Ingress-Nginx高可用

以最新版的nginx-ingress-controller:0.30.0为例 

高可用Ingress 架构如下：

打开 https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml 然后Raw下载mandatory.yaml，修改其中的 nginx-ingress-controller 部分，也就是官网上的 with-rbac.yaml

1、修改Deployment为DaemonSet，并注释掉副本数

2、启用hostNetwork网络，并指定运行节点

hostNetwork暴露ingress-nginx controller的相关业务端口到主机，这样node节点主机所在网络的其他主机，都可以通过该端口访问到此应用程序。

nodeSelector指定之前添加ingress-controller=true标签的node

3、修改镜像地址

4、增加master节点容忍（可选）

tolerations: #增加容忍，可分配到master节点
- key: "node-role.kubernetes.io/master"
  operator: "Exists"
  effect: "NoSchedule"

修改完成后：

apiVersion: apps/v1
#kind: Deployment
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress-nginx
  labels:
    k8s-app: ingress-controller
spec:
  #replicas: 1
  selector:
    matchLabels:
      k8s-app: ingress-controller
  template:
    metadata:
      labels:
        k8s-app: ingress-controller
      annotations:
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
    spec:
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300
      serviceAccountName: nginx-ingress-serviceaccount
      hostNetwork: true
      nodeSelector:
        ingress-controller: "true"
      tolerations: #增加容忍，可分配到master节点
        - key: "node-role.kubernetes.io/master"
          operator: "Exists"
          effect: "NoSchedule"
      containers:
        - name: nginx-ingress-controller
          image: registry-vpc.cn-beijing.aliyuncs.com/base/nginx-ingress-controller:0.30.0
          args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
            - --annotations-prefix=nginx.ingress.kubernetes.io
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            # www-data -> 101
            runAsUser: 101
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
              #protocol: TCP
            - name: https
              containerPort: 443
              #protocol: TCP
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 10
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown

节点打标签：

# kubectl label node master-92 ingress-controller="true"

此时再使用keepalived或外部slb进行高可用设置即可。

参考资料：https://www.cnblogs.com/keep-live/p/11882829.html