Helm部署Ingress使用DaemonSet+Taint/Tolerations+NodeSelector

k8s评论1阅读模式

kubernetes集群中需要在指定的几个节点上只部署Nginx Ingress Controller实例,不会跑其他业务容器。

Helm部署Ingress使用DaemonSet+Taint/Tolerations+NodeSelector

环境说明

教程基于有k8s集群,并安装好helm部署环境。强烈推荐使用helm发布您的代码!

执行helm version出现如下证明环境已经就绪。

  1. [root@oneinstack ~]# helm version
  2. Client: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}
  3. Server: &version.Version{SemVer:"v2.13.1", GitCommit:"618447cbf203d147601b4b9bd7f8c37a5d39fbb4", GitTreeState:"clean"}

helm下载ingress chart

搜索ingress charts

  1. helm search ingress

下载nginx ingress

  1. helm fetch stable/nginx-ingress

fetch之后得到nginx-ingress-1.4.0.tgz

修改ingress helm chart

解压nginx-ingress-1.4.0.tgz

  1. tar xzf nginx-ingress-1.4.0.tgz

注意: 解压过程出现implausibly old time stamp 1970-01-01 08:00:00可忽略

修改values.yaml,下面是我的修改好的:

  1. ## nginx configuration
  2. ## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
  3. ##
  4. controller:
  5.   name: controller
  6.   image:
  7.     repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller  # 建议将镜像拖到自己私有参考,修改私有仓库地址
  8.     tag: "0.24.1"
  9.     pullPolicy: IfNotPresent
  10.     # www-data -> uid 33
  11.     runAsUser: 33
  13.   config: {}
  14.   # Will add custom header to Nginx https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
  15.   headers: {}
  17.   # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
  18.   # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
  19.   # is merged
  20.   hostNetwork: true   # 80 443 暴露到宿主机
  22.   # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
  23.   # By defaultwhile using host network, name resolution uses the host's DNS. If you wish nginx-controller
  24.   # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
  25.   dnsPolicy: ClusterFirst
  27.   ## Use host ports 80 and 443
  28.   daemonset:
  29.     useHostPort: false
  31.     hostPorts:
  32.       http: 80
  33.       https: 443
  34.       ## healthz endpoint
  35.       stats: 18080
  37.   ## Required only if defaultBackend.enabled = false
  38.   ## Must be <namespace>/<service_name>
  39.   ##
  40.   defaultBackendService: ""
  42.   ## Election ID to use for status update
  43.   ##
  44.   electionID: ingress-controller-leader
  46.   ## Name of the ingress class to route through this controller
  47.   ##
  48.   ingressClass: nginx # 后续ingress.yaml annotations指定kubernetes.io/ingress.class: nginx
  50.   # labels to add to the pod container metadata
  51.   podLabels: {}
  52.   #  key: value
  54.   ## Allows customization of the external service
  55.   ## the ingress will be bound to via DNS
  56.   publishService:
  57.     enabled: false
  58.     ## Allows overriding of the publish service to bind to
  59.     ## Must be <namespace>/<service_name>
  60.     ##
  61.     pathOverride: ""
  63.   ## Limit the scope of the controller
  64.   ##
  65.   scope:
  66.     enabled: false
  67.     namespace: ""   # defaults to .Release.Namespace
  69.   ## Additional command line arguments to pass to nginx-ingress-controller
  70.   ## E.g. to specify the default SSL certificate you can use
  71.   ## extraArgs:
  72.   ##   default-ssl-certificate: "<namespace>/<secret_name>"
  73.   extraArgs: {}
  75.   ## Additional environment variables to set
  76.   extraEnvs: []
  77.   # extraEnvs:
  78.   #   - name: FOO
  79.   #     valueFrom:
  80.   #       secretKeyRef:
  81.   #         key: FOO
  82.   #         name: secret-resource
  84.   ## DaemonSet or Deployment
  85.   ##
  86.   kind: DaemonSet   #DaemonSet模式
  88.   # The update strategy to apply to the Deployment or DaemonSet
  89.   ##
  90.   updateStrategy: {}
  91.   #  rollingUpdate:
  92.   #    maxUnavailable: 1
  93.   #  type: RollingUpdate
  95.   # minReadySeconds to avoid killing pods before we are ready
  96.   ##
  97.   minReadySeconds: 0
  99.   ## Node tolerations for server scheduling to nodes with taints
  100.   ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  101.   ##
  102.   tolerations:    #在节点上打污点,此处是容忍的key value effect
  103.     - key: "nginx-ingress"
  104.       operator: "Equal"
  105.       value: "true"
  106.       effect: "NoSchedule"
  108.   affinity: {}
  110.   ## Node labels for controller pod assignment
  111.   ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  112.   ##
  113.   nodeSelector:
  114.     nginx-ingress: "true"    #使用节点标签选择器,访问在所有节点运行ingress
  116.   ## Liveness and readiness probe values
  117.   ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  118.   ##
  119.   livenessProbe:
  120.     failureThreshold: 3
  121.     initialDelaySeconds: 10
  122.     periodSeconds: 10
  123.     successThreshold: 1
  124.     timeoutSeconds: 1
  125.     port: 10254
  126.   readinessProbe:
  127.     failureThreshold: 3
  128.     initialDelaySeconds: 10
  129.     periodSeconds: 10
  130.     successThreshold: 1
  131.     timeoutSeconds: 1
  132.     port: 10254
  134.   ## Annotations to be added to controller pods
  135.   ##
  136.   podAnnotations:    # 支持prometheus抓取数据
  137.     prometheus.io/scrape: "true"
  138.     prometheus.io/port: "10254"
  140.   replicaCount: 1
  142.   minAvailable: 1
  144.   resources: {}
  145.   #  limits:
  146.   #    cpu: 100m
  147.   #    memory: 64Mi
  148.   #  requests:
  149.   #    cpu: 100m
  150.   #    memory: 64Mi
  152.   autoscaling:
  153.     enabled: false
  154.     minReplicas: 1
  155.     maxReplicas: 11
  156.     targetCPUUtilizationPercentage: 50
  157.     targetMemoryUtilizationPercentage: 50
  159.   ## Override NGINX template
  160.   customTemplate:
  161.     configMapName: ""
  162.     configMapKey: ""
  164.   service:
  165.     annotations: {}
  166.     labels: {}
  167.     clusterIP: ""
  169.     ## List of IP addresses at which the controller services are available
  170.     ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
  171.     ##
  172.     externalIPs: []
  174.     loadBalancerIP: ""
  175.     loadBalancerSourceRanges: []
  177.     enableHttp: true
  178.     enableHttps: true
  180.     ## Set external traffic policy to: "Local" to preserve source IP on
  181.     ## providers supporting it
  182.     ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
  183.     externalTrafficPolicy: ""
  185.     healthCheckNodePort: 0
  187.     targetPorts:
  188.       http: http
  189.       https: https
  191.     type: ClusterIP
  193.     # type: NodePort
  194.     # nodePorts:
  195.     #   http: 32080
  196.     #   https: 32443
  197.     nodePorts:
  198.       http: ""
  199.       https: ""
  201.   extraContainers: []
  202.   ## Additional containers to be added to the controller pod.
  203.   ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
  204.   #  - name: my-sidecar
  205.   #    image: nginx:latest
  206.   #  - name: lemonldap-ng-controller
  207.   #    image: lemonldapng/lemonldap-ng-controller:0.2.0
  208.   #    args:
  209.   #      - /lemonldap-ng-controller
  210.   #      - --alsologtostderr
  211.   #      - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
  212.   #    env:
  213.   #      - name: POD_NAME
  214.   #        valueFrom:
  215.   #          fieldRef:
  216.   #            fieldPath: metadata.name
  217.   #      - name: POD_NAMESPACE
  218.   #        valueFrom:
  219.   #          fieldRef:
  220.   #            fieldPath: metadata.namespace
  221.   #    volumeMounts:
  222.   #    - name: copy-portal-skins
  223.   #      mountPath: /srv/var/lib/lemonldap-ng/portal/skins
  225.   extraVolumeMounts: []
  226.   ## Additional volumeMounts to the controller main container.
  227.   #  - name: copy-portal-skins
  228.   #   mountPath: /var/lib/lemonldap-ng/portal/skins
  230.   extraVolumes: []
  231.   ## Additional volumes to the controller pod.
  232.   #  - name: copy-portal-skins
  233.   #    emptyDir: {}
  235.   extraInitContainers: []
  236.   ## Containers, which are run before the app containers are started.
  237.   # - name: init-myservice
  238.   #   image: busybox
  239.   #   command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
  242.   stats:
  243.     enabled: true
  245.     service:
  246.       annotations: {}
  247.       clusterIP: ""
  249.       ## List of IP addresses at which the stats service is available
  250.       ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
  251.       ##
  252.       externalIPs: []
  254.       loadBalancerIP: ""
  255.       loadBalancerSourceRanges: []
  256.       servicePort: 18080
  257.       type: ClusterIP
  259.   ## If controller.stats.enabled = true and controller.metrics.enabled = true, Prometheus metrics will be exported
  260.   ##
  261.   metrics:
  262.     enabled: true
  264.     service:
  265.       annotations:
  266.         prometheus.io/scrape: "true"
  267.         prometheus.io/port: "10254"
  269.       clusterIP: ""
  271.       ## List of IP addresses at which the stats-exporter service is available
  272.       ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
  273.       ##
  274.       externalIPs: []
  276.       loadBalancerIP: ""
  277.       loadBalancerSourceRanges: []
  278.       servicePort: 9913
  279.       type: ClusterIP
  281.     serviceMonitor:
  282.       enabled: false
  283.       additionalLabels: {}
  284.       namespace: ""
  286.   lifecycle: {}
  288.   priorityClassName: ""
  290. ## Rollback limit
  291. ##
  292. revisionHistoryLimit: 10
  294. ## Default 404 backend
  295. ##
  296. defaultBackend:
  298.   ## If false, controller.defaultBackendService must be provided
  299.   ##
  300.   enabled: true
  302.   name: default-backend
  303.   image:
  304.     repository: registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend
  305.     tag: "1.4"
  306.     pullPolicy: IfNotPresent
  308.   extraArgs: {}
  310.   port: 8080
  312.   ## Node tolerations for server scheduling to nodes with taints
  313.   ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  314.   ##
  315.   tolerations: []
  316.   #  - key: "key"
  317.   #    operator: "Equal|Exists"
  318.   #    value: "value"
  319.   #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
  321.   affinity: {}
  323.   # labels to add to the pod container metadata
  324.   podLabels: {}
  325.   #  key: value
  327.   ## Node labels for default backend pod assignment
  328.   ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  329.   ##
  330.   nodeSelector: {}
  332.   ## Annotations to be added to default backend pods
  333.   ##
  334.   podAnnotations: {}
  336.   replicaCount: 1
  338.   minAvailable: 1
  340.   resources: {}
  341.   # limits:
  342.   #   cpu: 10m
  343.   #   memory: 20Mi
  344.   # requests:
  345.   #   cpu: 10m
  346.   #   memory: 20Mi
  348.   service:
  349.     annotations: {}
  350.     clusterIP: ""
  352.     ## List of IP addresses at which the default backend service is available
  353.     ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
  354.     ##
  355.     externalIPs: []
  357.     loadBalancerIP: ""
  358.     loadBalancerSourceRanges: []
  359.     servicePort: 80
  360.     type: ClusterIP
  362.   priorityClassName: ""
  364. ## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
  365. rbac:
  366.   create: true
  368. # If true, create & use Pod Security Policy resources
  369. # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
  370. podSecurityPolicy:
  371.   enabled: false
  373. serviceAccount:
  374.   create: true
  375.   name:
  377. ## Optional array of imagePullSecrets containing private registry credentials
  378. ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  379. imagePullSecrets: []
  380. # - name: secretName
  382. # TCP service key:value pairs
  383. # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
  384. ##
  385. tcp: {}
  386. #  8080"default/example-tcp-svc:9000"
  388. # UDP service key:value pairs
  389. # Ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp
  390. ##
  391. udp: {}
  392. #  53"kube-system/kube-dns:53"

NODE打标签,设置污点

打标签

  1. kubectl label nodes 10.0.10.7 nginx-ingress=true
  2. kubectl label nodes 10.0.10.8 nginx-ingress=true
  3. kubectl label nodes 10.0.10.9 nginx-ingress=true

设置污点

  1. kubectl taint nodes 10.0.10.7 nginx-ingress=true:NoSchedule
  2. kubectl taint nodes 10.0.10.8 nginx-ingress=true:NoSchedule
  3. kubectl taint nodes 10.0.10.9 nginx-ingress=true:NoSchedule

安装nginx-ingress

  1. helm upgrade nginx-ingress ./nginx-ingress --install --namespace nginx-ingress --dry-run  # 测试运行
  1. helm upgrade nginx-ingress ./nginx-ingress --install --namespace nginx-ingress

注意:

  1. 需要先在NODE节点打污点、标签
  2. helm名字和命名空间请使用nginx-ingress, 和直接用yaml文件(ingress-nginx)有区别。否则DaemonSet、pod名字比较奇怪

Sun Apr 14 15:29:38 CST 2019

 
  • 本文由 yeho 发表于 2019-04-14
  • 转载请务必保留本文链接:https://linuxeye.com/476.html
  • DaemonSet
  • Helm
  • Ingress
  • k8s
  • NodeSelector
  • Taint
  • Tolerations

加载中...

k8s

Filebeat收集K8S日志

Kubernetes 中比较流行的日志收集解决方案是 Elasticsearch、Logstash和 Kibana(ELK)技术栈,今天来推荐EFK,即Logstash换成filebeat。 切换到E...
评论Filebeat k8s
k8s

Kubernetes集群搭建

环境说明 操作系统:CentOS7.4 64bit 软件版本:kubernetes-v1.9.9、etcd-v3.3.8、flannel-v0.10.0 下载地址: https://dl.k8s.io...
1 docker k8s
匿名

发表评论

匿名网友
确定

拖动滑块以完成验证