在阿里云容器服务上通过Helm部署Ingress Controller

本文涉及的产品
容器镜像服务 ACR,镜像仓库100个 不限时长
简介: 本文主要介绍如何通过Helm的方式在阿里云容器服务中依据自身业务场景快速部署更新Ingress Controller组件。

Kubernetes Ingress 高可靠部署最佳实践 中介绍了在Kubernetes集群中如何部署一套高可靠的Ingress接入层,文中通过直接修改YAML的方式来完成,今天主要分享下如何通过Helm的方式在阿里云容器服务中依据自身业务场景快速部署更新Ingress Controller组件。

环境准备

  1. 通过 阿里云容器服务控制台 申请一套Kubernetes集群,并配置本地kubectl连接到远程Kubernetes集群,配置方式请参考这里
  2. 安装配置helm客户端,具体可参考这里
  3. 添加阿里云 Ingress Controller Helm Repo:
$ helm repo add aliyun-stable https://acs-k8s-ingress.oss-cn-hangzhou.aliyuncs.com/charts
"aliyun-stable" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "aliyun-stable" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈

支持多种部署形式

由于不同业务场景的多样性,在创建Kubernetes集群时默认会部署一套单节点的Ingress Controller,这里我们可以通过Helm的方式并依据具体需求场景来支持不同的部署形式。

注意集群默认是通过YAML方式部署的Ingress Controller,故无法直接通过Helm来进行更新,我们可以通过参数--force来强制更新,但会重建一个新的Ingress SLB实例。

采用Deployment+多Replica的部署形式

集群初始化时默认部署了一套单Replica的Ingress Controller Deployment,我们可以通过下面方式来更新采用多Replica的部署形式:

$ helm upgrade --namespace kube-system --install aliyun-ingress-controller aliyun-stable/nginx-ingress --set controller.kind=Deployment --set controller.replicaCount=2
$ kubectl -n kube-system get pod | grep nginx-ingress-controller
nginx-ingress-controller-786cc55966-cjt8r                    1/1       Running   0          7m
nginx-ingress-controller-786cc55966-w8fdm                    1/1       Running   0          7m

注:具体变量值需依据您的业务需求进行适当配置。

采用Deployment+HPA的部署形式

同样我们在部署Ingress Controller时可以配合HPA依据负载情况来进行动态扩缩容:

$ helm upgrade --namespace kube-system --install aliyun-ingress-controller aliyun-stable/nginx-ingress --set controller.kind=Deployment --set controller.autoscaling.enabled=true --set controller.autoscaling.minReplicas=1 --set controller.autoscaling.maxReplicas=3 --set controller.autoscaling.targetCPUUtilizationPercentage=80 --set controller.resources.requests.cpu=500m --set controller.resources.limits.cpu=1000m
$ kubectl -n kube-system get hpa
NAME                       REFERENCE                             TARGETS    MINPODS   MAXPODS   REPLICAS   AGE
nginx-ingress-controller   Deployment/nginx-ingress-controller   0% / 80%   1         3         1          2m
$ kubectl -n kube-system get pod | grep nginx-ingress-controller
nginx-ingress-controller-648cdccbf-prvdq                     1/1       Running   0          3m

注:具体变量值需依据您的业务需求进行适当配置。

采用DaemonSet的部署形式

同样我们可以更新Ingress Controller采用DaemonSet的部署形式:

$ helm upgrade --namespace kube-system --install aliyun-ingress-controller aliyun-stable/nginx-ingress --set controller.kind=DaemonSet
$ kubectl -n kube-system get pod | grep nginx-ingress-controller
nginx-ingress-controller-2j6qj                               1/1       Running   0          36s
nginx-ingress-controller-8mw2x                               1/1       Running   0          36s
nginx-ingress-controller-zhd4q                               1/1       Running   0          36s
$ kubectl -n kube-system get ds | grep nginx-ingress-controller
nginx-ingress-controller   3         3         3         3            3           <none>                            46s

注:测试集群有3台Worker节点。

开启监控配置

通过Helm的方式我们也可以很方便地开启Nginx VTS监控模块和导出Prometheus监控指标:

$ helm upgrade --namespace kube-system --install aliyun-ingress-controller aliyun-stable/nginx-ingress --set controller.stats.enabled=true --set controller.metrics.enabled=true
$ kubectl -n kube-system get pod | grep nginx-ingress-controller
nginx-ingress-controller-5fddb6b599-zw2qh                    1/1       Running   0          1m
$ kubectl -n kube-system exec -it nginx-ingress-controller-5fddb6b599-zw2qh -- cat /etc/nginx/nginx.conf | grep vhost_traffic_status_display
            vhost_traffic_status_display;
            vhost_traffic_status_display_format html;

注:这里测试采用的是默认单节点的部署形式。

参数配置说明

通过Helm的方式部署Ingress Controller还支持很多其他配置参数,我们可以很灵活地依据自身业务场景来配置更新Ingress Controller。

Parameter Description Default
controller.name name of the controller component controller
controller.image.repository controller container image repository registry.cn-hangzhou.aliyuncs.com/acs/aliyun-ingress-controller
controller.image.tag controller container image tag 0.12.0-2
controller.image.pullPolicy controller container image pull policy IfNotPresent
controller.config nginx ConfigMap entries {proxy-body-size: "20m"}
controller.hostNetwork If the nginx deployment / daemonset should run on the host's network namespace. Do not set this when controller.service.externalIPs is set and kube-proxy is used as there will be a port-conflict for port 80 false
controller.defaultBackendService default 404 backend service; required only if defaultBackend.enabled = false ""
controller.electionID election ID to use for the status update ingress-controller-leader
controller.extraEnvs any additional environment variables to set in the pods {}
controller.extraContainers Sidecar containers to add to the controller pod. See LemonLDAP::NG controller as example {}
controller.extraVolumeMounts Additional volumeMounts to the controller main container {}
controller.extraVolumes Additional volumes to the controller pod {}
controller.ingressClass name of the ingress class to route through this controller nginx
controller.scope.enabled limit the scope of the ingress controller false (watch all namespaces)
controller.scope.namespace namespace to watch for ingress "" (use the release namespace)
controller.extraArgs Additional controller container arguments {v: "2", annotations-prefix: "nginx.ingress.kubernetes.io"}
controller.kind install as Deployment or DaemonSet Deployment
controller.tolerations node taints to tolerate (requires Kubernetes >=1.6) []
controller.affinity node/pod affinities (requires Kubernetes >=1.6) {}
controller.minReadySeconds how many seconds a pod needs to be ready before killing the next, during update 0
controller.nodeSelector node labels for pod assignment {}
controller.podAnnotations annotations to be added to pods {}
controller.replicaCount desired number of controller pods 1
controller.minAvailable minimum number of available controller pods for PodDisruptionBudget 1
controller.resources controller pod resource requests & limits {}
controller.lifecycle controller pod lifecycle hooks {}
controller.service.annotations annotations for controller service {}
controller.service.labels labels for controller service {}
controller.publishService.enabled if true, the controller will set the endpoint records on the ingress objects to reflect those on the service true
controller.publishService.pathOverride override of the default publish-service name ""
controller.service.clusterIP internal controller cluster service IP ""
controller.service.externalIPs controller service external IP addresses. Do not set this when controller.hostNetwork is set to true and kube-proxy is used as there will be a port-conflict for port 80 []
controller.service.externalTrafficPolicy If controller.service.type is NodePort or LoadBalancer, set this to Local to enable source IP preservation "Cluster"
controller.service.healthCheckNodePort If controller.service.type is NodePort or LoadBalancer and controller.service.externalTrafficPolicy is set to Local, set this to the managed health-check port the kube-proxy will expose. If blank, a random port in the NodePort range will be assigned ""
controller.service.loadBalancerIP IP address to assign to load balancer (if supported) ""
controller.service.loadBalancerSourceRanges list of IP CIDRs allowed access to load balancer (if supported) []
controller.service.targetPorts.http Sets the targetPort that maps to the Ingress' port 80 80
controller.service.targetPorts.https Sets the targetPort that maps to the Ingress' port 443 443
controller.service.type type of controller service to create LoadBalancer
controller.service.nodePorts.http If controller.service.type is NodePort and this is non-empty, it sets the nodePort that maps to the Ingress' port 80 ""
controller.service.nodePorts.https If controller.service.type is NodePort and this is non-empty, it sets the nodePort that maps to the Ingress' port 443 ""
controller.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated 10
controller.livenessProbe.periodSeconds How often to perform the probe 10
controller.livenessProbe.timeoutSeconds When the probe times out 5
controller.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. 1
controller.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. 3
controller.livenessProbe.port The port number that the liveness probe will listen on. 10254
controller.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated 10
controller.readinessProbe.periodSeconds How often to perform the probe 10
controller.readinessProbe.timeoutSeconds When the probe times out 1
controller.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. 1
controller.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. 3
controller.readinessProbe.port The port number that the readiness probe will listen on. 10254
controller.stats.enabled if true, enable "vts-status" page false
controller.stats.service.annotations annotations for controller stats service {}
controller.stats.service.clusterIP internal controller stats cluster service IP ""
controller.stats.service.externalIPs controller service stats external IP addresses []
controller.stats.service.loadBalancerIP IP address to assign to load balancer (if supported) ""
controller.stats.service.loadBalancerSourceRanges list of IP CIDRs allowed access to load balancer (if supported) []
controller.stats.service.type type of controller stats service to create ClusterIP
controller.metrics.enabled if true, enable Prometheus metrics (controller.stats.enabled must be true as well) false
controller.metrics.service.annotations annotations for Prometheus metrics service {}
controller.metrics.service.clusterIP cluster IP address to assign to service ""
controller.metrics.service.externalIPs Prometheus metrics service external IP addresses []
controller.metrics.service.loadBalancerIP IP address to assign to load balancer (if supported) ""
controller.metrics.service.loadBalancerSourceRanges list of IP CIDRs allowed access to load balancer (if supported) []
controller.metrics.service.servicePort Prometheus metrics service port 9913
controller.metrics.service.targetPort Prometheus metrics target port 10254
controller.metrics.service.type type of Prometheus metrics service to create ClusterIP
controller.customTemplate.configMapName configMap containing a custom nginx template ""
controller.customTemplate.configMapKey configMap key containing the nginx template ""
controller.headers configMap key:value pairs containing the custom headers for Nginx {}
controller.updateStrategy allows setting of RollingUpdate strategy {}
defaultBackend.name name of the default backend component default-backend
defaultBackend.image.repository default backend container image repository registry.cn-hangzhou.aliyuncs.com/acs/defaultbackend
defaultBackend.image.tag default backend container image tag 1.4
defaultBackend.image.pullPolicy default backend container image pull policy IfNotPresent
defaultBackend.extraArgs Additional default backend container arguments {}
defaultBackend.tolerations node taints to tolerate (requires Kubernetes >=1.6) []
defaultBackend.affinity node/pod affinities (requires Kubernetes >=1.6) {}
defaultBackend.nodeSelector node labels for pod assignment {}
defaultBackend.podAnnotations annotations to be added to pods {}
defaultBackend.replicaCount desired number of default backend pods 1
defaultBackend.minAvailable minimum number of available default backend pods for PodDisruptionBudget 1
defaultBackend.resources default backend pod resource requests & limits {}
defaultBackend.service.annotations annotations for default backend service {}
defaultBackend.service.clusterIP internal default backend cluster service IP ""
defaultBackend.service.externalIPs default backend service external IP addresses []
defaultBackend.service.loadBalancerIP IP address to assign to load balancer (if supported) ""
defaultBackend.service.loadBalancerSourceRanges list of IP CIDRs allowed access to load balancer (if supported) []
defaultBackend.service.type type of default backend service to create ClusterIP
imagePullSecrets name of Secret resource containing private registry credentials nil
rbac.create If true, create & use RBAC resources false
rbac.serviceAccountName ServiceAccount to be used (ignored if rbac.create=true) default
revisionHistoryLimit The number of old history to retain to allow rollback. 10
tcp TCP service key:value pairs {}
udp UDP service key:value pairs {}
相关实践学习
巧用云服务器ECS制作节日贺卡
本场景带您体验如何在一台CentOS 7操作系统的ECS实例上,通过搭建web服务器,上传源码到web容器,制作节日贺卡网页。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
目录
相关文章
|
1月前
|
供应链 安全 Cloud Native
阿里云飞天企业版获【可信云·容器平台安全能力】先进级认证
阿里云飞天企业版容器系列产品获中国信息通信研究院【可信云·容器平台安全能力】先进级认证,这是飞天企业版容器产品获得《等保四级PaaS平台》和《 云原生安全配置基线规范V2.0》之后,本年度再一次获得行业权威认可,证明飞天企业版的容器解决方案具备符合行业标准的最高等级容器安全能力。
104 8
阿里云飞天企业版获【可信云·容器平台安全能力】先进级认证
|
1天前
|
监控 Kubernetes Cloud Native
基于阿里云容器服务Kubernetes版(ACK)的微服务架构设计与实践
本文介绍了如何基于阿里云容器服务Kubernetes版(ACK)设计和实现微服务架构。首先概述了微服务架构的优势与挑战,如模块化、可扩展性及技术多样性。接着详细描述了ACK的核心功能,包括集群管理、应用管理、网络与安全、监控与日志等。在设计基于ACK的微服务架构时,需考虑服务拆分、通信、发现与负载均衡、配置管理、监控与日志以及CI/CD等方面。通过一个电商应用案例,展示了用户服务、商品服务、订单服务和支付服务的具体部署步骤。最后总结了ACK为微服务架构提供的强大支持,帮助应对各种挑战,构建高效可靠的云原生应用。
|
6天前
|
弹性计算 人工智能 资源调度
DeepSeek大解读系列公开课上新!阿里云专家主讲云上智能算力、Kubernetes容器服务、DeepSeek私有化部署
智猩猩「DeepSeek大解读」系列公开课第三期即将开讲,聚焦阿里云弹性计算助力大模型训练与部署。三位专家将分别讲解智能算力支撑、Kubernetes容器服务在AI场景的应用实践、以及DeepSeek一键部署和多渠道应用集成,分享云计算如何赋能大模型发展。欲观看直播,可关注【智猩猩GenAI视频号】预约。 (239字符)
|
1月前
|
监控 安全 Cloud Native
阿里云容器服务&云安全中心团队荣获信通院“云原生安全标杆案例”奖
2024年12月24日,阿里云容器服务团队与云安全中心团队获得中国信息通信研究院「云原生安全标杆案例」奖。
|
15天前
|
Ubuntu API 网络虚拟化
ubuntu22 编译安装docker,和docker容器方式安装 deepseek
本脚本适用于Ubuntu 22.04,主要功能包括编译安装Docker和安装DeepSeek模型。首先通过Apt源配置安装Docker,确保网络稳定(建议使用VPN)。接着下载并配置Docker二进制文件,创建Docker用户组并设置守护进程。随后拉取Debian 12镜像,安装系统必备工具,配置Ollama模型管理器,并最终部署和运行DeepSeek模型,提供API接口进行交互测试。
241 15
|
2月前
|
监控 NoSQL 时序数据库
《docker高级篇(大厂进阶):7.Docker容器监控之CAdvisor+InfluxDB+Granfana》包括:原生命令、是什么、compose容器编排,一套带走
《docker高级篇(大厂进阶):7.Docker容器监控之CAdvisor+InfluxDB+Granfana》包括:原生命令、是什么、compose容器编排,一套带走
317 78
|
1月前
|
Ubuntu NoSQL Linux
《docker基础篇:3.Docker常用命令》包括帮助启动类命令、镜像命令、有镜像才能创建容器,这是根本前提(下载一个CentOS或者ubuntu镜像演示)、容器命令、小总结
《docker基础篇:3.Docker常用命令》包括帮助启动类命令、镜像命令、有镜像才能创建容器,这是根本前提(下载一个CentOS或者ubuntu镜像演示)、容器命令、小总结
182 6
《docker基础篇:3.Docker常用命令》包括帮助启动类命令、镜像命令、有镜像才能创建容器,这是根本前提(下载一个CentOS或者ubuntu镜像演示)、容器命令、小总结
|
2月前
|
监控 Docker 容器
在Docker容器中运行打包好的应用程序
在Docker容器中运行打包好的应用程序
|
2月前
|
Ubuntu Linux 开发工具
docker 是什么?docker初认识之如何部署docker-优雅草后续将会把产品发布部署至docker容器中-因此会出相关系列文章-优雅草央千澈
Docker 是一个开源的容器化平台,允许开发者将应用程序及其依赖项打包成标准化单元(容器),确保在任何支持 Docker 的操作系统上一致运行。容器共享主机内核,提供轻量级、高效的执行环境。本文介绍如何在 Ubuntu 上安装 Docker,并通过简单步骤验证安装成功。后续文章将探讨使用 Docker 部署开源项目。优雅草央千澈 源、安装 Docker 包、验证安装 - 适用场景:开发、测试、生产环境 通过以上步骤,您可以在 Ubuntu 系统上成功安装并运行 Docker,为后续的应用部署打下基础。
99 8
docker 是什么?docker初认识之如何部署docker-优雅草后续将会把产品发布部署至docker容器中-因此会出相关系列文章-优雅草央千澈
|
2月前
|
存储 Kubernetes 开发者
容器化时代的领航者:Docker 和 Kubernetes 云原生时代的黄金搭档
Docker 是一种开源的应用容器引擎,允许开发者将应用程序及其依赖打包成可移植的镜像,并在任何支持 Docker 的平台上运行。其核心概念包括镜像、容器和仓库。镜像是只读的文件系统,容器是镜像的运行实例,仓库用于存储和分发镜像。Kubernetes(k8s)则是容器集群管理系统,提供自动化部署、扩展和维护等功能,支持服务发现、负载均衡、自动伸缩等特性。两者结合使用,可以实现高效的容器化应用管理和运维。Docker 主要用于单主机上的容器管理,而 Kubernetes 则专注于跨多主机的容器编排与调度。尽管 k8s 逐渐减少了对 Docker 作为容器运行时的支持,但 Doc
193 5
容器化时代的领航者:Docker 和 Kubernetes 云原生时代的黄金搭档

热门文章

最新文章

相关产品

  • 容器计算服务