You can choose one of the following installation methods to install Nginx-ingress in TKE based on your business needs.
Nginx is a key traffic access gateway. It is recommended that you use the specified node pool to deploy Nginx-Ingress rather than deploy Nginx and other services in the same node. The deployment architecture is shown in the figure below:
The installation directions are as follows:
The capability of node pool scaling is supported by using this installation method. You can implement the scaling of Nginx replicas through adjusting the number of node pools.
Prepare the node pool for deploying Nginx-Ingress, and set the taint (to prevent other Pods from scheduling this node pool). For how to deploy node pool, see Node Pool Overview.
Install NginxIngress Addon in the cluster.
In the details page of the created Nginx Ingress addon, click Add Nginx Ingress Instance (a cluster can have multiple Nginx instances at the same time).
In the pop-up window, select Specify a Node Pool as DaemonSet to Deploy for Deploy Modes and set other parameters as needed.
If you use Deployment + HPA to deploy Nginx-Ingress, you can configure the taint and toleration to implement the decentralized deployment of Nginx and service Pod based on your business needs. Meanwhile, with HPA, Nginx can realize auto-scaling according to metrics such as CPU and memory. The deployment architecture is shown in the figure below:
If you only deploy Nginx in the cluster, you need to configure a frontend LB for the Nginx to receive the external traffic. TKE now provides productized installation capabilities and you can select different deployment mode based on your business needs.
If the cluster is in VPC-CNI mode, it is recommended that you use Service with CLB-to-Nginx direct connection. The following figure shows an example of the load deployed by the node pool.
This solution, with high performance and without manual maintenance of CLB, is the optimal solution. It requires the cluster to enable VPC-CNI. This solution is recommended for the cluster that has configured the VPC-CNI network plug-in, or the Global Router network plug-in with VPC-CNI enabled (both modes are enabled).
If the cluster does not support VPC-CNI mode network, you can use Service of general Loadbalancer type to access traffic.
Currently, by default, a Service of LoadBalancer type on TKE is implemented based on NodePort. The CLB binds the NodePort of each node as the RS (Real Server) and forwards traffic to the NodePort of each node, and then through Iptables or IPVS, nodes route requests to the corresponding backend Pod of the Service. This is the simplest solution, but traffic passes through a layer of NodePort, so there’s one more layer for forwarding, which leads to the following issues:
This mode cannot be directly operated on console. You can manually modify the Yaml to configure the network mode of the Nginx workload to HostNetwork. In HostNetwork network mode, user can create load balancer to forward to the corresponding port of the node.
Note that when hostNetwork is used, to avoid port monitoring conflicts, Nginx-ingress Pods cannot be scheduled to the same node.
In the details page of Nginx-ingress addon, you can select a Nginx-ingress instance to edit YAML in Nginx Configuration tab.
By default, Nginx will not be restarted after the parameters are configured and there is a slight delay in the effect time.
apiVersion: v1 kind: ConfigMap metadata: name: alpha-ingress-nginx-controller namespace: kube-system data: access-log-path: /var/log/nginx/nginx_access.log error-log-path: /var/log/nginx/nginx_error.log log-format-upstream: $remote_addr - $remote_user [$time_iso8601] $msec "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] [$upstream_addr] [$upstream_response_length] [$upstream_response_time] [$upstream_status] $req_id keep-alive-requests: "10000" max-worker-connections: "65536" upstream-keepalive-connections: "200"
- Please do not modify 'access-log-path', 'error-log-path' and 'log-format-upstream', otherwise, the CLS log collection will be affected.
- If you need to configure different parameters for your business, see Official Document.