kubernetes中的自定义负载平衡 [英] custom load balancing within kubernetes
问题描述
我正在尝试在kubernetes中部署具有负载平衡的应用程序
I am trying to deploy an application with load-balancing within kubernetes
下面是我的预期部署图
理想情况下,该应用程序是由一组Pod使用后端"类型的k8s部署来部署的
ideally, the application is deployed by a set of pods using k8s deployment with type of "backend"
通常,用户实例存储在归档中.并根据要求动态地还原到其中一个Pod中,在其中停留TTL时间(例如30分钟),然后删除并备份到存档中.
normally, user instances are stored in the archive. and are restored into one of the pods dynamically upon request, stay there for a TTL time (say 30 minutes), and deleted and backuped into the archive.
理想情况下,负载平衡是由一组pod使用前端"类型的k8s部署来部署的.
ideally, the load balance is deployed by a set of pods using k8s deployment with type of "frontend".
理想情况下,将前端配置为具有"sticky = host"粘性的layer7会话.主机等于后端Pod的UID
ideally, the frontend is configured as layer7 session sticky with "sticky = host". the host equals the UID of a backend pod
用户通过SOAP消息请求服务,该消息在其主体中包含参数"host"和"user".
an user requests the service by a SOAP message, which contains parameters "host" and "user" in its body.
当SOAP消息到达前端时,将从消息正文中提取主机"值.
when a SOAP message reaches the frontend, the "host" value is extracted from the message body.
如果主机"值有效,则SOAP消息将转发到相应的后端Pod(其UID等于主机值).否则,将分配一个随机后端Pod.
if the "host" value is valid, the SOAP message is forwarded to the corresponding backend pod (whose UID equals the host value). otherwise, a random backend pod is assigned.
(此处的处理是针对特定应用程序的) 在后端窗格中,应用程序通过"user"的值检查用户实例的可用性.
(processing here upon is application specific) In a backend pod, the application checks the availability of the user instance by the value of "user".
如果已经存在,只需使用它;否则,请尝试从存档中还原;否则,请尝试从存档中还原.如果还原失败(新用户),请创建一个新的用户实例.
if already existed, just use it; otherwise, try to restore from the archive; if restoring failed(new user), create a new user instance.
我四处搜寻,但没有找到任何类似的例子. 特别是layer7会话粘性配置,以及从传入消息正文中自定义获取粘性值的实现.
I searched around, and did not find any similar examples. especially layer7 session sticky configuration, and the implementation of custom acquiring of sticky value from the incoming message body.
推荐答案
这听起来像一个用例,其中您正在通过前端负载均衡器进行身份验证.您看过Istio和大使吗?好像Istio和Envoy可以提供服务网格以将请求路由到Pod.然后,您将必须在Ambassador中编写一个自定义插件模块,以创建您要寻找的特定路由和身份验证机制.
This sounds like a use-case where you are doing authentication through the front-end loadbalancer. Have you looked at Istio and Ambassador. Seems like Istio and Envoy could provide the service mesh to route the requests to the pods. Then you would have to write a custom plugin module into Ambassador to create this specific routing and authentication mechanism that you are seeking.
大使自定义身份验证服务示例: https://www.getambassador.io/用户指南/认证教程
Example of Ambassador custom authentication service: https://www.getambassador.io/user-guide/auth-tutorial
https://www.getambassador.io/user-guide/with-istio
此自定义粘性会话路由也可以使用其他API网关来完成,但仍使用Istio路由到不同的Pod.但是,最好将pod定义为单独的服务,以便API网关(大使,Kong,Nginx)根据消息正文的参数进行更轻松的分段.
This custom sticky session routing can also be done using other API gateways but still using Istio for routing to the different pods. However it would be best if the pods are defined as separate services in order to have easier segmentation by the API gateway (Ambassador, Kong, Nginx) based on the parameters of the message body.
这篇关于kubernetes中的自定义负载平衡的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
