背景:
1、业务有个性化需求,例如需要在Nginx 上面部署agent 分析日志并做告警,但该业务不关注其他业务的日志
2、每次业务变更,Nginx worker进程都得执行reload。随着业务体量增加,reload会越来越频繁,拆分ingress 可以有效避免业务互相影响
# 为机器加上不同的标签,如azone/bzone 用来区分A专区跟B专区
kubectl label node test-node-1.1.1.1 ingress-role="azone"
kubectl label node test-node-2.2.2.2 ingress-role="bzone"
# 创建ingress
root@ubuntu:/home/test# kubectl apply -f nginx-ingress-controller-ds-azone.yml
root@ubuntu:/home/test# kubectl apply -f nginx-ingress-controller-ds-bzone.yml
# 查看部署ingress实例
root@ubuntu:/home/test# kubectl get pod -n kube-system -o wide |grep Nginx
azone-nginx-ingress-controller-d92zq 1/1 Running 0 2m 10.26.129.21 test-node-1.1.1.1
bzone-nginx-ingress-controller-dswv9 1/1 Running 0 2m 10.26.129.22 test-node-2.2.2.2
# Nginx-controller 配置如下
apiVersion: extensions/v1beta1
kind: DaemonSet
Metadata:
name: azone-nginx-ingress-controller
labels:
app: ingress-Nginx
namespace: kube-system
spec:
template:
Metadata:
labels:
app: ingress-Nginx
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
prometheus.io/type: "ingress-Nginx"
spec:
hostNetwork: true
tolerations:
- key: "node-role.kubernetes.io/ingress"
operator: "Equal"
value: "true"
effect: "NoSchedule"
nodeselector:
node-role.kubernetes.io/ingress: "true"
ingress-role: "azone" # 添加指定标签,绑定固定部署机器
serviceAccountName: admin
containers:
- name: azone-nginx-ingress-controller
image: registry.cn-hangzhou.aliyuncs.com/test/ingress-controller:0.15.0-10
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/Nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-Nginx
- --annotations-prefix=Nginx.ingress.kubernetes.io
- --v=2
- --enable-dynamic-configuration=true
- --ingress-class=azone # 指定ingress-class 属性
env:
- name: POD_NAME
valueFrom:
fieldRef:
- name: COLLECT_LOG_DOCKER_DATA_WEBLOG
value: "true"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
volumeMounts:
- name: localtime-config
mountPath: /etc/localtime
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successthreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successthreshold: 1
timeoutSeconds: 1
volumes:
- name: localtime-config
hostPath:
path: /etc/localtime
# 创建 ingress,配置里面绑定class
root@ubuntu:/home/test# cat azone-test.aaa.com-ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
Metadata:
name: azone-test-ingress-https
annotations:
kubernetes.io/ingress.class: "azone" # 绑定ingress-class
Nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: azone-test.aaa.com
http:
paths:
- path: /
backend:
serviceName: azone-test-svc
servicePort: 80
# 查看绑定情况
root@ubuntu:/home/wuguihong1# kubectl -n kube-system get pod -o wide|grep Nginx
azone-ingress-controller-d92zq 1/1 Running 0 16h 10.26.129.21 test-node-1.1.1.1
bzone-ingress-controller-62458 1/1 Running 0 15h 10.26.129.22 test-node-2.2.2.2
root@ubuntu:/home/test# kubectl -n kube-system exec azone-ingress-controller-d92zq cat /etc/Nginx/Nginx.conf |grep azone-test.aaa.com
server_name azone-test.aaa.com ;
root@ubuntu:/home/test# kubectl -n kube-system exec bzone-ingress-controller-62458 cat /etc/Nginx/Nginx.conf|grep azone-test.aaa.com
可以看到2台node节点上各运行一个ingress-controller , 并且azone 上面绑定了azone-test.aaa.com 的域名,而bzone 上面没绑定
参考资料:
Multiple Ingress controllers
https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
