|
1 概述:
1.1 环境版本信息如下:
a、操作系统:centos 7.6
b、kubernetes版本:v1.15.0
c、ingress nginx版本:0.47.0
2 nginx ingress是否支持代理websocket流量nginx ingress 默认支持websocket协议,因此ingress实例不需要额外配置。
值得注意的是,proxy-read-timeout和proxy-send-timeout的默认值是60秒,应该根据实际情况增加此两个参数的值。如果使用默认值60,则websocket客户端超过60秒没有给websocket服务端发送信息,再次发送数据时是无效的,例如使用websocat命令时,出现WebSocketError: I/O failure。 
3 ingress样例apiVersion: extensions/v1beta1kind: Ingressmetadata: annotations: # 根据实际情况调整超时时间,默认值为60 nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" name: ws namespace: defaultspec: rules: - host: apigateway http: paths: - backend: serviceName: ws servicePort: 3000 path: /
4 部署
4.1 部署nginx ingress将以下文件进行kubectl apply,本案例中是以daemonset形式部署nginx controller,使用host网络。 apiVersion: v1kind: Namespacemetadata: name: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-ngin---kind: ConfigMap name: nginx-configuration namespace: ingress-nginx name: tcp-services name: udp-servicesdata: resolv.conf: | nameserver 10.96.0.10 search default.svc.cluster.local svc.cluster.local cluster.local lj.io options ndots:5 name: resolverkind: ServiceAccount name: nginx-ingress-serviceaccountapiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRole name: nginx-ingress-clusterrolerules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - secrets verbs: - list - watch - get - services - "extensions" - "networking.k8s.io" - ingresses - update - events - create - patch - ingresses/statuskind: Role name: nginx-ingress-role - namespaces resourceNames: # Defaults to "<election-id>-<ingress-class>" # Here: "<ingress-controller-leader>-<nginx>" # This has to be adapted if you change either parameter # when launching the nginx-ingress-controller. - "ingress-controller-leader-nginx"kind: RoleBinding name: nginx-ingress-role-nisa-bindingroleRef: apiGroup: rbac.authorization.k8s.io kind: Rolesubjects: - kind: ServiceAccount name: nginx-ingress-serviceaccount namespace: ingress-nginxkind: ClusterRoleBinding name: nginx-ingress-clusterrole-nisa-binding kind: ClusterRolekind: Servicespec: ports: - port: 80 protocol: TCP targetPort: 80 selector: sessionAffinity: None type: ClusterIPapiVersion: apps/v1kind: DaemonSet name: nginx-ingress-controller matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: prometheus.io/port: "10254" prometheus.io/scrape: "true" spec: serviceAccountName: nginx-ingress-serviceaccount hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: nginx-ingress-controller image: bitnami/nginx-ingress-controller:0.47.0 args: - /nginx-ingress-controller - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io securityContext: allowPrivilegeEscalation: true capabilities: drop: - ALL add: - NET_BIND_SERVICE # www-data -> 33 runAsUser: 33 env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE fieldPath: metadata.namespace ports: - name: http containerPort: 80 - name: https containerPort: 443 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 readinessProbe: 部署效果如下, 
4.2 设置域名在本案例中使用/etc/hosts文件解析域名,本机机器IP是192.168.0.70。 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.0.70 apigateway
4.3 部署websocket服务端服务端进程监听的端口是3000,是简单的echo server。 apiVersion: apps/v1kind: Deploymentmetadata: labels: app: ws name: ws namespace: defaultspec: replicas: 1 selector: matchLabels: app: ws template: metadata: labels: app: ws spec: containers: - image: elegantmonkeys/websockets-demo:latest imagePullPolicy: IfNotPresent name: echo ports: - containerPort: 3000 protocol: TCP resources: limits: cpu: "0.2" memory: 100Mi requests: cpu: 100m memory: 100Mi---apiVersion: v1kind: Servicemetadata: labels: app: ws name: ws namespace: defaultspec: ports: - name: ws port: 3000 protocol: TCP targetPort: 3000 selector: app: ws type: NodePort 
4.4 创建ingress资源apiVersion: extensions/v1beta1kind: Ingressmetadata: annotations: # 根据实际情况调整超时时间,默认值为60 nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" name: ws namespace: defaultspec: rules: - host: apigateway http: paths: - backend: serviceName: ws servicePort: 3000 path: / 
4.5 下载websockt客户端cd /tmpwget -O websocat https://github.com/vi/websocat/releases/download/v1.9.0/websocat_linux64chmod 755 websocat mv websocat /usr/bin/
4.6 测试使用websocat命令通过ingress nginx连接echo server。 
5 小结:ingress nginx默认支持websocket协议,使用长连接协议时需要注意连接超时的设置,读取和发送超时的注解参数分别是:nginx.ingress.kubernetes.io/proxy-read-timeout和nginx.ingress.kubernetes.io/proxy-send-timeout。
下载地址:
关于YUM安装部署Zabbix4.4.7使用mysql数据库的问题
Nginx实现Nacos反向代理的项目实践 |
