I've setup the ingress-nginx Helm chart to setup ingress controllers on my cluster, however by default it only runs a single pod instance.
Since we're running on Digital Ocean's k8s cluster, we're running with externalTrafficPolicy: Local to allow cert-manager to access other pods internally, and also so we have less network hops for requests.
For resilience we've configured our backend services to run on at least 2 nodes, so it makes sense that we have ingress controllers on each of the nodes that have a backend pod running on it, to avoid unnecessary inter-node traffic.
How would we go about configuring the ingress controller setup to ensure that we have a controller pod on each of the nodes that the backend pods are running on?
If you want to run the POD on each node you can use the daemonset.
Deamon set : https://github.com/nginxinc/kubernetes-ingress/blob/master/deployments/helm-chart/templates/controller-daemonset.yaml
now if you want to make sure Nginx ingress controller POD only run on Nodes on which your backend service running, you can use affinity and anti-affinity.
Affinity example :
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: role
operator: In
values:
- app-1
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: component
operator: In
values:
- nginx-ms
topologyKey: "kubernetes.io/1-hostname"You can read more and find example at : https://github.com/infracloudio/kubernetes-scheduling-examples/blob/master/podAffinity/README.md