tencent cloud

Feedback

Nginx Ingress Best Practices

Last updated: 2021-12-06 10:55:40

    Overview

    TKE supports the installation of Nginx-ingress addon and uses it to access Ingress traffic. For more information about Nginx-ingress, see Nginx-ingress Instructions. This document describes the best practices of Nginx-ingress addon.

    Prerequisites

    Operation Directions

    Opening multiple Nginx Ingress traffic entries for the cluster

    After the Nginx-ingress addon is installed, there will be a Nginx-ingress operator addon under kube-system. You can use this addon to create multiple Nginx Ingress instances. Each Nginx Ingress instance uses a different IngressClass and uses a different CLB as a traffic entry, so that different ingresses can be bound to different traffic entries. You can create multiple Nginx Ingress instances for the cluster based on your actual needs.

    1. Log in to the TKE console and click Cluster in the left sidebar.
    2. On the Cluster Management page, click the ID of the target cluster to go to the cluster details page.
    3. In the left sidebar, click Add-on Management to go to the Add-on List page.
    4. Click the installed Nginx-ingress addon to go to the details page.
    5. Click Add Nginx Ingress Instance to configure the Nginx Ingress instances as needed, and specify a different IngressClass name for each instance.
      Note:

      For the details of installing Nginx Ingress instance, see Installing Nginx-ingress Instance.

    6. When creating an Ingress, you can specify a specific IngressClass to bind the Ingress to a specific Nginx Ingress instance. You can create Ingress via console or YAML.

      See Creating an Ingress for more information on how to create an Ingress in the console.

      • Ingress Type: select Nginx Load Balancer.
      • Class: select the Nginx Ingress instance created in the previous steps.

    Performance optimization

    CLB-to-Pod direct access mode

    When the cluster network mode is Global Router, CLB-to-Pod direct access mode is not enabled by default. It is recommended to enable CLB-to-Pod direct access mode based on the following directions:

    1. Enable the VPC-CNI mode for the cluster.
    2. When creating a Nginx Ingress instance, you can check Select CLB-to-Pod direct access mode to enable traffic to bypass the NodePort and reach the Pod directly to improve performance
      Note:

      For the details of installing Nginx Ingress instance, see Installing Nginx-ingress Instance.

    Adjusting the LB bandwidth limit

    As the traffic entry, if LB needs a higher concurrency or throughput, you can set the bandwidth limit based on the actual needs when creating a Nginx Ingress instance and allocate a higher bandwidth for Nginx Ingress.

    If you have a bill-by-CVM account (Checking Account Type), the bandwidth limit is determined by the node bandwidth. You can adjust the node bandwidth limit based on the following conditions:

    • If the CLB-to-Pod direct access mode is enabled, the total LB bandwidth is the sum of the bandwidths of the nodes where the Nginx Ingress instance Pods locate. It is recommended to plan some nodes with high public network bandwidth to deploy Nginx Ingress instances (Specify a node pool as DaemonSet to deploy).
    • If the CLB-to-Pod direct access mode is not enabled, the total bandwidth of LB is the sum of the public network bandwidths of all nodes.

    Nginx Ingress parameter optimization

    The Nginx Ingress instance can optimize the kernel parameters and the configuration of Nginx Ingress by default. For details, see Nginx Ingress High-Concurrency Practices. You can refer to the following directions to customize.

    Edit the deployed Daemonset or Deployment of nginx-ingress-conntroller (depending on the instance deployment options), and modify initContainers (You cannot modify the resources under kube-system in the console. Please use Kubectl to modify.), as shown below:

    Improving the observability of Nginx Ingress

    Enabling monitoring and log

    After creating a Nginx Ingress instance, you can enable the log and monitoring configuration of the instance in Log/Monitoring, which is convenient for troubleshooting and viewing the status metrics of the instance, as shown below:

    Note:

    It is strongly recommend to enable monitoring and log configurations for all Nginx Ingress instances.

    Viewing monitoring dashboard

    1. After enabling the monitoring configuration, you can click View Monitoring to go to the cloud native monitoring, as shown below:
    2. Enter the Grafana dashboard and switch to the NGINX Ingress controller dashboard to check the monitoring views, as shown below:

    Log search and log dashboard

    After enabling the log configuration, you can click More under Operation on the right side of an instance in the Nginx Ingress list page, and select Check access logs in CLS or View Access Log Dashboard. as shown below:

    • Click Check access logs in CLS to go to the CLS and select the logset and topic corresponding to the instance in Search and Analyze to view the access and error logs of Nginx Ingress.
    • Click View Access Log Dashboard to go to the dashboard that displays statistics based on the Nginx Ingress log data.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support