Wednesday, June 21, 2017

Set Up Nginx Loadbalancer with Sticky Session in Kubernetes

K8S NGINX LB Controller Service

Sticky Session Setting

Edit nl.yaml

---
################################################################################
## K8S Default Backend for Nginx if no endpoint is available e.g. 404 servers
###############################################################################
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-default-backend
  namespace: kube-system
  labels:
    app: nginx-default-backend
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-default-backend
  template:
    metadata:
      labels:
        app:  nginx-default-backend
        group: lb
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name:  defaultbackend
        image: 172.16.155.136:5000/uwebserverv6
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8000
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        ports:
        - containerPort: 8000
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
          requests:
            cpu: 10m
            memory: 20Mi

---
################################################################################
## K8S Service configuration default backend. in NGINX Deployment config
## use arg --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend
################################################################################
apiVersion: v1
kind: Service
metadata:
  name: nginx-default-backend
  namespace: kube-system
  labels:
    app: nginx-default-backend
    group: lb
spec:
  type: NodePort
  ports:
  - port: 8000
    targetPort: 8000
  selector:
    app: nginx-default-backend

---
##################################################################################################
## K8S config map for NGINX LB Controller. supply as arg in deployment config
## - --nginx-configmap=$(POD_NAMESPACE)/nginx-ingress-lb-cfg
## See link below for all config options
## https://github.com/kubernetes/contrib/blob/master/ingress/controllers/nginx/configuration.md
###################################################################################################
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-lb-cfg
  namespace: kube-system
  labels:
    app: nginx-ingress-lb
    group: lb
data:
  enable-sticky-sessions: 'true'   ## use ROUTE cookie to provide session affinity
  enable-vts-status: 'true'   ## Allows the replacement of the default status page nginx-module-vts

---
############################################################################################
## K8S deplox config for NGINX LB gcr.io/google_containers/nginx-ingress-controller
## https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx
#########################################################################################
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
  labels:
    app: nginx-ingress-lb
    group: lb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-ingress-lb
  template:
    metadata:
      labels:
        app: nginx-ingress-lb
        name: nginx-ingress-lb
        group: lb
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: nginx-ingress-lb
        image: gcr.io/google_containers/nginx-ingress-controller:0.8.3
        imagePullPolicy: IfNotPresent
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        # use downward API
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        ports:
        - containerPort: 80
          hostPort: 80
        ## if you terminate SSL at the AWS ELB you don't need port 443 here
        - containerPort: 18080 ## we expose 18080 to access nginx stats in url /nginx-status
          hostPort: 18080
        ## https://github.com/kubernetes/contrib/issues/1662 --watch-namespace  to limit on one namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend
        - --nginx-configmap=$(POD_NAMESPACE)/nginx-ingress-lb-cfg
---
#######################################
# K8S NGINX LB Controller Service
#######################################
apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-lb
  namespace: kube-system
  labels:
    app: nginx-ingress-lb
    group: lb
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "YOUR_AWS_CERT_ID"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
spec:
  type: LoadBalancer
  ports:
  - port: 443
    targetPort: 80 ## terminate ssl
    name: https
    protocol: TCP
  #- port: 80   ### disable unless you have http->https redirect or really want to support http besides https
  #  targetPort: 80
  #  name: http
  #  protocol: TCP
  - port: 18080
    targetPort: 18080
    name: nginxstatus
    protocol: TCP
  selector:
    app: nginx-ingress-lb
---
############################################################
## K8S Ingress to access Nginx status page from LB
############################################################
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: nginx-ingress-lb-stats
 namespace: kube-system
 labels:
  app: nginx-ingress-lb
  group: lb
  stage: kube-system
 annotations:
  kubernetes.io/ingress.class: nginx
spec:
 rules:
 - host: your.host.com
   http:
    paths:
    - path: /nginx_status
      backend:
       serviceName: nginx-ingress-lb
       servicePort: 18080

Create Pod with above yaml file.

kubectl create -f nl.yaml

To get loadbalancer address

root@kuberm:~/kube1.6config/deploy/nginxlb2# kubectl get ing --all-namespaces
NAMESPACE     NAME                     HOSTS           ADDRESS          PORTS     AGE
kube-system   nginx-ingress-lb-stats   your.host.com   172.16.155.160   80        1h

Client test, and with cookie setting, sticky session.

Create cookie and stor to file a.txt

curl -v  -c a.txt http://172.16.155.160

Use a.txt as cookie source.

curl -v  --cookie a.txt http://172.16.155.160

.
.
nginx-default-backend-1891278369-dwwft

You will get the result of sticky session.

No comments:

Post a Comment