helm部署公网LB ingress-nginx

环境信息

1. Kubernetes：v1.20.6
2. Helm：v3.5.2
3. Chart: ingress-nginx-3.34
4. ingress-nginx/controller: v0.47.0

部署一个公网 LB 版的 nginx ingress

添加 Helm仓库

这里选用 kubernetes 提供的chart仓库

helm repo add ingress https://kubernetes.github.io/ingress-nginx
helm repo update

同步海外镜像

如果在国内拉取官方镜像导致部署失败，可以将ingress-nginx需要的镜像推送到自有镜像仓库，然后使用自有镜像仓库参考操作如下： 将官方镜像上传到自有镜像仓库, 以仓库地址: uhub.service.ucloud.cn/ucloud_pts为例,需要同步镜像列表如下:

k8s.gcr.io/ingress-nginx/controller:v0.47.0
k8s.gcr.io/defaultbackend-amd64:1.5
docker.io/jettech/kube-webhook-certgen:v1.5.1

关于docker pull tag push 操作可以参考：

• https://docs.docker.com/engine/reference/commandline/pull/
• https://docs.docker.com/engine/reference/commandline/tag/
• https://docs.docker.com/engine/reference/commandline/push/

创建 docker-registry类型的secrets

kubectl create namespace ingress-nginx
kubectl delete secret registry-secret-name -n ingress-nginx
kubectl create secret docker-registry registry-secret-name \
--namespace=ingress-nginx                                  \
--docker-server=uhub.service.ucloud.cn/ucloud_pts          \
--docker-username='xxxxxxxxx'                              \
--docker-password='xxxxxxxxx'

自定义配置，完成ingress-nginx部署

cat > ingress-value.yaml << EOF
imagePullSecrets:
  - name: registry-secret-name
defaultBackend:
  enabled: true
  name: defaultbackend
  image:
    registry: uhub.service.ucloud.cn/ucloud_pts
    image: defaultbackend-amd64
    tag: "1.5"
controller:
  name: controller
  ingressClass: nginx
  config:
    use-http2: true   
  image:
    repository: uhub.service.ucloud.cn/ucloud_pts/controller
    tag: "v0.47.0"
    digest: sha256:c892e4e39885a16324d38b213d0dd42f56d183e93836b28d051c5476b1418bc1
  admissionWebhooks:
    patch:
      enabled: true
      image:
        repository: uhub.service.ucloud.cn/ucloud_pts/kube-webhook-certgen
EOF
helm upgrade --install ingress-nginx ingress/ingress-nginx \
-n ingress-nginx --values=ingress-value.yaml

其它可选配置

1. 如果需要开启promethus metrics 可以在 ingress-value.yaml 文件追加如下配置

controller:
  metrics:
    port: 10254
    enabled: true
    service:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "10254"
      servicePort: 10254
      type: LoadBalancer

然后执行更新即可：

helm upgrade --install ingress-nginx ingress/ingress-nginx \
-n ingress-nginx --values=ingress-value.yaml

2. 如果需要开启 TCP/UCP 端口映射，可以在 ingress-value.yaml 文件追加如下配置：

tcp:
  8080: "default/example-tcp-svc:9000"
udp:
  53: "kube-system/kube-dns:53"

然后执行更新即可：

helm upgrade --install ingress-nginx ingress/ingress-nginx \
-n ingress-nginx --values=ingress-value.yaml

参考
https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp
https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp

验证部署

执行命令：helm list -A 返回类似如下部分的结果，说明部署成功

NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
ingress-nginx   ingress-nginx   1               2021-07-20 11:05:05.317954426 +0800 CST deployed        ingress-nginx-3.34.0    0.47.0