2. 程式人生 > >ingress高可用--使用DaemonSet方式部署ingress-nginx

ingress高可用--使用DaemonSet方式部署ingress-nginx

阿新 發佈:2018-12-01

前言

為了配置kubernetes中的ingress的高可用,對於kubernetes叢集以外只暴露一個訪問入口,需要使用keepalived排除單點問題。需要使用daemonset方式將ingress-controller部署在邊緣節點上。

邊緣節點

首先解釋下什麼叫邊緣節點(Edge Node),所謂的邊緣節點即叢集內部用來向叢集外暴露服務能力的節點,叢集外部的服務通過該節點來呼叫叢集內部的服務,邊緣節點是叢集內外交流的一個Endpoint。

邊緣節點要考慮兩個問題

  • 邊緣節點的高可用,不能有單點故障,否則整個kubernetes叢集將不可用
  • 對外的一致暴露埠,即只能有一個外網訪問IP和埠

架構

為了滿足邊緣節點的以上需求,我們使用keepalived來實現。

在Kubernetes中添加了ingress後,在DNS中新增A記錄,域名為你的ingress中host的內容,IP為你的keepalived的VIP,這樣叢集外部就可以通過域名來訪問你的服務,也解決了單點故障。

選擇Kubernetes的三個node作為邊緣節點,並安裝keepalived。

 

安裝keepalived服務

yum install -y keepalived

  

node1的keealived配置

cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id edgenode
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 88
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.40.0.109 dev eth0 label eth0:1
    }
}

  

node2 keepalive配置

cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id edgenode
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 88
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.40.0.109 dev eth0 label eth0:1
    }
}

  

node3 keepalived配置

cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id edgenode
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 88
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.40.0.109 dev eth0 label eth0:1
    }
}

 

設定keepalived開機自啟動

systemctl enable keepalived.service

  

啟動keepalived服務

systemctl start keepalived.service

  

安裝ingress-nginx

給邊緣節點打標籤

kubectl label nodes 10.40.0.105 edgenode=true
kubectl label nodes 10.40.0.106 edgenode=true
kubectl label nodes 10.40.0.107 edgenode=true

  

檢視node標籤

[[email protected] ingress]# kubectl get node --show-labels
NAME          STATUS   ROLES    AGE   VERSION   LABELS
10.40.0.105   Ready    <none>   25d   v1.12.1   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,edgenode=true,kubernetes.io/hostname=10.40.0.105
10.40.0.106   Ready    <none>   25d   v1.12.1   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,edgenode=true,env_role=dev,kubernetes.io/hostname=10.40.0.106
10.40.0.107   Ready    <none>   17d   v1.12.1   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,edgenode=true,kubernetes.io/hostname=10.40.0.

將原來ingress的yaml檔案由deployment改為daemonset

cat ingress-daemonset.yaml

apiVersion: extensions/v1beta1
#kind: Deployment
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx 
spec:
  #replicas: 3
  #selector:
    #matchLabels:
      #app: ingress-nginx
  template:
    metadata:
      labels:
        app: ingress-nginx
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      serviceAccountName: nginx-ingress-serviceaccount
      hostNetwork: true
      nodeSelector:
        edgenode: 'true'
      containers:
        - name: nginx-ingress-controller
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.20.0
          args:
            - /nginx-ingress-controller
            - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
          - name: http
            containerPort: 80
          - name: https
            containerPort: 443
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1

  

 namespace部署檔案

cat namespace.yaml 

apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx

 

configmap部署檔案

cat configmap.yaml 

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

  

rbac部署檔案

cat rbac.yaml 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx-ingress-serviceaccount
  namespace: ingress-nginx

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: nginx-ingress-clusterrole
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
        - events
    verbs:
        - create
        - patch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses/status
    verbs:
      - update

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: nginx-ingress-role
  namespace: ingress-nginx
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      # Defaults to "<election-id>-<ingress-class>"
      # Here: "<ingress-controller-leader>-<nginx>"
      # This has to be adapted if you change either parameter
      # when launching the nginx-ingress-controller.
      - "ingress-controller-leader-nginx"
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - get

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: nginx-ingress-role-nisa-binding
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: nginx-ingress-role
subjects:
  - kind: ServiceAccount
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: nginx-ingress-clusterrole-nisa-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nginx-ingress-clusterrole
subjects:
  - kind: ServiceAccount
    name: nginx-ingress-serviceaccount
    namespace: ingress-nginx

  

tcp-service-configmap

cat tcp-services-configmap.yaml 

kind: ConfigMap
apiVersion: v1
metadata:
  name: tcp-services
  namespace: ingress-nginx

  

udp-servcie-configmap

cat udp-services-configmap.yaml 

kind: ConfigMap
apiVersion: v1
metadata:
  name: udp-services
  namespace: ingress-nginx

  

default-backend

cat default-backend.yaml 

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: default-http-backend
  labels:
    app: default-http-backend
  namespace: ingress-nginx
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: default-http-backend
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: default-http-backend
        # Any image is permissable as long as:
        # 1. It serves a 404 page at /
        # 2. It serves 200 on a /healthz endpoint
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend:1.4
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        ports:
        - containerPort: 8080
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
          requests:
            cpu: 10m
            memory: 20Mi
---

apiVersion: v1
kind: Service
metadata:
  name: default-http-backend
  namespace: ingress-nginx
  labels:
    app: default-http-backend
spec:
  ports:
  - port: 80
    targetPort: 8080
  selector:
    app: default-http-backend

  

部署

kubectl create -f namespace.yaml
kubectl create -f configmap.yaml
kubectl create -f rbac.yaml
kubectl create -f default-backend.yaml
kubectl create -f tcp-services-configmap.yaml
kubectl create -f udp-services-configmap.yaml
kubectl create -f ingress-daemonset.yaml

  

檢視ingress-controller

[[email protected] ingress]# kubectl get ds -n ingress-nginx
NAME                       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
nginx-ingress-controller   3         3         3       3            3           edgenode=true   57m
[[email protected] ingress]# kubectl get pods -n ingress-nginx -o wide
NAME                                    READY   STATUS    RESTARTS   AGE   IP            NODE          NOMINATED NODE
default-http-backend-86569b9d95-x4bsn   1/1     Running   12         24d   172.17.65.6   10.40.0.105   <none>
nginx-ingress-controller-5b7xg          1/1     Running   0          58m   10.40.0.105   10.40.0.105   <none>
nginx-ingress-controller-b5mxc          1/1     Running   0          58m   10.40.0.106   10.40.0.106   <none>
nginx-ingress-controller-t5n5k          1/1     Running   0          58m   10.40.0.107   10.40.0.107   <none>

 

相關推薦

ingress可用--使用DaemonSet方式部署ingress-nginx

前言 為了配置kubernetes中的ingress的高可用,對於kubernetes叢集以外只暴露一個訪問入口,需要使用keepalived排除單點問題。需要使用daemonset方式將ingress-controller部署在邊緣節點上。 邊緣節點 首先解釋下什麼叫邊緣節點(Edge Node),所

Azure環境中Nginx可用性和部署架構設計

基於 google ogl soft 可用性 pan googl 環境 keep 前幾篇文章介紹了Nginx的應用、動態路由、配置。在實際生產環境部署時,我們需要同時考慮Nginx的高可用性和部署架構。 Nginx自身不支持集群以保證自身的高可用性,商業版本的Nginx+

十一.keepalived可用服務實踐部署

-s ash app The bind vim bin shel 全局 期中集群架構-第十一章-keepalived高可用集群章節======================================================================01

pacemaker+corosync+haporxy可用集群部署

-- mode balance del ystemd ipa hacluster pac 選擇 # 安裝 Corosync以及pacemaker 部署 yum install -y pacemaker pcs psmisc policycoreutils-python co

spark-2.4.0-hadoop2.7-可用(HA)安裝部署

  1. 主機規劃 主機名稱 IP地址 作業系統 部署軟體 執行程序 備註 mini01 172.16.1.11【內網】 10.0.0.11  【外網】

SpringCloud組件:Eureka可用集群部署

pri ces 時間 -h oot files scope 內容 步驟 高可用集群部署 Eureka 服務註冊中心。構建項目使用 idea 開發工具創建一個 SpringBoot 項目,添加 Eureka Server 依賴即可, pom.xml 配置文件如下所示: ...

10-redis cluster的自動化slave遷移實現更強的可用架構的部署方案

slave的自動遷移 比如現在有10個master,每個有1個slave,然後新增了3個slave作為冗餘,有的master就有2個slave了,有的master出現了salve冗餘 如果某個master的slave掛了,那麼redis cluster會自動

Corosync+Pacemaker+NFS+Httpd可用web叢集部署

Corosync+Pacemaker+NFS+Httpd高可用web叢集(使用資源管理工具pcs配置) 框架:pcs(Corosync+pacemaker)+nfs+httpd 叢集節點1:192.168.88.132  cen7.field.com 叢集節點2:192

(十)RabbitMQ消息隊列-可用集群部署實戰

進入 ann config views 如何 tor 通過命令 步驟 政策 原文:(十)RabbitMQ消息隊列-高可用集群部署實戰 前幾章講到RabbitMQ單主機模式的搭建和

可用 kubernetes 叢集部署實踐

前言 Kubernetes(k8s) 憑藉著其優良的架構,靈活的擴充套件能力,豐富的應用編排模型,成為了容器編排領域的事實標準

kubeadm實現k8s可用叢集環境部署與配置

# 高可用架構 k8s叢集的高可用實際是**k8s各核心元件**的**高可用**,這裡使用**主備模式**,架構如下: ![在這裡插入圖片描述](https://img-blog.csdnimg.cn/20200602143045152.png?x-oss-process=image/watermark,ty

keepalived+nginx-upstream部署可用反向代理

proxy route 服務器 宕機 127.0.0.1 trac 訪問 代理 _id 實驗拓撲 實驗要求 兩個web server提供httpd服務,ip地址分別是172.18.27.201、202,掩碼是16 兩個nginx proxy提供高可用反向代理,ip地

實踐:在CentOS7.3部署 keepalived 可用nginx(負載均衡)

高可用 nginx keepalived centos7.3 背景:既然有了Lvs+keepalived這樣高性能的組合,那為何還要有Nginx+keepalived呢,keepalived的初衷就是為了Lvs而設計的,我們都知道Lvs是一個四層的負載均衡設備,雖然有著高性能的優勢,但同時它卻

使用ansible結合keepalived可用nginx反向代理部署小型企業環境

ansible自動部署 keepalived高可用 nginx反向代理 mysql數據庫 前言: ansible作為一款靈活、高效、功能豐富的自動化部署工具在企業運維管理中備受推崇。本文演示使用ansible部署小型企業服務框架,實現高可用、負載均衡的目標。如有錯誤敬請賜教。目標環境拓撲

consul-template + nginx部署可用負載均衡

mas server web key use 健康 png ice pre 簡介 Consul-template是Consul的一個方擴展工具,通過監聽Consul中的數據可以動態修改一些配置文件,大家比較熱衷於應用在Nginx,HAProxy上動態配置健康

nginx,keepalived可用部署

環境 172.16.91.218  主 172.16.91.219   安裝包版本 nginx-1.14.0.tar.gz keepalived-2.0.7.tar.gz   把 nginx,keepalived 壓縮包 上傳到 /usr

K8S 部署 ingress-nginx (三) 啟用 https

部署 https 證書 cd ~/ingress openssl genrsa -out tls.key 2048 openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=GuangDong/L=Guangzhou/O=DevOps

docker 部署nginx 使用keepalived 部署可用

一.體系架構 在Keepalived + Nginx高可用負載均衡架構中,keepalived負責實現High-availability (HA) 功能控制前端機VIP(虛擬網路地址),當有裝置發生故障時,熱備伺服器可以瞬間將VIP自動切換過來,實際執行中體驗只有2秒鐘切換時間,DNS服務可以負責前端VIP

kubernetes1.13.1部署ingress-nginx並配置https轉發dashboard

number 直接 .com aml apr defined shadow 分享圖片 unless 參考 https://github.com/kubernetes/ingress-nginx https://www.jianshu.com/p/e30b06906b77 h

利用RHCS Nginx Fence實現可用叢集部署

叢集概念 HA(High Available)高可用叢集是減少服務中斷時間為目的的伺服器叢集技術,也是保證業務連續性的有效解決方案。叢集,一般有兩個或者兩個以上的計算機組成,這些組成叢集的計算機被稱為節點。 其中由兩個節點組成的叢集被稱為雙機熱備,即使用兩臺