小知识:nginx ingress代理websocket流量的配置方法

1 概述:

1.1 环境

版本信息如下:

a、操作系统:centos 7.6

b、kubernetes版本:v1.15.0

c、ingress nginx版本:0.47.0

2 nginx ingress是否支持代理websocket流量

nginx ingress 默认支持websocket协议,因此ingress实例不需要额外配置。

值得注意的是,proxy-read-timeout和proxy-send-timeout的默认值是60秒,应该根据实际情况增加此两个参数的值。如果使用默认值60,则websocket客户端超过60秒没有给websocket服务端发送信息,再次发送数据时是无效的,例如使用websocat命令时,出现WebSocketError: I/O failure。

%小知识:nginx ingress代理websocket流量的配置方法-猿站网-插图

3 ingress样例

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# 根据实际情况调整超时时间,默认值为60
nginx.ingress.kubernetes.io/proxy-read-timeout: “600”
nginx.ingress.kubernetes.io/proxy-send-timeout: “600”
name: ws
namespace: default
spec:
rules:
– host: apigateway
http:
paths:
– backend:
serviceName: ws
servicePort: 3000
path: /

4 部署

4.1 部署nginx ingress

将以下文件进行kubectl apply,本案例中是以daemonset形式部署nginx controller,使用host网络。

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-ngin
kind: ConfigMap
name: nginx-configuration
namespace: ingress-nginx
name: tcp-services
name: udp-services
data:
resolv.conf: |
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local lj.io
options ndots:5
name: resolver
kind: ServiceAccount
name: nginx-ingress-serviceaccount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
name: nginx-ingress-clusterrole
rules:
– apiGroups:
– “”
resources:
– configmaps
– endpoints
– nodes
– pods
– secrets
verbs:
– list
– watch
– get
– services
– “extensions”
– “networking.k8s.io”
– ingresses
– update
– events
– create
– patch
– ingresses/status
kind: Role
name: nginx-ingress-role
– namespaces
resourceNames:
# Defaults to “<election-id>-<ingress-class>”
# Here: “<ingress-controller-leader>-<nginx>”
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
– “ingress-controller-leader-nginx”
kind: RoleBinding
name: nginx-ingress-role-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
subjects:
– kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
kind: ClusterRoleBinding
name: nginx-ingress-clusterrole-nisa-binding
kind: ClusterRole
kind: Service
spec:
ports:
– port: 80
protocol: TCP
targetPort: 80
selector:
sessionAffinity: None
type: ClusterIP
apiVersion: apps/v1
kind: DaemonSet
name: nginx-ingress-controller
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: “10254”
prometheus.io/scrape: “true”
spec:
serviceAccountName: nginx-ingress-serviceaccount
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
– name: nginx-ingress-controller
image: bitnami/nginx-ingress-controller:0.47.0
args:
– /nginx-ingress-controller
– –configmap=$(POD_NAMESPACE)/nginx-configuration
– –tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
– –udp-services-configmap=$(POD_NAMESPACE)/udp-services
– –publish-service=$(POD_NAMESPACE)/ingress-nginx
– –annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
– ALL
add:
– NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
env:
– name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
– name: POD_NAMESPACE
fieldPath: metadata.namespace
ports:
– name: http
containerPort: 80
– name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:

部署效果如下,

%小知识:nginx ingress代理websocket流量的配置方法-1猿站网-插图

4.2 设置域名

在本案例中使用/etc/hosts文件解析域名,本机机器IP是192.168.0.70。

?
1
2
3
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.70 apigateway

4.3 部署websocket服务端

服务端进程监听的端口是3000,是简单的echo server。

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ws
name: ws
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: ws
template:
metadata:
labels:
app: ws
spec:
containers:
– image: elegantmonkeys/websockets-demo:latest
imagePullPolicy: IfNotPresent
name: echo
ports:
– containerPort: 3000
protocol: TCP
resources:
limits:
cpu: “0.2”
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
apiVersion: v1
kind: Service
metadata:
labels:
app: ws
name: ws
namespace: default
spec:
ports:
– name: ws
port: 3000
protocol: TCP
targetPort: 3000
selector:
app: ws
type: NodePort

%小知识:nginx ingress代理websocket流量的配置方法-2猿站网-插图

4.4 创建ingress资源

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# 根据实际情况调整超时时间,默认值为60
nginx.ingress.kubernetes.io/proxy-read-timeout: “600”
nginx.ingress.kubernetes.io/proxy-send-timeout: “600”
name: ws
namespace: default
spec:
rules:
– host: apigateway
http:
paths:
– backend:
serviceName: ws
servicePort: 3000
path: /

%小知识:nginx ingress代理websocket流量的配置方法-3猿站网-插图

4.5 下载websockt客户端

?
1
2
3
4
cd /tmp
wget -O websocat https://github.com/vi/websocat/releases/download/v1.9.0/websocat_linux64
chmod 755 websocat
mv websocat /usr/bin/

4.6 测试

使用websocat命令通过ingress nginx连接echo server。

%小知识:nginx ingress代理websocket流量的配置方法-4猿站网-插图

5 小结:

ingress nginx默认支持websocket协议,使用长连接协议时需要注意连接超时的设置,读取和发送超时的注解参数分别是:nginx.ingress.kubernetes.io/proxy-read-timeout和nginx.ingress.kubernetes.io/proxy-send-timeout。

到此这篇关于nginx ingress代理websocket流量的文章就介绍到这了,更多相关nginx ingress代理websocket内容请搜索服务器之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持服务器之家!

原文链接:https://blog.csdn.net/nangonghen/article/details/123674317

声明: 猿站网有关资源均来自网络搜集与网友提供,任何涉及商业盈利目的的均不得使用,否则产生的一切后果将由您自己承担! 本平台资源仅供个人学习交流、测试使用 所有内容请在下载后24小时内删除,制止非法恶意传播,不对任何下载或转载者造成的危害负任何法律责任!也请大家支持、购置正版! 。本站一律禁止以任何方式发布或转载任何违法的相关信息访客发现请向站长举报,会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。本网站的资源部分来源于网络,如有侵权烦请发送邮件至:2697268773@qq.com进行处理。
建站知识

小知识:linux删除环境变量步骤详解

2023-3-17 4:00:44

建站知识

小知识:Nginx多个前端服务配置方式详解

2023-3-17 4:12:29

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索