kubernetes 中 nginx ingress 的优化分两部分
一、系统sysctl部分优化
首先是对nginx启动前的系统性能进行优化,这部分调整网络的缓冲区,减小闲置 socket 关闭的时间
以阿里 ACK 为例,我们可以编辑 deployments 的 nginx-ingress-controller
initContainers:
- command:
- /bin/sh
- -c
- |
mount -o remount rw /proc/sys
sysctl -w net.core.somaxconn=65535
sysctl -w net.ipv4.ip_local_port_range="1024 65535"
sysctl -w net.ipv4.tcp_tw_reuse=1
sysctl -w fs.file-max=1048576
sysctl -w net.ipv4.tcp_keepalive_time = 300
sysctl -w net.ipv4.tcp_keepalive_probes = 5
sysctl -w net.ipv4.tcp_keepalive_intvl = 15
二、nginx ingress 参数优化
大家制动,nginx ingree 其实是做为一个中间代理,所以上下游的socket参数也需要优化
同样以阿里ACK为例,我们可以编辑 configmaps 的 nginx-configuration
apiVersion: v1
data:
allow-backend-server-header: "true"
enable-underscores-in-headers: "true"
generate-request-id: "true"
ignore-invalid-headers: "true"
log-format-upstream: $remote_addr - [$remote_addr] - $remote_user [$time_local]
"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length
$request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length
$upstream_response_time $upstream_status $req_id $host [$proxy_alternative_upstream_name]
proxy-body-size: 20m
proxy-connect-timeout: "10"
reuse-port: "true"
server-tokens: "false"
ssl-redirect: "false"
upstream-keepalive-timeout: "900"
keep-alive-requests: "10000"
upstream-keepalive-connections: "500"
max-worker-connections: "65536"
worker-cpu-affinity: auto
kind: ConfigMap