欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

阿里云k8s集群使用ingress配置時(shí)間超時(shí)的參數(shù)

 更新時(shí)間:2024年10月31日 11:36:55   作者:天草二十六_簡村人  
本文主要介紹了在使用阿里云k8s集群時(shí)使用ingress進(jìn)行參數(shù)配置,例如設(shè)置http超時(shí)時(shí)間等,詳細(xì)講解了k8s容器部署的Nginx和ingress如何設(shè)置自定義的參數(shù)配置,感興趣的可以了解一下

一、背景

在使用阿里云k8s集群的時(shí)候,內(nèi)網(wǎng)API網(wǎng)關(guān),剛開始是用的是Nginx,后面又搭建了ingress。
區(qū)別于nginx配置,ingress又該怎么設(shè)置參數(shù)呢?比如http超時(shí)時(shí)間等等。

本文會(huì)先梳理nginx是如何配置,再對(duì)比ingress的配置方式。
示例以超時(shí)時(shí)間的設(shè)置。

二、nginx配置

在k8s部署兩個(gè)節(jié)點(diǎn)的Nginx容器

在這里插入圖片描述

      containers:
        - env:
            - name: aliyun_logs_nginx-log
              value: /var/log/nginx/*.log
          image: nginx
          imagePullPolicy: Always
          name: xh-nginx
          ports:
            - containerPort: 80
              protocol: TCP
          resources:
            limits:
              cpu: '2'
              memory: 4Gi
            requests:
              cpu: 250m
              memory: 2Gi
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /etc/nginx/nginx.conf
              name: nginx
              subPath: nginx.conf
            - mountPath: /etc/nginx/conf.d
              name: nginx-cm
            - mountPath: /var/log/nginx/
              name: volume-k8s-inner-nginx-log
      volumes:
        - configMap:
            defaultMode: 420
            items:
              - key: nginx.conf
                path: nginx.conf
            name: nginx-conf
          name: nginx
        - configMap:
            defaultMode: 420
            name: nginx-cm
          name: nginx-cm
        - hostPath:
            path: /var/log/nginx
            type: Directory
          name: volume-k8s-inner-nginx-log
        - emptyDir: {}
          name: volumn-sls-16578614717160

這里把/etc/nginx/nginx.conf和下面的/etc/nginx/conf.d/*.conf分別掛載到configMap

在這里插入圖片描述

1、nginx-conf下的新增了一個(gè)子項(xiàng)nginx.conf

對(duì)應(yīng)容器里的文件/etc/nginx/nginx.conf

在這里插入圖片描述

詳情見下:

user  nginx;
worker_processes  auto;

worker_cpu_affinity auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

worker_rlimit_nofile 10240;

events {
    use epoll;
    worker_connections  10240;
}


http {
    underscores_in_headers on;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 傳遞http header值
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
# 設(shè)置log格式
    log_format  access '$proxy_add_x_forwarded_for $time_local $request $request_time "$upstream_response_time" '
                  '$status $body_bytes_sent $host "$http_user_agent" $bytes_sent $request_length "$upstream_addr" ';

    access_log  /var/log/nginx/access.log  access;

    charset  utf-8;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 500m;

    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;

    keepalive_timeout  600;
    server {
        listen       80;
        server_name  nginx_status;
        location /ngx_status {
        stub_status;
                          }
            }
    fastcgi_connect_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    include /etc/nginx/conf.d/*.conf;
    }

2、nginx-cm

對(duì)應(yīng)容器里的文件/etc/nginx/conf.d/*.conf

在這里插入圖片描述

下面以常見的用戶服務(wù)為示例:

upstream user-service-cloud-cluster {
  server 172.16.17.9:8081 weight=50 max_fails=2 fail_timeout=10s;
}
server
{
  listen       80;
  server_name  user.xxx.cloud;
  location / {
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_pass http://user-service-cloud-cluster;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header HTTP_HOST $host;
     proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
     proxy_set_header HTTP_X_FORWARDED_HOST $host;
     proxy_set_header X-Forwarded-Host $host;
     proxy_set_header X-Forwarded-Server $host;
     proxy_set_header X-Forwarded-HTTPS 0;
  }
  access_log  /var/log/nginx/user-service_cloud_access.log  access;
  error_log  /var/log/nginx/user-service_cloud_error.log;
 }

3、小節(jié)

當(dāng)你修改了nginx的配置,別忘記了進(jìn)入Nginx容器進(jìn)行reload,以使配置生效。

nginx -s reload

在這里插入圖片描述

三、ingress配置

除了已知的一些區(qū)別,它和Nginx的一個(gè)最大不同是,不用手動(dòng)去reload才能讓配置生效。

同樣部署兩個(gè)ingress節(jié)點(diǎn)

在這里插入圖片描述

建議你使用Helm安裝ingress,簡單方便。具體就不在本文贅述了。

下面再看下它的yaml詳情:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ingress-ack-ingress-nginx-v1-controller
  namespace: kube-system
spec:
  progressDeadlineSeconds: 600
  replicas: 2
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: nginx-ingress
      app.kubernetes.io/name: ack-ingress-nginx-v1
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: nginx-ingress
        app.kubernetes.io/name: ack-ingress-nginx-v1
    spec:
      containers:
        - args:
            - /nginx-ingress-controller
            - >-
              --publish-service=$(POD_NAMESPACE)/nginx-ingress-ack-ingress-nginx-v1-controller-internal
            - '--election-id=ingress-controller-leader-ack-nginx'
            - '--controller-class=k8s.io/ack-ingress-nginx'
            - '--ingress-class=ack-nginx'
            - >-
              --configmap=$(POD_NAMESPACE)/nginx-ingress-ack-ingress-nginx-v1-controller
            - '--validating-webhook=:8443'
            - '--validating-webhook-certificate=/usr/local/certificates/cert'
            - '--validating-webhook-key=/usr/local/certificates/key'
            - '--v=2'
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            - name: LD_PRELOAD
              value: /usr/local/lib/libmimalloc.so
          image: >-
            registry-vpc.cn-hangzhou.aliyuncs.com/acs/aliyun-ingress-controller:v1.8.0-aliyun.1
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          name: controller
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              name: https
              protocol: TCP
            - containerPort: 8443
              name: webhook
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          resources:
            requests:
              cpu: 100m
              memory: 90Mi
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              add:
                - NET_BIND_SERVICE
              drop:
                - ALL
            runAsUser: 101
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /usr/local/certificates/
              name: webhook-cert
              readOnly: true
            - mountPath: /etc/localtime
              name: localtime
              readOnly: true
      dnsPolicy: ClusterFirst
      initContainers:
        - command:
            - /bin/sh
            - '-c'
            - |
              if [ "$POD_IP" != "$HOST_IP" ]; then
              mount -o remount rw /proc/sys
              sysctl -w net.core.somaxconn=65535
              sysctl -w net.ipv4.ip_local_port_range="1024 65535"
              sysctl -w kernel.core_uses_pid=0
              fi
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: status.podIP
            - name: HOST_IP
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: status.hostIP
          image: 'registry-vpc.cn-hangzhou.aliyuncs.com/acs/busybox:v1.29.2'
          imagePullPolicy: IfNotPresent
          name: init-sysctl
          resources: {}
          securityContext:
            capabilities:
              add:
                - SYS_ADMIN
              drop:
                - ALL
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: nginx-ingress-ack-ingress-nginx-v1
      serviceAccountName: nginx-ingress-ack-ingress-nginx-v1
      terminationGracePeriodSeconds: 300
      tolerations:
        - effect: NoSchedule
          key: node-role.alibabacloud.com/addon
          operator: Exists
      volumes:
        - name: webhook-cert
          secret:
            defaultMode: 420
            secretName: nginx-ingress-ack-ingress-nginx-v1-admission
        - hostPath:
            path: /etc/localtime
            type: File
          name: localtime

這里使用了一個(gè)初始化容器initContainers,它會(huì)對(duì)系統(tǒng)做一個(gè)個(gè)性化配置。

sysctl -w net.core.somaxconn=65535
sysctl -w net.ipv4.ip_local_port_range="1024 65535"
sysctl -w kernel.core_uses_pid=0

其次,HOST_IP和POD_IP都從K8s環(huán)境變量中讀取,因?yàn)樗鼈兪莿?dòng)態(tài)的,非固定不變。

必要的健康檢測,配置了livenessProbe和readinessProbe,詳情見上。

1、configMap配置

在這里插入圖片描述

日志格式,見下:

在這里插入圖片描述

其他的配置這里就不一一列舉,總之,它支持你通過變量進(jìn)行配置就行。

它就對(duì)應(yīng)上文的nginx.conf文件。

2、創(chuàng)建Ingress路由

在這里插入圖片描述

在這里插入圖片描述

操作比較簡單,下面要切入到本文的重點(diǎn)。

四、Ingress設(shè)置超時(shí)時(shí)間

要說Ingress如何設(shè)置超時(shí)時(shí)間前,先看一看nginx是如何設(shè)置。

默認(rèn)是60秒,現(xiàn)在業(yè)務(wù)上有需求調(diào)整為600秒。
請(qǐng)看下文的具體配置:

1、nginx配置

upstream xxx-cloud-cluster {
  server 172.16.17.6:8080 weight=9 max_fails=2 fail_timeout=10s;
}
server
{
  listen       80;
  server_name  image-xxx.xx.cloud;
  location / {
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_pass http://xxx-cloud-cluster;
     proxy_redirect off;
     proxy_set_header Host $host;
     # 增加下面三行
     proxy_connect_timeout 600;
     proxy_send_timeout 600;
     proxy_read_timeout 600;
     
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header HTTP_HOST $host;
     proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
     proxy_set_header HTTP_X_FORWARDED_HOST $host;
     proxy_set_header X-Forwarded-Host $host;
     proxy_set_header X-Forwarded-Server $host;
     proxy_set_header X-Forwarded-HTTPS 0;
  }
  access_log  /var/log/nginx/xxx_access.log  access;
  error_log  /var/log/nginx/xxx_error.log;
 }

2、ingress配置

參數(shù)設(shè)置通過注解配置:
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;

在這里插入圖片描述

在這里插入圖片描述

yaml詳情見下:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-connect-timeout: '600'
    nginx.ingress.kubernetes.io/proxy-read-timeout: '600'
    nginx.ingress.kubernetes.io/proxy-send-timeout: '600'
  labels:
    ingress-controller: nginx
  name: image-xxx
  namespace: java-service
spec:
  ingressClassName: ack-nginx
  rules:
    - host: image.xxx.cloud
      http:
        paths:
          - backend:
              service:
                name: image-xxx
                port:
                  number: 8080
            path: /
            pathType: ImplementationSpecific

五、總結(jié)

這里只是以設(shè)置超時(shí)時(shí)間為例,講述k8s容器部署的Nginx和ingress,如何設(shè)置一定自定義的參數(shù)配置。

當(dāng)然,這里沒有講述怎么安裝它們,更多的是梳理了一下如何配置,側(cè)重于使用這塊。

到此這篇關(guān)于阿里云k8s集群使用ingress配置時(shí)間超時(shí)的參數(shù)的文章就介紹到這了,更多相關(guān)阿里云 ingress配置時(shí)間超時(shí)內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

最新評(píng)論