New to Voyager? Please start here.

Placement of Ingress Pods

Voyager has rich support for how HAProxy pods are placed on cluster nodes. Please check here to understand Kubernetes’ support for pod placement.

Before You Begin

At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube.

Now, install Voyager operator in your cluster following the steps here.

To keep things isolated, this tutorial uses a separate namespace called demo throughout this tutorial. Run the following command to prepare your cluster for this tutorial:

$ curl -fSsL https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/deploy-servers.sh | bash
+ kubectl create namespace demo
namespace "demo" created
+ kubectl run nginx --image=nginx --namespace=demo
deployment "nginx" created
+ kubectl expose deployment nginx --name=web --namespace=demo --port=80 --target-port=80
service "web" exposed
+ kubectl run echoserver --image=gcr.io/google_containers/echoserver:1.4 --namespace=demo
deployment "echoserver" created
+ kubectl expose deployment echoserver --name=rest --namespace=demo --port=80 --target-port=8080
service "rest" exposed

Choosing Workload Kind

By default Voyager will run HAProxy pods using Deployment. Since 8.0.1 release, Voyager can run HAProxy pods using either Deployment or DaemonSet. Set the annotation ingress.appscode.com/workload-kind on an ingress object to either Deployment or DaemonSet to enable this feature. If this annotation is missing, HAProxy pods will be run using a Deployment as before.

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/workload-kind: DaemonSet

Using Node Selector

Node selectors can be used assign HAProxy ingress pods to specific nodes. Below is an example where ingress pods are run on node with nameminikube.

kubectl apply -f https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/ingress-w-node-selector.yaml
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  nodeSelector:
    kubernetes.io/hostname: minikube
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80

If you are using official networking.k8s.io/v1 ingress api group, use ingress.appscode.com/node-selector annotation to provide the selectors. For example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
    ingress.appscode.com/node-selector: '{"kubernetes.io/hostname": "minikube"}'
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

Using Pod Anti-affinity

Affinity rules can be used assign HAProxy ingress pods to specific nodes or ensure that 2 separate HAProxy ingress pods are not placed on same node. Affinity rules are set via spec.affinity field in Voyager Ingress CRD. Below is an example where ingress pods are spread over run on node with nameminikube.

kubectl apply -f https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/ingress-w-pod-anti-affinity.yaml
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-pod-anti-affinity
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: origin
            operator: In
            values:
            - voyager
          - key: origin-name
            operator: In
            values:
            - voyager-ingress-w-pod-anti-affinity
        topologyKey: 'kubernetes.io/hostname'

Using Taints and Toleration

Using taints and toleration, you can run voyager pods on dedicated nodes.

# taint nodes where only HAProxy ingress pods will run
kubectl taint nodes minikube IngressOnly=true:NoSchedule

kubectl apply -f https://raw.githubusercontent.com/voyagermesh/voyager/v0.6.1/docs/examples/ingress/pod-placement/ingress-w-toleration.yaml
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-toleration
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80
  tolerations:
  - key: IngressOnly
    operator: Equal
    value: 'true'
    effect: NoSchedule

If you are using official networking.k8s.io/v1 ingress api group, use ingress.appscode.com/tolerations annotation to provide the toleration information. For example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-w-toleration
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
    ingress.appscode.com/tolerations: '[{"key": "IngressOnly", "operator": "Equal", "value": "true", "effect": "NoSchedule"}]'
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

You can use these various option in combination with each other to achieve desired result. Say, you want to run your HAProxy pods on master instances. This can be done using an Ingress like below:

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: ingress-w-node-selector
  namespace: demo
  annotations:
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: 'true'
    ingress.appscode.com/replicas: '2'
spec:
  nodeSelector:
    node-role.kubernetes.io/master: ""
  rules:
  - http:
      paths:
      - path: /
        backend:
          service:
            name: rest
            port:
              number: 80
      - path: /web
        backend:
          service:
            name: web
            port:
              number: 80
  tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Exists