如何设置 Kubernetes 集群内部服务之间的会话关联
How to set session affinity between inner servicess inside a Kubernetes cluster
这是我的问题:我在 kubernetes yaml 文件中定义了 3 个服务:
- 一个前端(网站)
- 一个后端:有状态的,用于用户会话
- 一个后端:无状态
我需要在有状态服务上进行会话关联,但在无状态或前端服务上不需要。我需要会话亲和力基于 cookie,而不是基于 clientIP。
mydomain/stateful ===> Front-End Service (3 pods) ===> Stateful Service (3 pods, need session affinity)
mydomain/stateless ===> Front-End Service (3 pods) ===> Stateless Service (3 pods, do not need session affinity)
我尝试使用 Ingress 服务,但我看不出如何将它用作 Kubernetes 集群中两个服务之间的代理。我看到的所有示例都展示了如何将 Ingress 用作来自集群外部的请求的路由器。
到目前为止,这是我的 poc.yaml:
####################################################################
######################### STATEFUL BACKEND #########################
# Deployment for pocbackend containers, listening on port 3000
apiVersion: apps/v1
kind: Deployment
metadata:
name: stateful-deployment
spec:
replicas: 3
selector:
matchLabels:
app: stateful-backend
tier: backend
template:
metadata:
labels:
app: stateful-backend
tier: backend
spec:
containers:
- name: pocbackend
image: pocbackend:2.0
ports:
- name: http
containerPort: 3000
---
# Service for Stateful containers, listening on port 3000
apiVersion: v1
kind: Service
metadata:
name: api-stateful
spec:
selector:
app: stateful-backend
tier: backend
ports:
- protocol: TCP
port: 3002
targetPort: http
#sessionAffinity: ClientIP
---
#####################################################################
######################### STATELESS BACKEND #########################
# Deployment for pocbackend containers, listening on port 3000
apiVersion: apps/v1
kind: Deployment
metadata:
name: stateless-backend
spec:
replicas: 3
selector:
matchLabels:
app: stateless-backend
tier: backend
template:
metadata:
labels:
app: stateless-backend
tier: backend
spec:
containers:
- name: pocbackend
image: pocbackend:2.0
ports:
- name: http
containerPort: 3000
---
# Service for Stateless containers, listening on port 3000
apiVersion: v1
kind: Service
metadata:
name: api-stateless
spec:
selector:
app: stateless-backend
tier: backend
ports:
- protocol: TCP
port: 3001
targetPort: http
---
#############################################################
######################### FRONT END #########################
# deployment of the container pocfrontend listening to port 3500
apiVersion: apps/v1
kind: Deployment
metadata:
name: front-deployment
spec:
replicas: 1
selector:
matchLabels:
app: frontend
tier: frontend
template:
metadata:
labels:
app: frontend
tier: frontend
spec:
containers:
- name: pocfrontend
image: pocfrontend:2.0
ports:
- name: http
containerPort: 3500
---
# Service exposing frontend on node port 85
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
type: LoadBalancer
selector:
app: frontend
tier: frontend
ports:
- protocol: TCP
port: 85
targetPort: http
你知道怎么解决我的问题吗?
谢谢!
Kubernetes 本身不提供 session affinity 服务 [概念] 级别。
我想到的唯一方法是使用 Istio,它是 Destination Rules。摘自 istio 手册:
DestinationRule defines policies that apply to traffic intended for a service after routing has occurred. These rules specify configuration for load balancing, connection pool size from the sidecar, and outlier detection settings to detect and evict unhealthy hosts from the load balancing pool.
This document 展示了如何使用 istio 配置 sticky session。
这是我的问题:我在 kubernetes yaml 文件中定义了 3 个服务:
- 一个前端(网站)
- 一个后端:有状态的,用于用户会话
- 一个后端:无状态
我需要在有状态服务上进行会话关联,但在无状态或前端服务上不需要。我需要会话亲和力基于 cookie,而不是基于 clientIP。
mydomain/stateful ===> Front-End Service (3 pods) ===> Stateful Service (3 pods, need session affinity)
mydomain/stateless ===> Front-End Service (3 pods) ===> Stateless Service (3 pods, do not need session affinity)
我尝试使用 Ingress 服务,但我看不出如何将它用作 Kubernetes 集群中两个服务之间的代理。我看到的所有示例都展示了如何将 Ingress 用作来自集群外部的请求的路由器。
到目前为止,这是我的 poc.yaml:
####################################################################
######################### STATEFUL BACKEND #########################
# Deployment for pocbackend containers, listening on port 3000
apiVersion: apps/v1
kind: Deployment
metadata:
name: stateful-deployment
spec:
replicas: 3
selector:
matchLabels:
app: stateful-backend
tier: backend
template:
metadata:
labels:
app: stateful-backend
tier: backend
spec:
containers:
- name: pocbackend
image: pocbackend:2.0
ports:
- name: http
containerPort: 3000
---
# Service for Stateful containers, listening on port 3000
apiVersion: v1
kind: Service
metadata:
name: api-stateful
spec:
selector:
app: stateful-backend
tier: backend
ports:
- protocol: TCP
port: 3002
targetPort: http
#sessionAffinity: ClientIP
---
#####################################################################
######################### STATELESS BACKEND #########################
# Deployment for pocbackend containers, listening on port 3000
apiVersion: apps/v1
kind: Deployment
metadata:
name: stateless-backend
spec:
replicas: 3
selector:
matchLabels:
app: stateless-backend
tier: backend
template:
metadata:
labels:
app: stateless-backend
tier: backend
spec:
containers:
- name: pocbackend
image: pocbackend:2.0
ports:
- name: http
containerPort: 3000
---
# Service for Stateless containers, listening on port 3000
apiVersion: v1
kind: Service
metadata:
name: api-stateless
spec:
selector:
app: stateless-backend
tier: backend
ports:
- protocol: TCP
port: 3001
targetPort: http
---
#############################################################
######################### FRONT END #########################
# deployment of the container pocfrontend listening to port 3500
apiVersion: apps/v1
kind: Deployment
metadata:
name: front-deployment
spec:
replicas: 1
selector:
matchLabels:
app: frontend
tier: frontend
template:
metadata:
labels:
app: frontend
tier: frontend
spec:
containers:
- name: pocfrontend
image: pocfrontend:2.0
ports:
- name: http
containerPort: 3500
---
# Service exposing frontend on node port 85
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
type: LoadBalancer
selector:
app: frontend
tier: frontend
ports:
- protocol: TCP
port: 85
targetPort: http
你知道怎么解决我的问题吗?
谢谢!
Kubernetes 本身不提供 session affinity 服务 [概念] 级别。
我想到的唯一方法是使用 Istio,它是 Destination Rules。摘自 istio 手册:
DestinationRuledefines policies that apply to traffic intended for a service after routing has occurred. These rules specify configuration for load balancing, connection pool size from the sidecar, and outlier detection settings to detect and evict unhealthy hosts from the load balancing pool.
This document 展示了如何使用 istio 配置 sticky session。