以最新版的nginx-ingress-controller:0.30.0为例 

高可用Ingress 架构如下：

打开 https://github.com/kubernetes/ingress-nginx/blob/master/deploy/static/mandatory.yaml 然后Raw下载mandatory.yaml，修改其中的 nginx-ingress-controller 部分，也就是官网上的 with-rbac.yaml

1、修改Deployment为DaemonSet，并注释掉副本数

2、启用hostNetwork网络，并指定运行节点

hostNetwork暴露ingress-nginx controller的相关业务端口到主机，这样node节点主机所在网络的其他主机，都可以通过该端口访问到此应用程序。

nodeSelector指定之前添加ingress-controller=true标签的node

3、修改镜像地址

4、增加master节点容忍（可选）

tolerations: #增加容忍，可分配到master节点
- key: "node-role.kubernetes.io/master"
  operator: "Exists"
  effect: "NoSchedule"

修改完成后：

apiVersion: apps/v1

#kind: Deployment

kind: DaemonSet

metadata:

  name: nginx-ingress-controller

  namespace: ingress-nginx

  labels:

    k8s-app: ingress-controller

spec:

  #replicas: 1

  selector:

    matchLabels:

      k8s-app: ingress-controller

  template:

    metadata:

      labels:

        k8s-app: ingress-controller

      annotations:

        prometheus.io/port: "10254"

        prometheus.io/scrape: "true"

    spec:

      # wait up to five minutes for the drain of connections

      terminationGracePeriodSeconds: 300

      serviceAccountName: nginx-ingress-serviceaccount

      hostNetwork: true

      nodeSelector:

        ingress-controller: "true"

      tolerations: #增加容忍，可分配到master节点

        - key: "node-role.kubernetes.io/master"

          operator: "Exists"

          effect: "NoSchedule"

      containers:

        - name: nginx-ingress-controller

          image: registry-vpc.cn-beijing.aliyuncs.com/base/nginx-ingress-controller:0.30.0

          args:

            - /nginx-ingress-controller

            - --configmap=$(POD_NAMESPACE)/nginx-configuration

            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services

            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services

            - --publish-service=$(POD_NAMESPACE)/ingress-nginx

            - --annotations-prefix=nginx.ingress.kubernetes.io

          securityContext:

            allowPrivilegeEscalation: true

            capabilities:

              drop:

                - ALL

              add:

                - NET_BIND_SERVICE

            # www-data -> 101

            runAsUser: 101

          env:

            - name: POD_NAME

              valueFrom:

                fieldRef:

                  fieldPath: metadata.name

            - name: POD_NAMESPACE

              valueFrom:

                fieldRef:

                  fieldPath: metadata.namespace

          ports:

            - name: http

              containerPort: 80

              #protocol: TCP

            - name: https

              containerPort: 443

              #protocol: TCP

          livenessProbe:

            failureThreshold: 3

            httpGet:

              path: /healthz

              port: 10254

              scheme: HTTP

            initialDelaySeconds: 10

            periodSeconds: 10

            successThreshold: 1

            timeoutSeconds: 10

          readinessProbe:

            failureThreshold: 3

            httpGet:

              path: /healthz

              port: 10254

              scheme: HTTP

            periodSeconds: 10

            successThreshold: 1

            timeoutSeconds: 10

          lifecycle:

            preStop:

              exec:

                command:

                  - /wait-shutdown

节点打标签：

# kubectl label node master-92 ingress-controller="true"

此时再使用keepalived或外部slb进行高可用设置即可。