GCE Kubernetes会话持久性 [英] GCE Kubernetes Session Persistence

问题描述

我正在GCE Kubernetes上运行wordpress/woocommerce网站，并且由于会话持久性而无法扩展.

I'm running a wordpress / woocommerce site on GCE Kubernetes and having trouble scaling because of session persistence.

LoadBalancer(GCE入口)将所有流量发送到反向代理，然后将其发送到我设置的其他服务，其中之一是wordpress.

The LoadBalancer (GCE Ingress) sends all traffic to a reverse proxy that then sends the traffic to different services I have set up, one of which is wordpress.

如果我在WordPress服务上使用SessionAffinity: ClientIP，则所有流量都将流向一个Pod，而其他则被忽略.这似乎是因为该服务看到的是LoadBalancer的ip地址，而不是客户端的.尽管在nginx反向代理和wordpress NodePort服务上都设置了externalTrafficPolicy: Local.

If I use SessionAffinity: ClientIP on the WordPress service all of the traffic goes to one pod and the others are ignored. This seems to because the service is seeing the LoadBalancer's ip address rather than the Client's. This is in spite of externalTrafficPolicy: Local set on both nginx reverse proxy and the wordpress NodePort services.

我也尝试过将wordpress服务用作默认后端，并设法使流量流向所有Pod，但失去了会话亲和力.

I've also tried using the wordpress service as the default backend and I managed to get traffic to go to all pods but lost session affinity.

Ingress还执行TLS终止，我已经看到它可以影响ClientIP可见性，但是我认为该问题已由外部流量策略解决.

The Ingress also performs TLS termination, which I've seen can effect ClientIP visibility, but I think that issue is resolved by the external traffic policy.

我们也正在使用Cloudflare，我想知道这是否有效果.但是我们正在使用ngx_http_realip_module尝试获取正确的客户端IP地址.

We are also using Cloudflare, I'm wondering if that could have an effect. But we are using the ngx_http_realip_module to try to get the correct Client IP address.

推荐答案

我在群集中部署的一项PHP服务中也遇到了类似的问题.会话是邪恶的:)，但有时您确实需要使用它们.您可以通过几种方式在PHP中对会话数据进行群集，这样就无需在负载均衡器上使用粘性会话.

I had a similar issue in one of the PHP services deployed in my cluster. Sessions are evil :) but sometimes you do need to use them. You can cluster your session data in PHP in couple ways, so that you do not need to use sticky sessions on loadbalancer(s).

您的Pod中的
• 共享RWX卷将使会话文件可用于部署中的所有实例.除非您为Wordpress上载使用S3之类的文件，否则您可能已经对二进制文件进行了类似的操作，就像我对会话文件所建议的那样.
• 使用Memcached或Redis作为会话存储的会话处理程序(这是我现在拥有的)
• 您甚至可以将它们保留在与WP数据库相同的MySQL中，尽管我发现它可能会对性能产生重大影响.

• shared RWX volume in your pod(s) that will keep the session files available to all instances in your deployment. Unless you use something like S3 for wordpress uploads, you probably already do something similar for binaries, as I suggest for session files.
• session handler with Memcached or Redis as the session storage (this is what I have now)
• you can even keep them in your MySQL, same as WP database, although I've seen that it can be of significant performance impact.

您可以在此处找到简单的mamcache示例.如果您需要群集存储，则可以考虑使用Redis群集，或者像我一样考虑使用Couchbase

You can find simple mamcache example here. If you'd need a clustered storage, you could look into Redis clustering, or, as I would, into Couchbase

这篇关于GCE Kubernetes会话持久性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！