aliyun-ack_ingress

阅读量: zyh 2021-03-09 20:11:16
Categories: > Tags:

基本

https://help.aliyun.com/document_detail/398740.html#section-eph-gef-b2h

构建 nginx-ingress-controller 专属节点池

https://help.aliyun.com/document_detail/86750.htm?spm=a2c4g.11186623.0.0.198d3d01oJIf2x#task-1339886

  1. 创建 ingress-nginx 节点池,并设置节点角色标签 node-role.kubernetes.io/ingress: true 和污点node-role.kubernetes.io/ingress=true:NoExecute

image-20220424232115597

  1. 验证
➜   kubectl get node
NAME                    STATUS   ROLES     AGE   VERSION
cn-beijing.10.0.0.39    Ready    ingress   65m   v1.20.11-aliyun.1
cn-beijing.10.0.0.41    Ready    <none>    62m   v1.20.11-aliyun.1
cn-beijing.10.0.1.234   Ready    <none>    62m   v1.20.11-aliyun.1

✨cn-beijing.10.0.0.39 就是 ingress-nginx 节点池里的节点。

  1. 集群详情页-运维管理-组件管理-Nginx Ingress Controller-安装

  2. 待 Nginx Ingress Controller 安装完毕后,添加新配置,将 nginx-ingress-controller 调度到 ingress-nginx 专属节点池

191-193 以及 201-205 行为新增行

191       nodeSelector:
192         kubernetes.io/os: linux
193         node-role.kubernetes.io/ingress: "true"
194       priorityClassName: system-node-critical
195       restartPolicy: Always
196       schedulerName: default-scheduler
197       securityContext: {}
198       serviceAccount: ingress-nginx
199       serviceAccountName: ingress-nginx
200       terminationGracePeriodSeconds: 300
201       tolerations:
202       - effect: NoExecute
203         key: node-role.kubernetes.io/ingress
204         operator: Equal
205         value: "true"

✨默认阿里云的 nginx-ingress-controller 位于 kube-system 命名空间

优化 nginx-ingress-controller

https://help.aliyun.com/document_detail/202125.htm?spm=a2c4g.11186623.0.0.198d3d01oJIf2x#task-2036582

nginx-ingress-lb 服务对象创建 SLB 失败

kubectl get -n kube-system svc nginx-ingress-lb -o yaml > nginx-ingress-lb.yaml

清理掉生成的状态配置

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id":"rg-acfm3nywkge2z2a"},"labels":{"app":"nginx-ingress-lb"},"name":"nginx-ingress-lb","namespace":"kube-system"},"spec":{"externalTrafficPolicy":"Local","ipFamilyPolicy":"SingleStack","ports":[{"name":"http","port":80,"targetPort":80},{"name":"https","port":443,"targetPort":443}],"selector":{"app":"ingress-nginx"},"type":"LoadBalancer"}}
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-resource-group-id: rg-acfm3nywkge2z2a
  finalizers:
  - service.k8s.alibaba/resources
  labels:
    app: nginx-ingress-lb
  name: nginx-ingress-lb
  namespace: kube-system
spec:
  externalTrafficPolicy: Local
  healthCheckNodePort: 31836
  ports:
  - name: http
    nodePort: 31947
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    nodePort: 32283
    port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: ingress-nginx
  sessionAffinity: None
  type: LoadBalancer

删除 nginx-ingress-lb 然后重新创建

kubectl delete -f nginx-ingress-lb.yaml && kubectl apply -f nginx-ingress-lb.yaml
prometheus☞02外置prometheus监控k8s
linux☞利用acme.sh管理免费的ssl证书申请