kubernetes Cloud Native Era: Understanding Ingress Nginx (Middle)

kubernetes Cloud Native Era: Understanding Ingress Nginx (Middle)

Continue to Understand Ingress Nginx (above)

Article Directory


Solve problems How to customize nginx configuration

Customize nginx configuration

Ingress-nginx configuration is no different from the original nginx configuration nginx.conf, you can use ConfigMap to set the global configuration of nginx

data:Here is the nginx configuration set up

nginx-config.yaml

kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
  app: ingress-nginx
data: # Set Custom Configuration
proxy-body-size: "64m" # File size limit
proxy-read-timeout: "180" #Reading and writing time 180s
proxy-send-timeout: "180"

You can see that the official website can be configured with ConfigMap support

We created

[root@master-001 ~]# kubectl apply -f nginx-config.yaml
configmap/nginx-configuration configured

Let's go into the nginx container to see if the configuration works

[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4        siriuszg/nginx-ingress-controller                   "/usr/bin/dumb-init ..."   About an hour ago   Up About an hour                        k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55        registry.aliyuncs.com/google_containers/pause:3.1   "/pause"                 About an hour ago   Up About an hour                        k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh 
$ more nginx.comf

The file is too large. Let's use more to view it

Searching for the nginx configuration we just ate has taken effect

Note: The effective nginx configuration here is not the same name as our configmap configuration, but it is consistent that we should go to the official website to check it before we use it. It is not valid to write the key of nginx.

Nginx adds header information

Global header

If we want to add header header information to nginx, we need to add proxy-set-headers:'ingress-nginx/custom-headers'introduces custom-headers as headers, as follows

custom-header-global.yaml

apiVersion: v1
kind: ConfigMap
data:
 proxy-set-headers: "ingress-nginx/custom-headers" #Use this proxy-set-headers to introduce the header information defined by the custom-headers below
metadata:
 name: nginx-configuration
 namespace: ingress-nginx
 labels:
   app.kubernetes.io/name: ingress-nginx
   app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ConfigMap 
data: # header configuration information
 X-Different-Name: "true"
 X-Request-Start: t=${msec}
 X-Using-Nginx-Controller: "true"
metadata:
 name: custom-headers
 namespace: ingress-nginx

Create one

[root@master-001 ~]# kubectl apply -f custom-header-global.yaml
configmap/nginx-configuration configured
configmap/custom-headers created

Let's go into the nginx container to see if the configuration works

[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4        siriuszg/nginx-ingress-controller                   "/usr/bin/dumb-init ..."   About an hour ago   Up About an hour                        k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55        registry.aliyuncs.com/google_containers/pause:3.1   "/pause"                 About an hour ago   Up About an hour                        k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh 
$ more nginx.comf

An ingress header

The only difference is to add annotations: through nginx.ingress.kubernetes.io/configuration-snippet: | configure multiple header s, and then specify that ingress-nginx through host:

custom-header-spec-ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Request-Id: $req_id";
  name: web-demo
  namespace: dev
spec:
  rules:
  - host: web-dev.mooc.com # Specify the corresponding nignx proxy domain name
    http:
      paths:
      - backend:
          serviceName: web-demo
          servicePort: 80
        path: /

Let's go into the nginx container and see the configuration, that is, only if server_name is web-dev.mooc.com

Nginx Template

Maybe the above does not meet our requirements, so I can use the nginx template custom nginx template

This template is generated programmatically from the template file path: /etc/nginx/template/nginx.tmpl

  1. Get the template file

    To the node following ingress-nginx, take the template file through docker cp b63:/etc/nginx/template/nginx.tmpl. and send it to the main node

    [root@node-001 ~]# docker cp b63:/etc/nginx/template/nginx.tmpl .
    [root@node-001 ~]# ls
    anaconda-ks.cfg  ingress-demo.yaml  nginx-config.yaml  nginx.tmpl
    [root@node-001 ~]# scp nginx.tmpl 172.16.126.132:~/
    nginx.tmpl                                                                                                                                                 100%   49KB  16.8MB/s   00:00
    
  2. Create a Template

    Go to the main node and create the template file you just passed in

    [root@master-001 ~]# kubectl create cm nginx-template --from-file nginx.tmpl -n ingress-nginx
    configmap/nginx-template created
    [root@master-001 ~]# kubectl get cm -n ingress-nginx
    NAME                              DATA   AGE
    custom-headers                    3      75m
    ingress-controller-leader-nginx   0      26d
    nginx-configuration               1      26d
    nginx-template                    1      16s
    tcp-services                      1      26d
    udp-services                      0      26d
    

    The nginx.tmpl file is too large to view here

  3. Mount nginx.tmpl

    The nginx-ingress-controller s need to be modified to increase data volumes specify nginx.tmpl through configMap and increase volume mounts at the container level, as follows

    nginx-ingress-controller.yaml

    [root@master-001 ~]# vi nginx-ingress-controller.yaml
    apiVersion: apps/v1
    kind: DaemonSet 
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
      name: nginx-ingress-controller
      namespace: ingress-nginx
    spec:
      revisionHistoryLimit: 10
      selector:
        matchLabels:
          app.kubernetes.io/name: ingress-nginx
          app.kubernetes.io/part-of: ingress-nginx
      updateStrategy:
        rollingUpdate:
          maxUnavailable: 1
        type: RollingUpdate
      template:
        metadata:
          annotations:
            prometheus.io/port: "10254"
            prometheus.io/scrape: "true"
          creationTimestamp: null
          labels:
            app.kubernetes.io/name: ingress-nginx
            app.kubernetes.io/part-of: ingress-nginx
        spec:
          containers:
          - args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
            - --annotations-prefix=nginx.ingress.kubernetes.io
            # Increase data volume mounting,
            volumeMounts:
              - mountPath: /etc/nginx/template
                name: nginx-template
                readOnly: true
                # end
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            image: siriuszg/nginx-ingress-controller:latest
            imagePullPolicy: Always
            lifecycle:
              preStop:
                exec:
                  command:
                  - /wait-shutdown
            livenessProbe:
              failureThreshold: 3
              httpGet:
                path: /healthz
                port: 10254
                scheme: HTTP
              initialDelaySeconds: 10
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 10
            name: nginx-ingress-controller
            ports:
            - containerPort: 80
              hostPort: 80
              name: http
              protocol: TCP
            - containerPort: 443
              hostPort: 443
              name: https
              protocol: TCP
            readinessProbe:
              failureThreshold: 3
              httpGet:
                path: /healthz
                port: 10254
                scheme: HTTP
              periodSeconds: 10
              successThreshold: 1
              timeoutSeconds: 10
            resources: {}
            securityContext:
              allowPrivilegeEscalation: true
              capabilities:
                add:
                - NET_BIND_SERVICE
                drop:
                - ALL
              runAsUser: 33
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: File
          dnsPolicy: ClusterFirst
          hostNetwork: true 
          nodeSelector:
            kubernetes.io/os: linux
            app: ingress 
          restartPolicy: Always
          schedulerName: default-scheduler
          securityContext: {}
          serviceAccount: nginx-ingress-serviceaccount
          serviceAccountName: nginx-ingress-serviceaccount
          terminationGracePeriodSeconds: 300
           # Specify nginx.tmpl we created above via configmap
          volumes:
            - name: nginx-template-volume
              configMap:
                name: nginx-template
                items:
                - key: nginx.tmpl
                  path: nginx.tmpl
    

    Create one

    [root@master-001 ~]# kubectl apply -f nginx-ingress-controller.yaml
    

    I see I can go to the Container Run Node to see it, but not here...

  4. Modify Template Test

    You don't need to, you know too much grammar, just follow the tiger and cat

    Modify something at will

    [root@master-001 ~]# kubectl edit cm -n ingress-nginx nginx-template
    
    .....
    http2_max_field_size            {{ $cfg.HTTP2MaxFieldSize }};
            http2_max_header_size           {{ $cfg.HTTP2MaxHeaderSize }};
            http2_max_requests              {{ $cfg.HTTP2MaxRequests }};
             									# For example, change types_hash_max_size 2048 to 4096
            types_hash_max_size             4096;
            server_names_hash_max_size      {{ $cfg.ServerNameHashMaxSize }};
            server_names_hash_bucket_size   {{ $cfg.ServerNameHashBucketSize }};
            map_hash_bucket_size            {{ $cfg.MapHashBucketSize }};
            ......
    

    After saving, let's go to the container run node to check the configuration

    [root@node-001 ~]# docker ps |grep nginx
    d76f216c99a4        siriuszg/nginx-ingress-controller                   "/usr/bin/dumb-init ..."   About an hour ago   Up About an hour                        k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
    d26440f04b55        registry.aliyuncs.com/google_containers/pause:3.1   "/pause"                 About an hour ago   Up About an hour                        k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
    [root@node-001 ~]# docker exec -it d7 sh 
    $ more nginx.comf
    

We see it works, and this principle is that kubelt automatically checks configmap periodically to dynamically update the configuration

Thirteen original articles were published. 2. Visits 368
Private letter follow

Tags: Nginx Kubernetes Docker Nignx

Posted on Tue, 04 Feb 2020 21:44:47 -0500 by steviemac