Nginx Ingress零停机发布与连接保持实践

概述目标：在发布期间保持现有连接与会话，缓慢引入新版本后端，避免突发负载与连接中断。适用：需要平滑发布与长连接业务（WebSocket、HTTP/2）。核心与实战Ingress注解（连接保持与缓慢启动）：apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: web

namespace: prod

annotations:

nginx.ingress.kubernetes.io/keepalive: "64"

nginx.ingress.kubernetes.io/proxy-send-timeout: "30"

nginx.ingress.kubernetes.io/proxy-read-timeout: "30"

nginx.ingress.kubernetes.io/slow-start: "true"

spec:

rules:

- host: app.example.com

http:

paths:

- path: /

pathType: Prefix

backend:

service:

name: web-svc

port:

number: 8080

Service与Deployment（就绪探针保障）：apiVersion: apps/v1

kind: Deployment

metadata:

name: web

namespace: prod

spec:

replicas: 3

selector:

matchLabels: { app: web }

template:

metadata:

labels: { app: web }

spec:

containers:

- name: web

image: repo/web:2.0.0

readinessProbe:

httpGet: { path: /healthz, port: 8080 }

initialDelaySeconds: 5

periodSeconds: 5

livenessProbe:

httpGet: { path: /livez, port: 8080 }

initialDelaySeconds: 10

periodSeconds: 10

示例滚动发布与验证连接保持：kubectl -n prod rollout restart deployment/web

watch -n1 kubectl -n prod get pods -l app=web

监控Nginx Ingress连接：kubectl -n ingress-nginx exec deploy/ingress-nginx-controller -- curl -s http://127.0.0.1:10254/metrics | grep nginx_ingress_controller_connections

验证与监控会话与长连接：确保就绪探针通过后才接入流量；缓慢启动减少新Pod瞬时压力。回源稳定性：观察keepalive连接数量与超时；根据后端能力调整。错误与回滚：发布异常时回滚镜像版本；确保Ingress与Service不需改动即可回退。常见误区未设置就绪探针导致未准备就绪的Pod接收流量；需合理探针。关闭keepalive导致每次回源重建连接；增加延迟与负载。忽视缓慢启动在高并发场景的作用；新版本易被瞬时压垮。结语通过Ingress注解与探针、缓慢启动与连接保持，可实现零停机发布并维持回源稳定性与用户体验。