背景:
1、业务有个性化需求,例如需要在nginx 上面部署agent 分析日志并做告警,但该业务不关注其他业务的日志
2、每次业务变更,nginx worker进程都得执行reload。随着业务体量增加,reload会越来越频繁,拆分ingress 可以有效避免业务互相影响
# 为机器加上不同的标签,如azone/bzone 用来区分A专区跟B专区
kubectl label node test-node-1.1.1.1 ingress-role="azone"
kubectl label node test-node-2.2.2.2 ingress-role="bzone"
# 创建ingress
root@ubuntu:/home/test# kubectl apply -f nginx-ingress-controller-ds-azone.yml
root@ubuntu:/home/test# kubectl apply -f nginx-ingress-controller-ds-bzone.yml
# 查看部署ingress实例
root@ubuntu:/home/test# kubectl get pod -n kube-system -o wide |grep nginx
azone-nginx-ingress-controller-d92zq 1/1 Running 0 2m 10.26.129.21 test-node-1.1.1.1
bzone-nginx-ingress-controller-dswv9 1/1 Running 0 2m 10.26.129.22 test-node-2.2.2.2
# nginx-controller 配置如下
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: azone-nginx-ingress-controller
labels:
app: ingress-nginx
namespace: kube-system
spec:
template:
metadata:
labels:
app: ingress-nginx
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
prometheus.io/type: "ingress-nginx"
spec:
hostNetwork: true
tolerations:
- key: "node-role.kubernetes.io/ingress"
operator: "Equal"
value: "true"
effect: "NoSchedule"
nodeSelector:
node-role.kubernetes.io/ingress: "true"
ingress-role: "azone" # 添加指定标签,绑定固定部署机器
serviceAccountName: admin
containers:
- name: azone-nginx-ingress-controller
image: registry.cn-hangzhou.aliyuncs.com/test/ingress-controller:0.15.0-10
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --v=2
- --enable-dynamic-configuration=true
- --ingress-class=azone # 指定ingress-class 属性
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: COLLECT_LOG_DOCKER_DATA_WEBLOG
value: "true"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
volumeMounts:
- name: localtime-config
mountPath: /etc/localtime
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumes:
- name: localtime-config
hostPath:
path: /etc/localtime
# 创建 ingress,配置里面绑定class
root@ubuntu:/home/test# cat azone-test.aaa.com-ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: azone-test-ingress-https
annotations:
kubernetes.io/ingress.class: "azone" # 绑定ingress-class
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: azone-test.aaa.com
http:
paths:
- path: /
backend:
serviceName: azone-test-svc
servicePort: 80
# 查看绑定情况
root@ubuntu:/home/wuguihong1# kubectl -n kube-system get pod -o wide|grep nginx
azone-ingress-controller-d92zq 1/1 Running 0 16h 10.26.129.21 test-node-1.1.1.1
bzone-ingress-controller-62458 1/1 Running 0 15h 10.26.129.22 test-node-2.2.2.2
root@ubuntu:/home/test# kubectl -n kube-system exec azone-ingress-controller-d92zq cat /etc/nginx/nginx.conf |grep azone-test.aaa.com
server_name azone-test.aaa.com ;
root@ubuntu:/home/test# kubectl -n kube-system exec bzone-ingress-controller-62458 cat /etc/nginx/nginx.conf|grep azone-test.aaa.com
可以看到2台node节点上各运行一个ingress-controller , 并且azone 上面绑定了azone-test.aaa.com 的域名,而bzone 上面没绑定
参考资料:
Multiple Ingress controllers
https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。