社区微信群开通啦,扫一扫抢先加入社区官方微信群
社区微信群
续领悟Ingress Nginx(上)
Ingress-nginx 的配置跟原始的nginx的配置nginx.conf 没什么区别,可以使用ConfigMap来设置nginx的全局配置
data:
以下是设置的nginx 配置
nginx-config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data: # 设置自定义配置
proxy-body-size: "64m" # 文件大小的限制
proxy-read-timeout: "180" #读写时间180s
proxy-send-timeout: "180"
可以看下官网可以通过ConfigMap支持的配置
我们创建下
[root@master-001 ~]# kubectl apply -f nginx-config.yaml
configmap/nginx-configuration configured
我们进入到nginx容器里面看下配置是否生效
[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4 siriuszg/nginx-ingress-controller "/usr/bin/dumb-init …" About an hour ago Up About an hour k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh
$ more nginx.comf
文件太大我们使用more
查看
搜索我们刚吃配置的nginx 配置,已经生效了
注意:这里的生效的nginx 配置跟我们在configmap配置的名字不太一样,但是作用是一致的我们用之前最好去官网去查阅,不要写nginx的key,是不生效的。
如果我们要在nginx加一下header头部信息 需要增加proxy-set-headers: "ingress-nginx/custom-headers"
把custom-headers当作header引入进去,具体如下
custom-header-global.yaml
apiVersion: v1
kind: ConfigMap
data:
proxy-set-headers: "ingress-nginx/custom-headers" #通过这个proxy-set-headers 引入下面的custom-headers定义的header信息
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
data: # header配置信息
X-Different-Name: "true"
X-Request-Start: t=${msec}
X-Using-Nginx-Controller: "true"
metadata:
name: custom-headers
namespace: ingress-nginx
创建一下
[root@master-001 ~]# kubectl apply -f custom-header-global.yaml
configmap/nginx-configuration configured
configmap/custom-headers created
我们进入到nginx容器里面看下配置是否生效
[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4 siriuszg/nginx-ingress-controller "/usr/bin/dumb-init …" About an hour ago Up About an hour k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh
$ more nginx.comf
唯一区别是增加annotations:
通过nginx.ingress.kubernetes.io/configuration-snippet: |
配置多个header,然后通过host:
指定那个ingress-nginx
custom-header-spec-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Request-Id: $req_id";
name: web-demo
namespace: dev
spec:
rules:
- host: web-dev.mooc.com # 指定对应的nignx 代理域名的
http:
paths:
- backend:
serviceName: web-demo
servicePort: 80
path: /
我们进入到nginx容器里面看下配置,也就是说只在server_name 是web-dev.mooc.com生效
可能以上还不能满足我们的要求,我就就可以用nginx模版custom nginx template
这个模版通过程序生成模版文件 路径:/etc/nginx/template/nginx.tmpl
拿到模版文件
来到按照ingress-nginx的node节点,通过docker cp b63:/etc/nginx/template/nginx.tmpl .
拿取到模版文件,然后发送到主节点
[root@node-001 ~]# docker cp b63:/etc/nginx/template/nginx.tmpl .
[root@node-001 ~]# ls
anaconda-ks.cfg ingress-demo.yaml nginx-config.yaml nginx.tmpl
[root@node-001 ~]# scp nginx.tmpl 172.16.126.132:~/
nginx.tmpl 100% 49KB 16.8MB/s 00:00
创建模版
来到主节点,把刚才传过来的模版文件创建一下
[root@master-001 ~]# kubectl create cm nginx-template --from-file nginx.tmpl -n ingress-nginx
configmap/nginx-template created
[root@master-001 ~]# kubectl get cm -n ingress-nginx
NAME DATA AGE
custom-headers 3 75m
ingress-controller-leader-nginx 0 26d
nginx-configuration 1 26d
nginx-template 1 16s
tcp-services 1 26d
udp-services 0 26d
nginx.tmpl 文件太大了这里不查看了
挂载nginx.tmpl
需要修改nginx-ingress-controller 增加数据卷通过configMap指定nginx.tmpl, 在容器级增加volume挂载,具体如下
nginx-ingress-controller.yaml
[root@master-001 ~]# vi nginx-ingress-controller.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
# 增加数据卷挂载,
volumeMounts:
- mountPath: /etc/nginx/template
name: nginx-template
readOnly: true
# end
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: siriuszg/nginx-ingress-controller:latest
imagePullPolicy: Always
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
name: nginx-ingress-controller
ports:
- containerPort: 80
hostPort: 80
name: http
protocol: TCP
- containerPort: 443
hostPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 33
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
hostNetwork: true
nodeSelector:
kubernetes.io/os: linux
app: ingress
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: nginx-ingress-serviceaccount
serviceAccountName: nginx-ingress-serviceaccount
terminationGracePeriodSeconds: 300
# 通过configmap指定我们上面创建的nginx.tmpl
volumes:
- name: nginx-template-volume
configMap:
name: nginx-template
items:
- key: nginx.tmpl
path: nginx.tmpl
创建一下
[root@master-001 ~]# kubectl apply -f nginx-ingress-controller.yaml
我看可以去 容器运行节点查看下,这里就不看了…
修改模版测试
修改的时候不需要,知道太多语法,直接照猫画虎就可以
随便修改一点东西
[root@master-001 ~]# kubectl edit cm -n ingress-nginx nginx-template
.....
http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }};
http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }};
http2_max_requests {{ $cfg.HTTP2MaxRequests }};
# 比如把types_hash_max_size 2048改成4096
types_hash_max_size 4096;
server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }};
server_names_hash_bucket_size {{ $cfg.ServerNameHashBucketSize }};
map_hash_bucket_size {{ $cfg.MapHashBucketSize }};
......
保存后我们去容器运行节点查看一下配置
[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4 siriuszg/nginx-ingress-controller "/usr/bin/dumb-init …" About an hour ago Up About an hour k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh
$ more nginx.comf
我们看到已经生效,这个原理是由kubelt定期自动检查configmap,动态更新配置
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!