9
k8s中nginx ingress的性能优化
source link: https://zhangrr.github.io/posts/20211102-ingress_nginx/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
kubernetes 中 nginx ingress 的优化分两部分
一、系统sysctl部分优化
首先是对nginx启动前的系统性能进行优化,这部分调整网络的缓冲区,减小闲置 socket 关闭的时间
以阿里 ACK 为例,我们可以编辑 deployments 的 nginx-ingress-controller
initContainers:
- command:
- /bin/sh
- -c
- |
mount -o remount rw /proc/sys
sysctl -w net.core.somaxconn=65535
sysctl -w net.ipv4.ip_local_port_range="1024 65535"
sysctl -w net.ipv4.tcp_tw_reuse=1
sysctl -w fs.file-max=1048576
sysctl -w net.ipv4.tcp_keepalive_time = 300
sysctl -w net.ipv4.tcp_keepalive_probes = 5
sysctl -w net.ipv4.tcp_keepalive_intvl = 15
二、nginx ingress 参数优化
大家制动,nginx ingree 其实是做为一个中间代理,所以上下游的socket参数也需要优化
同样以阿里ACK为例,我们可以编辑 configmaps 的 nginx-configuration
apiVersion: v1
data:
allow-backend-server-header: "true"
enable-underscores-in-headers: "true"
generate-request-id: "true"
ignore-invalid-headers: "true"
log-format-upstream: $remote_addr - [$remote_addr] - $remote_user [$time_local]
"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length
$request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length
$upstream_response_time $upstream_status $req_id $host [$proxy_alternative_upstream_name]
proxy-body-size: 20m
proxy-connect-timeout: "10"
reuse-port: "true"
server-tokens: "false"
ssl-redirect: "false"
upstream-keepalive-timeout: "900"
keep-alive-requests: "10000"
upstream-keepalive-connections: "500"
max-worker-connections: "65536"
worker-cpu-affinity: auto
kind: ConfigMap
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK