AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
Voyager
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Ingress
    Cert Manager
  • Voyager Operator
    Voyager CLI

New to Voyager? Please start here.

Placement of Ingress Pods

Voyager has rich support for how HAProxy pods are placed on cluster nodes. Please check here to understand Kubernetes’ support for pod placement.

Before You Begin

At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube.

Now, install Voyager operator in your cluster following the steps here.

To keep things isolated, this tutorial uses a separate namespace called demo throughout this tutorial. Run the following command to prepare your cluster for this tutorial:

$ curl -fSsL https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/deploy-servers.sh | bash
+ kubectl create namespace demo
namespace "demo" created
+ kubectl run nginx --image=nginx --namespace=demo
deployment "nginx" created
+ kubectl expose deployment nginx --name=web --namespace=demo --port=80 --target-port=80
service "web" exposed
+ kubectl run echoserver --image=gcr.io/google_containers/echoserver:1.4 --namespace=demo
deployment "echoserver" created
+ kubectl expose deployment echoserver --name=rest --namespace=demo --port=80 --target-port=8080
service "rest" exposed

Choosing Workload Kind

By default Voyager will run HAProxy pods using Deployment. Since 8.0.1 release, Voyager can run HAProxy pods using either Deployment or DaemonSet. Set the annotation ingress.appscode.com/workload-kind on an ingress object to either Deployment or DaemonSet to enable this feature. If this annotation is missing, HAProxy pods will be run using a Deployment as before.

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/workload-kind: DaemonSet

Using Node Selector

Node selectors can be used assign HAProxy ingress pods to specific nodes. Below is an example where ingress pods are run on node with nameminikube.

kubectl apply -f https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/ingress-w-node-selector.yaml

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  nodeSelector:
    kubernetes.io/hostname: minikube
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80

If you are using official networking.k8s.io/v1 ingress api group, use ingress.appscode.com/node-selector annotation to provide the selectors. For example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
    ingress.appscode.com/node-selector: '{"kubernetes.io/hostname": "minikube"}'
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

Using Pod Anti-affinity

Affinity rules can be used assign HAProxy ingress pods to specific nodes or ensure that 2 separate HAProxy ingress pods are not placed on same node. Affinity rules are set via spec.affinity field in Voyager Ingress CRD. Below is an example where ingress pods are spread over run on node with nameminikube.

kubectl apply -f https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/ingress-w-pod-anti-affinity.yaml

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-pod-anti-affinity
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: origin
            operator: In
            values:
            - voyager
          - key: origin-name
            operator: In
            values:
            - voyager-ingress-w-pod-anti-affinity
        topologyKey: 'kubernetes.io/hostname'

Using Taints and Toleration

Using taints and toleration, you can run voyager pods on dedicated nodes.

# taint nodes where only HAProxy ingress pods will run
kubectl taint nodes minikube IngressOnly=true:NoSchedule

kubectl apply -f https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/ingress-w-toleration.yaml

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-toleration
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80
  tolerations:
  - key: IngressOnly
    operator: Equal
    value: 'true'
    effect: NoSchedule

If you are using official networking.k8s.io/v1 ingress api group, use ingress.appscode.com/tolerations annotation to provide the toleration information. For example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-w-toleration
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
    ingress.appscode.com/tolerations: '[{"key": "IngressOnly", "operator": "Equal", "value": "true", "effect": "NoSchedule"}]'
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

You can use these various option in combination with each other to achieve desired result. Say, you want to run your HAProxy pods on master instances. This can be done using an Ingress like below:

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  nodeSelector:
    node-role.kubernetes.io/master: ""
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Exists

What's on this Page

Search
Improve This Page