Edit max_conns in Kubernetes ingress Ngnix?

问题

Im trying to limit the number of concurrent connection to servers in my Nginx ingress.

is max_conns supported in Ngnix ingress? how can i edit or add it?

max_conns=number limits the maximum number of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.

http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream

exmple of an Nginx conf using max_conn

upstream backend {
server backend1.example.com  max_conns=3;
server backend2.example.com;}

thanks

回答1:

So, what needed to be done in order to add max_conns (or any other parameter that is not supported by the ingress configmap) - is to change the template.

changing the template /etc/nginx/template/nginx.tmpl like this:

upstream {{ $upstream.Name }} {
    # Load balance algorithm; empty for round robin, which is the default
    {{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }}
    {{ $cfg.LoadBalanceAlgorithm }};
    {{ end }}

    {{ if $upstream.UpstreamHashBy }}
    hash {{ $upstream.UpstreamHashBy }} consistent;
    {{ end }}

    {{ if (gt $cfg.UpstreamKeepaliveConnections 0) }}
    keepalive {{ $cfg.UpstreamKeepaliveConnections }};
    {{ end }}

    {{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }} max_fails={{ $server.MaxFails }} fail_timeout={{ $server.FailTimeout }} max_conns=1;
    {{ end }}
}

(you can get the full file from the pod nginx-ingress-controller, just run bash on the pod and cat it) will do the trick. now create a configmap with the local nginx.tmpl:

kubectl create configmap nginx-template --from-file=nginx.tmpl=/localpath/nginx.tmpl

and then mount a volume to the deployment with this yaml:

        volumeMounts:
      - mountPath: /etc/nginx/template
        name: nginx-template-volume
        readOnly: true
  volumes:
    - name: nginx-template-volume
      configMap:
        name: nginx-template
        items:
        - key: nginx.tmpl
          path: nginx.tmpl

• i needed to restart my NGINX ingress manually but i edited the ReplicationController because i didn't have a deployment (i guess its because im on minikube)

回答2:

According to https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#rate-limiting, there are annotations for limiting the number of connections:

The annotations nginx.ingress.kubernetes.io/limit-connections, nginx.ingress.kubernetes.io/limit-rps, and nginx.ingress.kubernetes.io/limit-rpm define a limit on the connections that can be opened by a single client IP address. This can be used to mitigate DDoS Attacks.

nginx.ingress.kubernetes.io/limit-connections: number of concurrent connections allowed from a single IP address.

nginx.ingress.kubernetes.io/limit-rps: number of connections that may be accepted from a given IP each second.

nginx.ingress.kubernetes.io/limit-rpm: number of connections that may be accepted from a given IP each minute.

You would need to add these annotations in your Ingress rule.

来源：https://stackoverflow.com/questions/48659392/edit-max-conns-in-kubernetes-ingress-ngnix