今天看到文章说IngressNGINX实现灰度,仔细看原来是通过annotations来实现,于是简单的查了下官网,发现有几个有意思的annotations还是蛮有用的,记录下。

nginx.ingress.kubernetes.io/service-upstream

当设置为true时生效,默认为false。该参数也可以通过全局的configMap属性service-upstream来开启

By default the NGINX ingress controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration.

Thenginx.ingress.kubernetes.io/service-upstream annotation disables that behavior and instead uses a single upstream in NGINX, the service’s Cluster IP and port.

这个注解的好处是:

This can be desirable for things like zero-downtime deployments

使用后引入的新的问题:

  • Sticky Sessions will not work as only round-robin load balancing is supported.
  • The proxy_next_upstream directive will not have any effect meaning on error the request will not be dispatched to another upstream

不过以上的问题我认为并不重要,没有几个应用是通过网关做会话保持的了;另一个更不值得一提

nginx.ingress.kubernetes.io/canary

配合以下可以实现灰度:

  • nginx.ingress.kubernetes.io/canary-by-header
  • nginx.ingress.kubernetes.io/canary-by-header-value
  • nginx.ingress.kubernetes.io/canary-by-header-pattern
  • nginx.ingress.kubernetes.io/canary-by-cookie
  • nginx.ingress.kubernetes.io/canary-weight
  • nginx.ingress.kubernetes.io/canary-weight-total

指导步骤:

  1. 创建两个不同的DeploymentService
  2. 创建正常的ingress,该规则不需要加注解
  3. 创建灰度的ingress,该ingresspathhostname一致,不一致的是service名称,以及增加注解

限速相关

以下当初限速时,默认返回的是503,建议通过修改configMaplimit-req-status-codelimit-conn-status-code将状态码修改成一个自定义的如533,然后返回一个友好提示页面

nginx.ingress.kubernetes.io/limit-rps

限制单个IP的每秒的请求数

nginx.ingress.kubernetes.io/limit-rpm

限制单个IP的每分钟的请求数

nginx.ingress.kubernetes.io/limit-connections

限制单个IP的并发连接数

nginx.ingress.kubernetes.io/configuration-snippet

用以增加额外的NGINX配置,定制化时很有帮助,比如我们针对某个Ingress不记录日志

1
2

nginx.ingress.kubernetes.io/configuration-snippet: |
        access_log off;