在 Kubernetes 中使用最少连接平衡流量
[英]Balancing traffic using least connection in Kubernetes
问题描述
I have a Kubernetes cluster with a deployment like the next one:
我有一个 Kubernetes 集群,其部署类似于下一个:
The goal here is to deploy an application in multiple pods exposed through a ClusterIP service named my-app .这里的目标是在通过名为my-app的 ClusterIP 服务公开的多个 pod 中部署应用程序。 The same deployment is made in multiple namespaces (A, B and C), changing slightly the config of the application.在多个命名空间(A、B 和 C)中进行相同的部署,稍微更改应用程序的配置。 Then, in some nodes I have an HAProxy using hostNetwork to bind to the node ports.然后,在某些节点中,我有一个使用 hostNetwork 绑定到节点端口的 HAProxy。 These HAProxy are exposed to my clients through a DNS pointing to them (my_app.com).这些 HAProxy 通过指向它们 (my_app.com) 的 DNS 向我的客户公开。
When a client connects to my app, they send a header specifying the namespace to which the request should be redirected (A, B or C) and the HAProxy resolves the IP of the service using do-resolve against a dns entry like my_app.A.svc.cluster.local , which returns the IP of the service my_app in the namespace A .当客户端连接到我的应用程序时,他们会发送 header 指定请求应重定向到的命名空间(A、B 或 C),并且 HAProxy 使用do-resolve服务的my_app.A.svc.cluster.local 。 my_app.A.svc.cluster.local ,它返回命名空间A中服务my_app的 IP。 That way I can have a single entry point (single DNS record) and a single port (80) to my cluster, which is one of my requirements.这样,我的集群就可以有一个入口点(单个 DNS 记录)和一个端口(80),这是我的要求之一。 I'm also able to create new namespaces and deploy other configs of my app without the need to modify the HAProxies, which is the second requirement.我还能够创建新的命名空间并部署我的应用程序的其他配置,而无需修改 HAProxies,这是第二个要求。
Now, the requests I get are a mix of short and long requests so I need to use least connection here.现在,我收到的请求是短请求和长请求的混合,所以我需要在这里使用最少的连接。 This is is not possible in the HAProxies as I don't have a list of backends (the redirection is dynamic as you can see in the code below).这在 HAProxies 中是不可能的,因为我没有后端列表(重定向是动态的,如您在下面的代码中所见)。 I'm trying to use kube-proxy with IPVS and least connection mode.我正在尝试将 kube-proxy 与 IPVS 和最少连接模式一起使用。 What I noticed is that the tracking of connections to the different pods is per node, and this information is not shared between the different nodes.我注意到的是,到不同 pod 的连接跟踪是按节点进行的,并且这些信息不会在不同节点之间共享。 This way, if two request to my_app.com Namespace: A are processed by two different nodes, both can go to the same pod (eg. pod_1) as in each node, the number of active connections to that pod is 0. The problem becomes worse as I increase the number of HAProxies behind the DNS.这样,如果对my_app.com Namespace: A的两个请求由两个不同的节点处理,则两者都可以 go 到每个节点中相同的 pod(例如 pod_1),到该 pod 的活动连接数为 0。问题随着我增加 DNS 后面的 HAProxies 的数量,情况变得更糟。
How can I solve this problem and have a better balance without having a single entry point to the cluster (having a single HAProxy behind the DNS)?如何在没有集群入口点的情况下解决这个问题并获得更好的平衡(在 DNS 后面有一个 HAProxy)?
I'm adding here the code used in HAProxy to route based on headers:我在这里添加了 HAProxy 中使用的代码,以根据标头进行路由:
resolvers dns
hold nx 3s
hold other 3s
parse-resolv-conf
frontend my_app_frontend
bind :80
default_backend my_app_backend
http-request set-var(sess.namespace) hdr(X-Namespace)
http-request do-resolve(txn.service,dns,ipv4) str(),concat(my_app.,sess.namespace,.svc.cluster.local)
backend my_app_backend
http-request set-dst var(txn.service)
http-request set-dst-port int(80)
server service 0.0.0.0:0
1 个解决方案
解决方案1
0 2019-11-20 22:13:13
I would use the peers feature from HAProxy to save the sessions for the namespaces cross nodes border.我会使用 HAProxy 的 peers 功能来保存跨节点边界的命名空间会话。
https://www.haproxy.com/blog/introduction-to-haproxy-stick-tables/ https://www.haproxy.com/blog/introduction-to-haproxy-stick-tables/
In short and untested简而言之,未经测试
peers mypeers
peer node1 192.168.122.64:10000
peer node2 192.168.122.1:10000
backend my_app_backend
stick-table type string len 32 size 100k expire 30m peers mypeers
stick on hdr(X-Namespace)
http-request set-dst var(txn.service)
http-request set-dst-port int(80)
server service 0.0.0.0:0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.