4.8.* | |
| v1.8.4 | 1.27, 1.26, 1.25, 1.24 | 3.18.2 | 1.21.6 | 4.7.* | |
| v1.7.1 | 1.27, 1.26, 1.25, 1.24 | 3.17.2 | 1.21.6 | 4.6.* | |
| v1.6.4 | 1.26, 1.25, 1.24, 1.23 | 3.17.0 | 1.21.6 | 4.5.* | |
| v1.5.1 | 1.25, 1.24, 1.23 | 3.16.2 | 1.21.6 | 4.4.* | |
| v1.4.0 | 1.25, 1.24, 1.23, 1.22 | 3.16.2 | 1.19.10† | 4.3.0 | |
| v1.3.1 | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2 | 1.19.10† | 4.2.5 |
Tip:摘抄GitHub ingress-nginx项目说明,具体链接地址。请查看下面的参考文档
部署高可用思路:
ingress-nginx部署两个副本数,使用pod反亲和。将两个pod调度到不同的节点上。
ingress-nginx前面挂一个负载均衡器,流量平分两个副本上
1、下载ingress-nginx chart包
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
"ingress-nginx" has been added to your repositories
$ helm pull ingress-nginx/ingress-nginx --untar --untardir /etc/kubernetes/addons --version 4.11.2
2、部署 ingress-nginx 配置文件
$ cat<<'EOF' | sudo tee /etc/kubernetes/addons/ingress-nginx-value.yml > /dev/null
controller:
# 两个副本数
replicaCount: 2
# 部署模式
kind: Deployment
image:
registry: 172.139.20.170:5000
image: library/controller
tag: "v1.11.2"
digest: ''
# pod反亲和
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
# 标签选择器
nodeSelector:
ingress-nginx: controller
# service配置
service:
type: NodePort
externalTrafficPolicy: Local
nodePorts:
http: "30080"
https: "30443"
# 配置metrics采集
metrics:
enabled: true
port: 10254
# 优雅推出
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
admissionWebhooks:
patch:
enabled: true
image:
registry: 172.139.20.170:5000
image: library/kube-webhook-certgen
tag: 'v1.4.3'
digest: ''
EOF
3、部署ingress-nginx
$ kubectl label node k8s-node01 ingress-nginx=controller
node/k8s-node01 labeled
$ kubectl label node k8s-node02 ingress-nginx=controller
node/k8s-node02 labeled
$ helm install -n kube-system ingress-nginx -f /etc/kubernetes/addons/ingress-nginx-value.yml /etc/kubernetes/addons/ingress-nginx
1、负载ingress-nginx流量
listen ingress-http-tcp
bind *:80
server ingress01 172.139.20.175:30080 maxconn 32 check
server ingress02 172.139.20.75:30080 maxconn 32 check
listen ingress-https-tcp
bind *:443
server ingress01 172.139.20.175:30443 maxconn 32 check
server ingress02 172.139.20.75:30443 maxconn 32 check
Tip:使用负载apiserver的haproxy服务上,添加以上配置即可
2、修改docker-compose文件
$ cat /etc/haproxy/docker-compose.yml
name: haproxy
services:
haproxy:
container_name: haproxy
image: haproxy:2.9-alpine
restart: always
volumes:
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
ports:
# 添加以下4行配置
- 80:80
- 443:443
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
Tip:net.ipv4.ip_unprivileged_port_start=0参数,需要内核4.x版本
3、重启haproxy服务
$ sudo docker-compose -f /etc/haproxy/docker-compose.yml restart
1、验证pod状态
$ kubectl -n kube-system get pod -l app.kubernetes.io/instance=ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-579f7d8f4-8jmlw 1/1 Running 0 3h42m
ingress-nginx-controller-579f7d8f4-tf5wc 1/1 Running 0 3h42m
2、验证服务是否可用
ingress-nginx官方文档:
https://kubernetes.github.io/ingress-nginx/
https://github.com/kubernetes/ingress-nginx?tab=readme-ov-file#supported-versions-table
通过 Helm 部署高可用的 Ingress 控制器不仅简化了配置流程,还增强了系统的健壮性。无论是在开发还是生产环境中,这样的部署方式都能帮助我们更好地管理应用的流量,确保服务的连续性和可靠性。
别忘了,关注我们的公众号,获取更多关于容器技术和云原生领域的深度洞察和技术实战,让我们携手在技术的海洋中乘风破浪!
