ingress: Use Deployment+Service with externalIPs
Now that we have `keepalived` managing the "virtual" IP address for the ingress controller, we can change _ingress-nginx_ to run as a Deployment rather than a DaemonSet. It no longer needs to use the host network namespace, as `kube-proxy` will route all traffic sent to the configured external IP address to the controller pods. Using the _Local_ external traffic policy disables NAT, so incoming traffic is seen by the nginx unmodified.pull/37/head
parent
e7ea2b0659
commit
fefbaa9991
|
|
@ -5,56 +5,34 @@ namespace: ingress-nginx
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml
|
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml
|
||||||
- tcp-services.yaml
|
|
||||||
|
replicas:
|
||||||
|
- name: ingress-nginx-controller
|
||||||
|
count: 2
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- patch: |-
|
- patch: |-
|
||||||
$patch: delete
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: ingress-nginx-controller
|
name: ingress-nginx-controller
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
|
spec:
|
||||||
|
externalIPs:
|
||||||
|
- 172.30.0.147
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
- patch: |-
|
- patch: |-
|
||||||
- op: replace
|
|
||||||
path: /kind
|
|
||||||
value: DaemonSet
|
|
||||||
- op: remove
|
|
||||||
path: /spec/template/spec/containers/0/args/1
|
|
||||||
- op: add
|
|
||||||
path: /spec/template/spec/containers/0/args/-
|
|
||||||
value: >-
|
|
||||||
--report-node-internal-ip-address
|
|
||||||
- op: add
|
- op: add
|
||||||
path: /spec/template/spec/containers/0/args/-
|
path: /spec/template/spec/containers/0/args/-
|
||||||
value: >-
|
value: >-
|
||||||
--default-ssl-certificate=default/pyrocufflink-cert
|
--default-ssl-certificate=default/pyrocufflink-cert
|
||||||
- op: add
|
|
||||||
path: /spec/template/spec/containers/0/args/-
|
|
||||||
value: >-
|
|
||||||
--tcp-services-configmap=ingress-nginx/tcp-services
|
|
||||||
target:
|
target:
|
||||||
group: apps
|
group: apps
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
name: ingress-nginx-controller
|
name: ingress-nginx-controller
|
||||||
version: v1
|
version: v1
|
||||||
|
|
||||||
- patch: |-
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
name: ingress-nginx-controller
|
|
||||||
namespace: ingress-nginx
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
|
||||||
hostNetwork: true
|
|
||||||
nodeSelector:
|
|
||||||
kubernetes.io/role: ingress
|
|
||||||
|
|
||||||
|
|
||||||
- patch: |-
|
- patch: |-
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: IngressClass
|
kind: IngressClass
|
||||||
|
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: tcp-services
|
|
||||||
data:
|
|
||||||
'8883': home-assistant/mosquitto:8883
|
|
||||||
'5671': rabbitmq/rabbitmq:5671
|
|
||||||
Loading…
Reference in New Issue