CI/CD(六) helm部署ingress-nginx(阿里云)

零、修改iptable为ipvs(可选)

  1. 修改 kube-proxy 配置

    bash 复制代码
    kubectl edit cm kube-proxy -n kube-system 
    # 将 mode 字段改为 "ipvs"
  2. 重启 kube-proxy

    bash 复制代码
    kubectl delete pod -l k8s-app=kube-proxy -n kube-system
  3. 验证 IPVS 状态

    bash 复制代码
    ipvsadm -Ln 
    # 查看负载均衡规则

一、github下载最新的包(4.12.0)

Releases · kubernetes/ingress-nginx · GitHub

二、解压

bash 复制代码
tar -zxvf ingress-nginx-4.12.0.tgz
cd ingress-nginx

三、修改values.ymal

bash 复制代码
#如果是在集群中部署项目使用ingress-nginx,需要提前在工作节点下载docker或者containerd,手动拉取从而测试该仓库和镜像是否可用,手动拉取的命令是
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.12.0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.5.0

cd ingress-nginx

bash 复制代码
[root@k8s-master ingress-nginx]# vim values.yaml 


# 第一处:修改全局仓库为阿里云仓库
global:
  image:
    # -- Registry host to pull images from.
    registry: registry.cn-hangzhou.aliyuncs.com

# 第二处:修改controller的image名称和注释digest
controller:
  name: controller
  enableAnnotationValidations: true
  image:
    ## Keep false as default for now!
    chroot: false
    # registry: registry.k8s.io
#    image: google_containers/ingress-nginx/controller
    image: google_containers/nginx-ingress-controller
    ## for backwards compatibility consider setting the full image url via the repository value below
    ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
    ## repository:
    tag: "v1.12.0"
 #   digest: sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
#    digestChroot: sha256:87c88e1c38a6c8d4483c8f70b69e2cca49853bb3ec3124b9b1be648edf139af3


# 第三处:修改patch附近的镜像名称,以及注释digest
    patch:
      enabled: true
      image:
        # registry: registry.k8s.io
        image: google_containers/kube-webhook-certgen
        ## for backwards compatibility consider setting the full image url via the repository value below
        ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
        ## repository:
        tag: v1.5.0
#        digest: sha256:aaafd456bda110628b2d4ca6296f38731a3aaf0bf7581efae824a41c770a8fc4

# 第四处:修改hostNetwork:
 # false 改成 true
  hostNetwork: true
  
# 第五处:修改dnsPolicy
 # ClusterFirst 改成 
  dnsPolicy: ClusterFirstWithHostNet
    
# 第六处:修改kind(可选)
  # -- Use a `DaemonSet` or `Deployment`
  # Deployment 改成 DaemonSet
  kind: DaemonSet

# 第七处:添加标签(可选,由于我两台从节点都部署了单机nginx,80端口被占用,想让他部署到master)。记得在节点上打上标签。kubectl label node k8s-node1 ingress=true
 nodeSelector:
    kubernetes.io/os: linux
	# 增加
    ingress: "true"

# 第八处:(可选。我没改)enabled要改为false

  admissionWebhooks:
    name: admission
    annotations: {}
    # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem".

    ## Additional annotations to the admission webhooks.
    ## These annotations will be added to the ValidatingWebhookConfiguration and
    ## the Jobs Spec of the admission webhooks.
    enabled: false

# 第九处(本地化),找到controller.service.type,修改为NodePort,这是由于要向外部暴露服务。该type的缩进在controller.service下,一定要找到正确的进行修改。
controller service.
    annotations: {}
    # -- Labels to be added to both controller services.
    labels: {}
    # -- Type of the external controller service.
    # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
    type: NodePort

#第10处(可选,如果上面的第四处改为了true,这里的配置不生效,因为用的宿主机的80与443),顺便把暴露的端口固定
    appProtocol: true
    nodePorts:
      # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
      http: "30080"
      # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
      https: "30443"

三、部署

退出到上一层

bash 复制代码
helm install ingress-nginx ./ingress-nginx   --namespace ingress-nginx   --create-namespace   -f ./ingress-nginx/values.yaml

四、主节点部署(因从节点都部署了nginx。80等端口被占用)

1、给主节点打标签

bash 复制代码
# 给主节点打标签(标签名可自定义)k8s-master为ip也可以
kubectl label node k8s-master ingress-node=true

# 确认标签是否生效
kubectl get node k8s-master --show-labels

2、修改values.yaml,让其容忍主节点的污点

bash 复制代码
controller:
  nodeSelector:
    ingress-node: "true"  # 匹配主节点的标签
  tolerations:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"  # 容忍主节点的污点
      effect: "NoSchedule"

3、若主节点的 80/443 端口已被占用,需调整 ingress-nginx 的端口映射:

bash 复制代码
controller:
  hostNetwork: false       # 禁用宿主机网络模式
  service:
    type: NodePort         # 使用 NodePort 暴露服务
    ports:
      http: 30080          # 自定义外部访问端口(避免与节点 Nginx 冲突)
      https: 30443
    targetPorts:
      http: 80             # 容器内部端口保持默认
      https: 443

4、部署验证

bash 复制代码
# 更新 Helm 配置
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
  -n ingress-nginx \
  -f values.yaml

# 检查 Pod 是否调度到主节点
kubectl get pods -n ingress-nginx -o wide

# 查看 Service 端口映射
kubectl get svc -n ingress-nginx
相关推荐
Kendra9193 小时前
Keepalive+LVS+Nginx+NFS高可用架构
nginx·架构·lvs
若云止水4 小时前
ngx_http_core_main_conf_t
nginx
开发小能手-roy6 小时前
Ubuntu 系统中安装 Nginx
数据库·nginx·ubuntu
MonkeyKing_sunyuhua6 小时前
Ubuntu 22.04 上安装阿里云 CLI(命令行工具)
linux·ubuntu·阿里云
小破程序员9 小时前
docker安装ngnix
服务器·nginx·docker
致良知云11 小时前
elasticsearch-7.17.16阿里云部署
elasticsearch·阿里云·jenkins
棕生12 小时前
架构师面试(二十三):负载均衡
nginx·负载均衡·lvs·架构师面试·rpc连接池·vip+keepalive
云上艺旅12 小时前
K8S学习之基础六十二:helm部署memcached服务
学习·kubernetes·helm·memcached·pod
Brown.alexis21 小时前
服务器本地镜像上传到阿里云远程镜像仓库
运维·服务器·阿里云
音视频牛哥21 小时前
Nginx RTMP DASH 模块分析 (ngx_rtmp_dash_module.c)
运维·nginx·大牛直播sdk·dash·nginx rtmp服务器·nginx dash·dash播放