在 Kubernetes ingress Nginx 中编辑 max_conns?
Edit max_conns in Kubernetes ingress Ngnix?
我正在尝试限制 Nginx ingress 中服务器的并发连接数。
Ngnix 入口是否支持 max_conns?我该如何编辑或添加它?
max_conns=number
limits the maximum number of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
使用 max_conn
的 Nginx conf 示例
upstream backend {
server backend1.example.com max_conns=3;
server backend2.example.com;}
谢谢
根据https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#rate-limiting,有限制连接数的注解:
The annotations nginx.ingress.kubernetes.io/limit-connections,
nginx.ingress.kubernetes.io/limit-rps, and
nginx.ingress.kubernetes.io/limit-rpm define a limit on the
connections that can be opened by a single client IP address. This can
be used to mitigate DDoS Attacks.
nginx.ingress.kubernetes.io/limit-connections: number of concurrent
connections allowed from a single IP address.
nginx.ingress.kubernetes.io/limit-rps: number of connections that may
be accepted from a given IP each second.
nginx.ingress.kubernetes.io/limit-rpm: number of connections that may
be accepted from a given IP each minute.
您需要在 Ingress 规则中添加这些注释。
因此,为了添加 max_conns(或入口配置映射不支持的任何其他参数)需要做的是更改模板。
像这样更改模板 /etc/nginx/template/nginx.tmpl:
upstream {{ $upstream.Name }} {
# Load balance algorithm; empty for round robin, which is the default
{{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }}
{{ $cfg.LoadBalanceAlgorithm }};
{{ end }}
{{ if $upstream.UpstreamHashBy }}
hash {{ $upstream.UpstreamHashBy }} consistent;
{{ end }}
{{ if (gt $cfg.UpstreamKeepaliveConnections 0) }}
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
{{ end }}
{{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }} max_fails={{ $server.MaxFails }} fail_timeout={{ $server.FailTimeout }} max_conns=1;
{{ end }}
}
(您可以从 pod nginx-ingress-controller 获取完整文件,只需在 pod 上 运行 bash 并对其进行 cat)
会成功的。
现在使用本地 nginx.tmpl:
创建一个 configmap
kubectl create configmap nginx-template --from-file=nginx.tmpl=/localpath/nginx.tmpl
然后使用此 yaml 将卷安装到部署:
volumeMounts:
- mountPath: /etc/nginx/template
name: nginx-template-volume
readOnly: true
volumes:
- name: nginx-template-volume
configMap:
name: nginx-template
items:
- key: nginx.tmpl
path: nginx.tmpl
- 我需要手动重启我的 NGINX ingress 但我编辑了 ReplicationController 因为我没有部署(我猜是因为我在 minikube 上)
我正在尝试限制 Nginx ingress 中服务器的并发连接数。
Ngnix 入口是否支持 max_conns?我该如何编辑或添加它?
max_conns=number limits the maximum number of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
使用 max_conn
的 Nginx conf 示例upstream backend {
server backend1.example.com max_conns=3;
server backend2.example.com;}
谢谢
根据https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#rate-limiting,有限制连接数的注解:
The annotations nginx.ingress.kubernetes.io/limit-connections, nginx.ingress.kubernetes.io/limit-rps, and nginx.ingress.kubernetes.io/limit-rpm define a limit on the connections that can be opened by a single client IP address. This can be used to mitigate DDoS Attacks.
nginx.ingress.kubernetes.io/limit-connections: number of concurrent connections allowed from a single IP address.
nginx.ingress.kubernetes.io/limit-rps: number of connections that may be accepted from a given IP each second.
nginx.ingress.kubernetes.io/limit-rpm: number of connections that may be accepted from a given IP each minute.
您需要在 Ingress 规则中添加这些注释。
因此,为了添加 max_conns(或入口配置映射不支持的任何其他参数)需要做的是更改模板。
像这样更改模板 /etc/nginx/template/nginx.tmpl:
upstream {{ $upstream.Name }} {
# Load balance algorithm; empty for round robin, which is the default
{{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }}
{{ $cfg.LoadBalanceAlgorithm }};
{{ end }}
{{ if $upstream.UpstreamHashBy }}
hash {{ $upstream.UpstreamHashBy }} consistent;
{{ end }}
{{ if (gt $cfg.UpstreamKeepaliveConnections 0) }}
keepalive {{ $cfg.UpstreamKeepaliveConnections }};
{{ end }}
{{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }} max_fails={{ $server.MaxFails }} fail_timeout={{ $server.FailTimeout }} max_conns=1;
{{ end }}
}
(您可以从 pod nginx-ingress-controller 获取完整文件,只需在 pod 上 运行 bash 并对其进行 cat) 会成功的。 现在使用本地 nginx.tmpl:
创建一个 configmapkubectl create configmap nginx-template --from-file=nginx.tmpl=/localpath/nginx.tmpl
然后使用此 yaml 将卷安装到部署:
volumeMounts:
- mountPath: /etc/nginx/template
name: nginx-template-volume
readOnly: true
volumes:
- name: nginx-template-volume
configMap:
name: nginx-template
items:
- key: nginx.tmpl
path: nginx.tmpl
- 我需要手动重启我的 NGINX ingress 但我编辑了 ReplicationController 因为我没有部署(我猜是因为我在 minikube 上)