DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve documentation. Add flag to enable vts status module

Browse source
This commit is contained in:
Manuel de Brito Fontes 2016-03-26 18:25:51 -03:00
parent 812d0314c1
commit 41c34bd9e8
7 changed files with 48 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
controllers/nginx-third-party/README.md vendored
View file

@ -426,6 +426,16 @@ Please check the example `rc-custom-configuration.yaml`
If the Configmap it is updated, NGINX will be reloaded with the new configuration If the Configmap it is updated, NGINX will be reloaded with the new configuration
### NGINX status page
The ngx_http_stub_status_module module provides access to basic status information. This is the default module active in the url `/nginx_status`.
This controller provides an alternitive to this module using [nginx-module-vts](https://github.com/vozlt/nginx-module-vts) third party module.
To use this module just provide a ConfigMap with the key `enable-vts-status=true`. The URL is exposed in the port 8080.
Please check the example `example/rc-default.yaml`
![nginx-module-vts screenshot](https://cloud.githubusercontent.com/assets/3648408/10876811/77a67b70-8183-11e5-9924-6a6d0c5dc73a.png "screenshot with filter")
To extract the information in JSON format the module provides a custom URL: `/nginx_status/format/json`
## Troubleshooting ## Troubleshooting

2
controllers/nginx-third-party/examples/as-daemonset.yaml vendored
View file

@ -38,7 +38,7 @@ spec:
hostPort: 80 hostPort: 80
- containerPort: 443 - containerPort: 443
hostPort: 4444 hostPort: 4444
# we expose 8080 to access nginx stats in url /nginx-status # we expose 8080 to access nginx stats in url /nginx_status
# this is optional # this is optional
- containerPort: 8080 - containerPort: 8080
hostPort: 8081 hostPort: 8081

2
controllers/nginx-third-party/examples/rc-custom-configuration.yaml vendored
View file

@ -44,7 +44,7 @@ spec:
hostPort: 80 hostPort: 80
- containerPort: 443 - containerPort: 443
hostPort: 4444 hostPort: 4444
# we expose 8080 to access nginx stats in url /nginx-status # we expose 8080 to access nginx stats in url /nginx_status
# this is optional # this is optional
- containerPort: 8080 - containerPort: 8080
hostPort: 8081 hostPort: 8081

2
controllers/nginx-third-party/examples/rc-default.yaml vendored
View file

@ -44,7 +44,7 @@ spec:
hostPort: 80 hostPort: 80
- containerPort: 443 - containerPort: 443
hostPort: 4444 hostPort: 4444
# we expose 8080 to access nginx stats in url /nginx-status # we expose 8080 to access nginx stats in url /nginx_status
# this is optional # this is optional
- containerPort: 8080 - containerPort: 8080
hostPort: 8081 hostPort: 8081

8
controllers/nginx-third-party/examples/rc-full.yaml vendored
View file

@ -15,11 +15,6 @@ spec:
k8s-app: nginx-ingress-lb k8s-app: nginx-ingress-lb
name: nginx-ingress-lb name: nginx-ingress-lb
spec: spec:
# A secret for each nginx host that requires SSL. These secrets need to
# exist before hand, see README.
# The secret must contains 2 variables: cert and key.
# Follow this https://github.com/bprashanth/Ingress/blob/master/examples/sni/nginx/test.sh
# as a guide on how to generate secrets containing SSL certificates.
volumes: volumes:
- name: dhparam-example - name: dhparam-example
secret: secret:
@ -59,9 +54,6 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /etc/nginx-ssl/dhparam - mountPath: /etc/nginx-ssl/dhparam
name: dhparam-example name: dhparam-example
# the flags tcp-services is required because Ingress do not support TCP rules
# if no namespace is specified "default" is used. Example: nodefaultns/example-go:8080
# containerPort 8080 is mapped to 9000 in the node.
args: args:
- /nginx-third-party-lb - /nginx-third-party-lb
- --tcp-services-configmap=default/tcp-configmap-example - --tcp-services-configmap=default/tcp-configmap-example

36
controllers/nginx-third-party/nginx.tmpl vendored
View file

@ -16,7 +16,7 @@ events {
} }
http { http {
#vhost_traffic_status_zone shared:vhost_traffic_status:10m; {{ if $cfg.enableVtsStatus}}vhost_traffic_status_zone shared:vhost_traffic_status:{{ $cfg.vtsStatusZoneSize }};{{ end }}
# lus sectrion to return proper error codes when custom pages are used # lus sectrion to return proper error codes when custom pages are used
lua_package_path '.?.lua;./etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/lua-resty-http/lib/?.lua;'; lua_package_path '.?.lua;./etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/lua-resty-http/lib/?.lua;';
@ -75,12 +75,17 @@ http {
} }
# trust http_x_forwarded_proto headers correctly indicate ssl offloading # trust http_x_forwarded_proto headers correctly indicate ssl offloading
map $http_x_forwarded_proto $access_scheme { map $http_x_forwarded_proto $pass_access_scheme {
default $http_x_forwarded_proto; default $http_x_forwarded_proto;
'' $scheme; '' $scheme;
} }
map $access_scheme $sts { map $http_x_forwarded_proto $pass_forwarded_for {
default $http_x_forwarded_for;
'' $proxy_add_x_forwarded_for;
}
map $pass_access_scheme $sts {
'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload'; 'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload';
} }
@ -150,6 +155,14 @@ http {
return 200; return 200;
} }
location /nginx_status {
allow 127.0.0.1;
deny all;
access_log off;
stub_status on;
}
{{ template "CUSTOM_ERRORS" $cfg }} {{ template "CUSTOM_ERRORS" $cfg }}
} }
@ -167,6 +180,9 @@ http {
{{ if $server.SSL }}listen 443 ssl http2; {{ if $server.SSL }}listen 443 ssl http2;
ssl_certificate {{ $server.SSLCertificate }}; ssl_certificate {{ $server.SSLCertificate }};
ssl_certificate_key {{ $server.SSLCertificateKey }};{{ end }} ssl_certificate_key {{ $server.SSLCertificateKey }};{{ end }}
{{ if $cfg.enableVtsStatus }}
vhost_traffic_status_filter_by_set_key {{ $server.Name }} application::*;
{{ end }}
server_name {{ $server.Name }}; server_name {{ $server.Name }};
@ -186,10 +202,10 @@ http {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $pass_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_connect_timeout {{ $cfg.proxyConnectTimeout }}s; proxy_connect_timeout {{ $cfg.proxyConnectTimeout }}s;
proxy_send_timeout {{ $cfg.proxySendTimeout }}s; proxy_send_timeout {{ $cfg.proxySendTimeout }}s;
@ -210,7 +226,6 @@ http {
# default server, including healthcheck # default server, including healthcheck
server { server {
listen 8080 default_server{{ if $cfg.useProxyProtocol }} proxy_protocol{{ end }} reuseport; listen 8080 default_server{{ if $cfg.useProxyProtocol }} proxy_protocol{{ end }} reuseport;
#vhost_traffic_status_filter_by_host on;
location /healthz { location /healthz {
access_log off; access_log off;
@ -222,11 +237,14 @@ http {
proxy_pass http://127.0.0.1:10249/healthz; proxy_pass http://127.0.0.1:10249/healthz;
} }
location /nginx-status { location /nginx_status {
#vhost_traffic_status_display; {{ if $cfg.enableVtsStatus }}
#vhost_traffic_status_display_format html; vhost_traffic_status_display;
vhost_traffic_status_display_format html;
{{ else }}
access_log off; access_log off;
stub_status on; stub_status on;
{{ end }}
} }
location / { location / {

8
controllers/nginx-third-party/nginx/main.go vendored
View file

@ -87,6 +87,13 @@ type nginxConfiguration struct {
// Sets the maximum allowed size of the client request body // Sets the maximum allowed size of the client request body
BodySize string `structs:"body-size,omitempty"` BodySize string `structs:"body-size,omitempty"`
// EnableVtsStatus allows the replacement of the default status page with a third party module named
// nginx-module-vts - https://github.com/vozlt/nginx-module-vts
// By default this is disabled
EnableVtsStatus bool `structs:"enable-vts-status,omitempty"`
VtsStatusZoneSize string `structs:"vts-status-zone-size,omitempty"`
// http://nginx.org/en/docs/ngx_core_module.html#error_log // http://nginx.org/en/docs/ngx_core_module.html#error_log
// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg] // Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
// Log levels above are listed in the order of increasing severity // Log levels above are listed in the order of increasing severity
@ -250,6 +257,7 @@ func newDefaultNginxCfg() nginxConfiguration {
UseProxyProtocol: false, UseProxyProtocol: false,
UseGzip: true, UseGzip: true,
WorkerProcesses: strconv.Itoa(runtime.NumCPU()), WorkerProcesses: strconv.Itoa(runtime.NumCPU()),
VtsStatusZoneSize: "10m",
} }
if glog.V(5) { if glog.V(5) {