kubernetes 中 nginx ingress 的优化分两部分
一、系统sysctl部分优化
首先是对nginx启动前的系统性能进行优化,这部分调整网络的缓冲区,减小闲置 socket 关闭的时间
以阿里 ACK 为例,我们可以编辑 deployments 的 nginx-ingress-controller
1 initContainers:
2 - command:
3 - /bin/sh
4 - -c
5 - |
6 mount -o remount rw /proc/sys
7 sysctl -w net.core.somaxconn=65535
8 sysctl -w net.ipv4.ip_local_port_range="1024 65535"
9 sysctl -w net.ipv4.tcp_tw_reuse=1
10 sysctl -w fs.file-max=1048576
11 sysctl -w net.ipv4.tcp_keepalive_time = 300
12 sysctl -w net.ipv4.tcp_keepalive_probes = 5
13 sysctl -w net.ipv4.tcp_keepalive_intvl = 15
14
二、nginx ingress 参数优化
大家制动,nginx ingree 其实是做为一个中间代理,所以上下游的socket参数也需要优化
同样以阿里ACK为例,我们可以编辑 configmaps 的 nginx-configuration
1apiVersion: v1
2data:
3 allow-backend-server-header: "true"
4 enable-underscores-in-headers: "true"
5 generate-request-id: "true"
6 ignore-invalid-headers: "true"
7 log-format-upstream: $remote_addr - [$remote_addr] - $remote_user [$time_local]
8 "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length
9 $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length
10 $upstream_response_time $upstream_status $req_id $host [$proxy_alternative_upstream_name]
11 proxy-body-size: 20m
12 proxy-connect-timeout: "10"
13 reuse-port: "true"
14 server-tokens: "false"
15 ssl-redirect: "false"
16
17 upstream-keepalive-timeout: "900"
18 keep-alive-requests: "10000"
19 upstream-keepalive-connections: "500"
20 max-worker-connections: "65536"
21
22 worker-cpu-affinity: auto
23kind: ConfigMap
