Background:
Deploy the application in the Kubernetes cluster and stress test the application. Jmeter stress tests at around 300 requests per second (18,000 requests per minute for ElasticSearch). Nginx erro log:
See also: www.bubuko.com/infodetail-…
Solve a problem:
Modify the.net. Core. Somaxconn
Enter your own nginx-php container to view:
Bash - 5.0 # cat/proc/sys/net/core/somaxconn 128Copy the code
root@ap-shanghai-k8s-node-1:~# cat /proc/sys/net/core/somaxconn
32768
Copy the codeNote: This is a TKE cluster. The parameters are default. Unmodified Modify the application configuration file as follows:
apiVersion: apps/v1
kind: Deployment
metadata:
name: paper-miniprogram
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: paper-miniprogram
template:
metadata:
labels:
app: paper-miniprogram
spec:
containers:
- name: paper-miniprogram
image: ccr.ccs.tencentyun.com/xxxx/paper-miniprogram:{data}
ports:
- containerPort: 80
resources:
requests:
memory: "1024M"
cpu: "1000m"
limits:
memory: "1024M"
cpu: "1000m"
imagePullSecrets:
- name: tencent
---
apiVersion: v1
kind: Service
metadata:
name: paper-miniprogram
labels:
app: paper-miniprogram
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: paper-miniprogram
Copy the codeThe modifications are as follows: Add the initContainers configuration
apiVersion: apps/v1
kind: Deployment
metadata:
name: paper-miniprogram
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: paper-miniprogram
template:
metadata:
labels:
app: paper-miniprogram
spec:
containers:
- name: paper-miniprogram
image: ccr.ccs.tencentyun.com/xxxx/paper-miniprogram:{data}
ports:
- containerPort: 80
resources:
requests:
memory: "1024M"
cpu: "1000m"
limits:
memory: "1024M"
cpu: "1000m"
initContainers:
- image: busybox
command:
- sh
- -c
- echo 1000 > /proc/sys/net/core/somaxconn
imagePullPolicy: Always
name: setsysctl
securityContext:
privileged: true
imagePullSecrets:
- name: tencent
---
apiVersion: v1
kind: Service
metadata:
name: paper-miniprogram
labels:
app: paper-miniprogram
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: paper-miniprogram
Copy the codeThe php-fpm list. backlog parameter is modified
Take a look at the value of the system variable net.ipv4.tcp_max_syn_backlog
cat /proc/sys/net/core/netdev_max_backlog
#OR
sysctl -a|grep backlog
Copy the code
Official about SYSCTL
Kubernetes officials have syscl instructions: kubernetes. IO/useful/docs/tas…
And then the aftereffects of doing so:
I personally feel that privileged mode will bring security issues, or do not like pod enabled privileged mode.
Personally, I think the best way is:
- The Grafana kanban shows that THE RESOURCE utilization of POD is still not that high. Adjust resource limits parameters properly.
- Enable automatic hPA horizontal scaling.
- I also want to keep the default net.core. Somaxconn =128. And rely on more copies to meet the high load. This is also consistent with the idea of using containers.
- The point is that many people are wrong to think that expanding resources can increase concurrent load. It’s better to tune the parameters.
About PHP-FPM Unix socket and TCP
Some configurations are available for reference:
Github.com/gaoxt/blog/…
Blog.csdn.net/pcyph/artic…