一项服务公开的多个Pod的会话关联性设置 [英] Session Affinity Settings for multiple Pods exposed by a single service
问题描述
我在K8S集群上安装了Metallb作为LB并安装了Nginx Ingress. 我已经阅读了有关会话亲和力及其重要性的信息,但到目前为止我还不清楚.
I have a setup Metallb as LB with Nginx Ingress installed on K8S cluster. I have read about session affinity and its significance but so far I do not have a clear picture.
如何创建暴露同一应用程序的多个Pod的单个服务? 创建单个服务入口点后,如何将特定的客户端IP映射到该服务抽象的Pod?
How can I create a single service exposing multiple pods of the same application? After creating the single service entry point, how to map the specific client IP to Pod abstracted by the service?
是否有任何博客用kubernetes中的客户端IP和POD之间的映射方式来解释这个概念?
Is there any blog explaining this concept in terms of how the mapping between Client IP and POD is done in kubernetes?
但是我没有在YAML中看到客户端的IP.然后,此服务将如何将流量映射到各自客户端到其端点?这是我的问题.
But I do not see Client's IP in the YAML. Then, How is this service going to map the traffic to respective clients to its endpoints? this is the question I have.
kind: Service
apiVersion: v1
metadata:
name: my-service
spec:
selector:
app: my-app
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10000
推荐答案
会话相似性的主要概念是将流量始终从一个客户端重定向到特定节点.请记住,会话关联性是一种尽力方法,并且在某些情况下,由于Pod重新启动或网络错误,它会失败. 会话亲和力主要有两种类型:
Main concept of Session Affinity is to redirect traffic from one client always to specific node. Please keep in mind that session affinity is a best-effort method and there are scenarios where it will fail due to pod restarts or network errors. There are two main types of Session Affinity:
1) 基于客户端IP
此选项非常适合每个IP仅一个客户端的情况.在这种方法中,您不需要K8s服务和客户端之间的Ingress/Proxy. 客户端IP应该是静态的,因为客户端每次更改IP时,都会将其重定向到另一个Pod.
This option works well for scenario where there is only one client per IP. In this method you don't need Ingress/Proxy between K8s services and client. Client IP should be static, because each time when client will change IP he will be redirected to another pod.
要在kubernetes中启用会话亲缘关系,我们可以在服务定义中添加以下内容.
To enable the session affinity in kubernetes, we can add the following to the service definition.
service.spec.sessionAffinity: ClientIP
因为社区提供了使用此方法的正确清单,所以我不会重复.
Because community provided proper manifest to use this method I will not duplicate.
2) 基于Cookies
当同一IP上有多个客户端时,它可以工作,因为它存储在Web浏览器级别.此方法需要Ingress对象.在
It works when there are multiple clients from the same IP, because it´s stored at web browser level. This method require Ingress object. Steps to apply this method with more detailed information can be found here under Session affinity based on Cookie section.
- 创建NGINX控制器部署
- 创建NGINX服务
- 创建入口
- 将您的公共DNS名称重定向到NGINX服务的公共/外部IP.
根据文档 kube-proxy负责SessionAffinity. Kube-Proxy工作之一 正在写入IPtables,更多详细信息这里,就是这样 映射.
About mapping ClientIP and POD, according to Documentation kube-proxy is responsible for SessionAffinity. One of Kube-Proxy job is writing to IPtables, more details here so thats how it is mapped.
可能有助于理解会话亲和力的文章: https://sookocheff.com/post/kubernetes/building-stateful-services/ https://medium.com/@diegomrtnzg/redirect-your-users-to-the-same-pod-by-using-session-affinity-on-kubernetes-baebf6a1733b
Articles which might help with understanding Session Affinity: https://sookocheff.com/post/kubernetes/building-stateful-services/ https://medium.com/@diegomrtnzg/redirect-your-users-to-the-same-pod-by-using-session-affinity-on-kubernetes-baebf6a1733b
这篇关于一项服务公开的多个Pod的会话关联性设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
