Forem: Ofir Haim The latest articles on Forem by Ofir Haim (@ofir-haim). https://forem.com/ofir-haim https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1655244%2F5946834e-6b9a-4e07-ae2e-314ec4398c3e.jpeg Forem: Ofir Haim https://forem.com/ofir-haim en Implementing IPv6 in Kubernetes Clusters: A Comprehensive Guide for EKS and GKE Ofir Haim Fri, 26 Jul 2024 20:53:09 +0000 https://forem.com/target-ops/implementing-ipv6-in-kubernetes-clusters-a-comprehensive-guide-for-eks-and-gke-1ee6 https://forem.com/target-ops/implementing-ipv6-in-kubernetes-clusters-a-comprehensive-guide-for-eks-and-gke-1ee6 <h2> Abstract </h2> <p>This article provides a comprehensive guide to implementing IPv6 in Kubernetes clusters, with a specific focus on Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE). It covers the advantages of IPv6 in Kubernetes environments, detailed implementation steps using Terraform, and best practices for deployment.</p> <h2> 1. Introduction </h2> <p>As the internet continues to evolve, the transition from IPv4 to IPv6 has become increasingly important. Kubernetes, as a modern container orchestration platform, supports IPv6 to enable better scalability and future-proofing of cluster networking. This guide aims to provide students and professionals with the knowledge and tools to implement IPv6 in Kubernetes clusters, focusing on two major cloud providers: Amazon Web Services (AWS) and Google Cloud Platform (GCP).</p> <h2> 2. Advantages of IPv6 in Kubernetes </h2> <p>Implementing IPv6 in Kubernetes clusters offers several significant benefits:</p> <ol> <li><p><strong>Expanded Address Space</strong>: IPv6's 128-bit addressing scheme provides a vastly larger address space compared to IPv4's 32-bit system, enabling easier scaling of clusters and pods without IP address exhaustion concerns.</p></li> <li><p><strong>Simplified Networking</strong>: IPv6 eliminates the need for Network Address Translation (NAT), resulting in simpler and more transparent network configurations.</p></li> <li><p><strong>Enhanced Performance</strong>: Direct routing in IPv6 can lead to improved network performance and reduced latency.</p></li> <li><p><strong>Future-Proofing</strong>: As the internet transitions to IPv6, having IPv6-ready Kubernetes clusters ensures compatibility with emerging technologies and services.</p></li> <li><p><strong>Improved Security</strong>: IPv6 includes built-in support for IPsec, providing enhanced security at the network layer.</p></li> </ol> <h2> 3. General Implementation Steps </h2> <p>Before diving into specific cloud provider implementations, here are the general steps to enable IPv6 in a Kubernetes cluster:</p> <ol> <li><p>Ensure the underlying network infrastructure supports IPv6.</p></li> <li><p>Configure the Kubernetes control plane to use IPv6.</p></li> <li><p>Set up IPv6 address allocation for pods and services.</p></li> <li><p>Update CoreDNS configuration to support IPv6.</p></li> <li><p>Configure network policies to work with IPv6.</p></li> </ol> <h2> 4. IPv6 Implementation in Amazon EKS </h2> <p>To implement IPv6 in an Amazon EKS cluster using the official Terraform module, follow these steps:</p> <h3> 4.1 VPC Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/vpc/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 3.0"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ipv6-vpc"</span> <span class="nx">cidr</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">azs</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"us-west-2a"</span><span class="p">,</span> <span class="s2">"us-west-2b"</span><span class="p">,</span> <span class="s2">"us-west-2c"</span><span class="p">]</span> <span class="nx">private_subnets</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.0.1.0/24"</span><span class="p">,</span> <span class="s2">"10.0.2.0/24"</span><span class="p">,</span> <span class="s2">"10.0.3.0/24"</span><span class="p">]</span> <span class="nx">public_subnets</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.0.101.0/24"</span><span class="p">,</span> <span class="s2">"10.0.102.0/24"</span><span class="p">,</span> <span class="s2">"10.0.103.0/24"</span><span class="p">]</span> <span class="nx">enable_nat_gateway</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_vpn_gateway</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_ipv6</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">assign_ipv6_address_on_creation</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">vpc_ipv6_cidr_block</span> <span class="p">=</span> <span class="s2">"2600:1f16:4b4:1000::/56"</span> <span class="nx">private_subnet_ipv6_prefixes</span> <span class="p">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]</span> <span class="nx">public_subnet_ipv6_prefixes</span> <span class="p">=</span> <span class="p">[</span><span class="mi">4</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">6</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> 4.2 EKS Cluster Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"eks"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/eks/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 18.0"</span> <span class="nx">cluster_name</span> <span class="p">=</span> <span class="s2">"ipv6-cluster"</span> <span class="nx">cluster_version</span> <span class="p">=</span> <span class="s2">"1.24"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">subnet_ids</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">private_subnets</span> <span class="nx">cluster_ip_family</span> <span class="p">=</span> <span class="s2">"ipv6"</span> <span class="nx">cluster_service_ipv6_cidr</span> <span class="p">=</span> <span class="s2">"2600:1f16:4b4:1100::/56"</span> <span class="nx">eks_managed_node_groups</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">main</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">min_size</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">max_size</span> <span class="p">=</span> <span class="mi">3</span> <span class="nx">desired_size</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">instance_types</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"t3.medium"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 4.3 CoreDNS Configuration </h3> <p>After applying the Terraform configuration, update the CoreDNS ConfigMap:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl edit configmap coredns <span class="nt">-n</span> kube-system </code></pre> </div> <p>Add the following to the Corefile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ipv6 { fallthrough } </code></pre> </div> <h2> 5. IPv6 Implementation in Google Kubernetes Engine (GKE) </h2> <p>For GKE, the implementation process differs slightly:</p> <h3> 5.1 VPC Network Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"google_compute_network"</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ipv6-vpc"</span> <span class="nx">auto_create_subnetworks</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"google_compute_subnetwork"</span> <span class="s2">"subnet"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ipv6-subnet"</span> <span class="nx">ip_cidr_range</span> <span class="p">=</span> <span class="s2">"10.0.0.0/24"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-central1"</span> <span class="nx">network</span> <span class="p">=</span> <span class="nx">google_compute_network</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">stack_type</span> <span class="p">=</span> <span class="s2">"IPV4_IPV6"</span> <span class="nx">ipv6_access_type</span> <span class="p">=</span> <span class="s2">"EXTERNAL"</span> <span class="p">}</span> </code></pre> </div> <h3> 5.2 GKE Cluster Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"gke"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-google-modules/kubernetes-engine/google"</span> <span class="nx">project_id</span> <span class="p">=</span> <span class="s2">"your-project-id"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ipv6-gke-cluster"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-central1"</span> <span class="nx">zones</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"us-central1-a"</span><span class="p">,</span> <span class="s2">"us-central1-b"</span><span class="p">,</span> <span class="s2">"us-central1-c"</span><span class="p">]</span> <span class="nx">network</span> <span class="p">=</span> <span class="nx">google_compute_network</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">name</span> <span class="nx">subnetwork</span> <span class="p">=</span> <span class="nx">google_compute_subnetwork</span><span class="p">.</span><span class="nx">subnet</span><span class="p">.</span><span class="nx">name</span> <span class="nx">ip_range_pods</span> <span class="p">=</span> <span class="s2">""</span> <span class="nx">ip_range_services</span> <span class="p">=</span> <span class="s2">""</span> <span class="nx">http_load_balancing</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">network_policy</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">horizontal_pod_autoscaling</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">filestore_csi_driver</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">datapath_provider</span> <span class="p">=</span> <span class="s2">"ADVANCED_DATAPATH"</span> <span class="nx">stack_type</span> <span class="p">=</span> <span class="s2">"IPV4_IPV6"</span> <span class="nx">cluster_ipv4_cidr</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">node_pools</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"default-node-pool"</span> <span class="nx">machine_type</span> <span class="p">=</span> <span class="s2">"e2-medium"</span> <span class="nx">node_locations</span> <span class="p">=</span> <span class="s2">"us-central1-b,us-central1-c"</span> <span class="nx">min_count</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">max_count</span> <span class="p">=</span> <span class="mi">3</span> <span class="nx">local_ssd_count</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">disk_size_gb</span> <span class="p">=</span> <span class="mi">100</span> <span class="nx">disk_type</span> <span class="p">=</span> <span class="s2">"pd-standard"</span> <span class="nx">image_type</span> <span class="p">=</span> <span class="s2">"COS_CONTAINERD"</span> <span class="nx">auto_repair</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">auto_upgrade</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">preemptible</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">initial_node_count</span> <span class="p">=</span> <span class="mi">1</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h2> 6. Best Practices and Considerations </h2> <ol> <li><p><strong>Gradual Migration</strong>: Begin by migrating non-critical workloads to IPv6, allowing for thorough testing and adjustment.</p></li> <li><p><strong>Dual-Stack Configuration</strong>: Where possible, use dual-stack configurations to maintain compatibility with IPv4-only services.</p></li> <li><p><strong>Network Policy Updates</strong>: Ensure network policies are updated to include IPv6 CIDR blocks.</p></li> <li><p><strong>Performance Monitoring</strong>: Closely monitor cluster performance after enabling IPv6 to ensure optimal operation.</p></li> <li><p><strong>Regular Updates</strong>: Keep Kubernetes and network plugin versions up-to-date, as IPv6 support improves with newer releases.</p></li> <li><p><strong>Security Considerations</strong>: Leverage the built-in security features of IPv6, such as IPsec, while ensuring proper firewall and security group configurations.</p></li> <li><p><strong>DNS Configuration</strong>: Ensure that DNS services, both internal and external, are properly configured to handle IPv6 addresses.</p></li> <li><p><strong>Application Compatibility</strong>: Review and update applications to ensure they are IPv6-compatible, paying special attention to hardcoded IP addresses.</p></li> </ol> <h2> Conclusion </h2> <p>Implementing IPv6 in Kubernetes clusters, particularly on major cloud platforms like AWS EKS and Google GKE, is a crucial step towards future-proofing your infrastructure. This guide provides a comprehensive approach to enabling IPv6 using Terraform, covering both the network and cluster configurations necessary for successful deployment.</p> <p>As the internet continues its transition to IPv6, organizations that proactively adopt this technology in their Kubernetes environments will be better positioned to handle future networking challenges and opportunities. By following the steps and best practices outlined in this guide, students and professionals can gain practical experience in implementing IPv6 in real-world Kubernetes scenarios.</p> <h2> References </h2> <ul> <li>1. Kubernetes Documentation. "Enabling IPv6 support". - <a href="https://kubernetes.io/docs/concepts/services-networking/dual-stack/" rel="noopener noreferrer">link</a> </li> <li>2. Amazon EKS Documentation. - <a href="https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html" rel="noopener noreferrer">link</a> </li> <li>3. Google Kubernetes Engine Documentation. "Using IPv6 on GKE". - <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/dual-stack" rel="noopener noreferrer">link</a> </li> </ul> <p>This article provides a comprehensive, academic-style guide to implementing IPv6 in Kubernetes clusters, with a focus on EKS and GKE. It includes detailed code examples, explanations, and best practices, making it suitable for students and professionals alike. The content has been reviewed for accuracy and completeness, but as always, it's recommended to consult the latest official documentation when implementing these configurations in production environments.</p> kubernetes devops ipv6 targetops Clone any Git URL directly to VS Code with a single click! Ofir Haim Tue, 16 Jul 2024 15:11:02 +0000 https://forem.com/target-ops/clone-any-git-url-directly-to-vs-code-with-a-single-click-ma1 https://forem.com/target-ops/clone-any-git-url-directly-to-vs-code-with-a-single-click-ma1 <h2> 🚀 Features </h2> <p>One-click cloning from any Git repository URL<br> Seamless integration with VS Code<br> Works with GitHub, GitLab, Bitbucket, and more<br> Lightning-fast setup and minimal configuration</p> <h2> 🎭 Why AnyClown? </h2> <p>Because only a clown would waste time manually copying URLs and switching between browsers and terminals! AnyClown brings the circus to your development workflow, juggling Git repositories with ease.</p> <h2> 🛠️ Installation </h2> <p>Visit the Chrome Web Store<br> Search for "AnyClown"<br> Click "Add to Chrome"<br> Embrace your inner code clown 🎈<br> <a href="https://chromewebstore.google.com/search/anyClown" rel="noopener noreferrer">Chrome Web Store</a></p> <h2> 🎪 How to Use </h2> <p>Navigate to any Git repository URL<br> Click the AnyClown icon in your Chrome toolbar<br> Watch in amazement as the repo opens in VS Code</p> <h2> 🧑‍💻 Requirements </h2> <p>Google Chrome browser<br> Visual Studio Code<br> A sense of humor (optional, but recommended)</p> <h2> 🐛 Found a Bug? </h2> <p>If you've caught a pesky bug in our clowning around, please open an issue. We promise to juggle it into our priority queue!</p> <h2> 🤝 Contributing </h2> <p>We welcome all clowns, jesters, and code acrobats to contribute! Check out our contributing guidelines to join the circus.</p> <h2> 📜 License </h2> <p>See the LICENSE file for more details.</p> <h2> TargetTeam </h2> <p>Made with ❤️ and a lot of 🤡 energy by the AnyClown team.<br> Remember: Keep calm and clone on! 🎭🚀</p> devops extensions vscode targetops Mastering ingress-nginx Ofir Haim Tue, 16 Jul 2024 15:01:19 +0000 https://forem.com/target-ops/mastering-ingress-nginx-36d7 https://forem.com/target-ops/mastering-ingress-nginx-36d7 <h3> Advanced Optimization Techniques for High-Performance Kubernetes Ingress </h3> <p>As a seasoned DevOps engineer with 15 years of experience, I've seen the evolution of ingress controllers in Kubernetes. Today, we'll dive deep into optimizing ingress-nginx, one of the most popular ingress controllers in the Kubernetes ecosystem.</p> <h2> 1. Fine-tuning Worker Processes and Connections </h2> <p>One of the first areas to optimize is the NGINX worker configuration. By default, ingress-nginx uses auto-detection, but for high-traffic environments, manual tuning can yield better results.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">worker-processes</span><span class="pi">:</span> <span class="s2">"</span><span class="s">8"</span> <span class="na">max-worker-connections</span><span class="pi">:</span> <span class="s2">"</span><span class="s">65536"</span> </code></pre> </div> <p>Adjust these values based on your server's CPU cores and expected concurrent connections.</p> <h2> 2. Leveraging HTTP/2 and TLS 1.3 </h2> <p>Enable HTTP/2 and TLS 1.3 to improve connection efficiency and security:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">use-http2</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">ssl-protocols</span><span class="pi">:</span> <span class="s2">"</span><span class="s">TLSv1.2</span><span class="nv"> </span><span class="s">TLSv1.3"</span> </code></pre> </div> <h2> 3. Optimizing SSL/TLS </h2> <p>Implement OCSP stapling and adjust SSL buffer size:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">ssl-buffer-size</span><span class="pi">:</span> <span class="s2">"</span><span class="s">4k"</span> <span class="na">ssl-ocsp</span><span class="pi">:</span> <span class="s2">"</span><span class="s">on"</span> </code></pre> </div> <h2> 4. Tuning Timeouts and Keepalive </h2> <p>Adjust timeouts and keepalive settings to balance between resource usage and client needs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">keep-alive</span><span class="pi">:</span> <span class="s2">"</span><span class="s">75"</span> <span class="na">keep-alive-requests</span><span class="pi">:</span> <span class="s2">"</span><span class="s">100"</span> <span class="na">upstream-keepalive-connections</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000"</span> <span class="na">upstream-keepalive-timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">60"</span> <span class="na">client-header-timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">60s"</span> <span class="na">client-body-timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">60s"</span> </code></pre> </div> <h2> 5. Implementing Caching and Compression </h2> <p>Enable and configure caching and compression for improved performance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">use-gzip</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">gzip-level</span><span class="pi">:</span> <span class="s2">"</span><span class="s">6"</span> <span class="na">gzip-types</span><span class="pi">:</span> <span class="s2">"</span><span class="s">application/json</span><span class="nv"> </span><span class="s">application/x-javascript</span><span class="nv"> </span><span class="s">text/css</span><span class="nv"> </span><span class="s">text/javascript"</span> <span class="na">proxy-cache-path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/tmp/nginx-cache</span><span class="nv"> </span><span class="s">levels=1:2</span><span class="nv"> </span><span class="s">keys_zone=my_cache:10m</span><span class="nv"> </span><span class="s">max_size=10g</span><span class="nv"> </span><span class="s">inactive=60m</span><span class="nv"> </span><span class="s">use_temp_path=off"</span> </code></pre> </div> <p>Then, in your Ingress resource:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/proxy-cache</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my_cache"</span> <span class="na">nginx.ingress.kubernetes.io/proxy-cache-valid</span><span class="pi">:</span> <span class="s2">"</span><span class="s">200</span><span class="nv"> </span><span class="s">60m"</span> </code></pre> </div> <h2> 6. Implementing Rate Limiting </h2> <p>Protect your services with intelligent rate limiting:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/limit-rps</span><span class="pi">:</span> <span class="s2">"</span><span class="s">10"</span> <span class="na">nginx.ingress.kubernetes.io/limit-rpm</span><span class="pi">:</span> <span class="s2">"</span><span class="s">100"</span> </code></pre> </div> <h2> 7. Optimizing Backend Connections </h2> <p>Fine-tune how ingress-nginx connects to your backends:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">upstream-keepalive-connections</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000"</span> <span class="na">upstream-keepalive-timeout</span><span class="pi">:</span> <span class="s2">"</span><span class="s">60"</span> <span class="na">upstream-keepalive-requests</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000"</span> </code></pre> </div> <h2> 8. Implementing Custom Error Pages </h2> <p>Enhance user experience with custom error pages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">custom-http-errors</span><span class="pi">:</span> <span class="s2">"</span><span class="s">404,503"</span> <span class="na">defaultBackendService</span><span class="pi">:</span> <span class="s2">"</span><span class="s">default/custom-error-pages-service"</span> </code></pre> </div> <h2> 9. Leveraging Lua for Advanced Functionality </h2> <p>ingress-nginx supports Lua scripting for custom logic. Here's an example of using Lua to add custom headers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">config</span><span class="pi">:</span> <span class="na">load-balance</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ewma"</span> <span class="na">lua-shared-dicts</span><span class="pi">:</span> <span class="s2">"</span><span class="s">configuration_data:5M"</span> <span class="na">extraVolumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">lua-scripts</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/nginx/lua</span> <span class="na">extraVolumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">lua-scripts</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">lua-scripts</span> </code></pre> </div> <p>Then, create a ConfigMap with your Lua script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">lua-scripts</span> <span class="na">data</span><span class="pi">:</span> <span class="na">custom_headers.lua</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">local headers = ngx.req.get_headers()</span> <span class="s">ngx.header["X-Custom-Header"] = "ingress-nginx"</span> </code></pre> </div> <h2> 10. Implementing Canary Deployments </h2> <p>Use ingress-nginx's built-in canary deployment feature:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/canary</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">nginx.ingress.kubernetes.io/canary-weight</span><span class="pi">:</span> <span class="s2">"</span><span class="s">30"</span> </code></pre> </div> <h2> 11. Monitoring and Metrics </h2> <p>Enable Prometheus metrics for comprehensive monitoring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">controller</span><span class="pi">:</span> <span class="na">metrics</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">serviceMonitor</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> Conclusion </h2> <p>Optimizing ingress-nginx is a continuous process that requires understanding your specific traffic patterns and application requirements. The configurations provided here serve as a starting point for high-performance setups, but always test thoroughly in your environment.</p> <p>Remember, while these optimizations can significantly improve performance, they may also increase resource usage. Monitor your ingress controller closely after implementing changes and be prepared to fine-tune based on real-world results.</p> <p>By leveraging these advanced techniques, you can ensure your ingress-nginx setup is performant, secure, and ready to handle enterprise-level traffic with ease.</p> devops nginx kubernetes targetops