Improve documentation. Add flag to enable vts status module
This commit is contained in:
Manuel de Brito Fontes
parent
812d0314c1
commit
41c34bd9e8
7 changed files with 48 additions and 20 deletions
10
controllers/nginx-third-party/README.md
vendored
10
controllers/nginx-third-party/README.md
vendored
|
|
@ -426,6 +426,16 @@ Please check the example `rc-custom-configuration.yaml`
|
|||
|
||||
If the Configmap it is updated, NGINX will be reloaded with the new configuration
|
||||
|
||||
### NGINX status page
|
||||
|
||||
The ngx_http_stub_status_module module provides access to basic status information. This is the default module active in the url `/nginx_status`.
|
||||
This controller provides an alternitive to this module using [nginx-module-vts](https://github.com/vozlt/nginx-module-vts) third party module.
|
||||
To use this module just provide a ConfigMap with the key `enable-vts-status=true`. The URL is exposed in the port 8080.
|
||||
Please check the example `example/rc-default.yaml`
|
||||
|
||||
|
||||
|
||||
To extract the information in JSON format the module provides a custom URL: `/nginx_status/format/json`
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
hostPort: 80
|
||||
- containerPort: 443
|
||||
hostPort: 4444
|
||||
# we expose 8080 to access nginx stats in url /nginx-status
|
||||
# we expose 8080 to access nginx stats in url /nginx_status
|
||||
# this is optional
|
||||
- containerPort: 8080
|
||||
hostPort: 8081
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
hostPort: 80
|
||||
- containerPort: 443
|
||||
hostPort: 4444
|
||||
# we expose 8080 to access nginx stats in url /nginx-status
|
||||
# we expose 8080 to access nginx stats in url /nginx_status
|
||||
# this is optional
|
||||
- containerPort: 8080
|
||||
hostPort: 8081
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
hostPort: 80
|
||||
- containerPort: 443
|
||||
hostPort: 4444
|
||||
# we expose 8080 to access nginx stats in url /nginx-status
|
||||
# we expose 8080 to access nginx stats in url /nginx_status
|
||||
# this is optional
|
||||
- containerPort: 8080
|
||||
hostPort: 8081
|
||||
|
|
|
|||
|
|
@ -15,11 +15,6 @@ spec:
|
|||
k8s-app: nginx-ingress-lb
|
||||
name: nginx-ingress-lb
|
||||
spec:
|
||||
# A secret for each nginx host that requires SSL. These secrets need to
|
||||
# exist before hand, see README.
|
||||
# The secret must contains 2 variables: cert and key.
|
||||
# Follow this https://github.com/bprashanth/Ingress/blob/master/examples/sni/nginx/test.sh
|
||||
# as a guide on how to generate secrets containing SSL certificates.
|
||||
volumes:
|
||||
- name: dhparam-example
|
||||
secret:
|
||||
|
|
@ -59,9 +54,6 @@ spec:
|
|||
volumeMounts:
|
||||
- mountPath: /etc/nginx-ssl/dhparam
|
||||
name: dhparam-example
|
||||
# the flags tcp-services is required because Ingress do not support TCP rules
|
||||
# if no namespace is specified "default" is used. Example: nodefaultns/example-go:8080
|
||||
# containerPort 8080 is mapped to 9000 in the node.
|
||||
args:
|
||||
- /nginx-third-party-lb
|
||||
- --tcp-services-configmap=default/tcp-configmap-example
|
||||
|
|
|
|||
36
controllers/nginx-third-party/nginx.tmpl
vendored
36
controllers/nginx-third-party/nginx.tmpl
vendored
|
|
@ -16,7 +16,7 @@ events {
|
|||
}
|
||||
|
||||
http {
|
||||
#vhost_traffic_status_zone shared:vhost_traffic_status:10m;
|
||||
{{ if $cfg.enableVtsStatus}}vhost_traffic_status_zone shared:vhost_traffic_status:{{ $cfg.vtsStatusZoneSize }};{{ end }}
|
||||
|
||||
# lus sectrion to return proper error codes when custom pages are used
|
||||
lua_package_path '.?.lua;./etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/lua-resty-http/lib/?.lua;';
|
||||
|
|
@ -75,12 +75,17 @@ http {
|
|||
}
|
||||
|
||||
# trust http_x_forwarded_proto headers correctly indicate ssl offloading
|
||||
map $http_x_forwarded_proto $access_scheme {
|
||||
map $http_x_forwarded_proto $pass_access_scheme {
|
||||
default $http_x_forwarded_proto;
|
||||
'' $scheme;
|
||||
}
|
||||
|
||||
map $access_scheme $sts {
|
||||
map $http_x_forwarded_proto $pass_forwarded_for {
|
||||
default $http_x_forwarded_for;
|
||||
'' $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
map $pass_access_scheme $sts {
|
||||
'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload';
|
||||
}
|
||||
|
||||
|
|
@ -150,6 +155,14 @@ http {
|
|||
return 200;
|
||||
}
|
||||
|
||||
location /nginx_status {
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
|
||||
access_log off;
|
||||
stub_status on;
|
||||
}
|
||||
|
||||
{{ template "CUSTOM_ERRORS" $cfg }}
|
||||
}
|
||||
|
||||
|
|
@ -167,6 +180,9 @@ http {
|
|||
{{ if $server.SSL }}listen 443 ssl http2;
|
||||
ssl_certificate {{ $server.SSLCertificate }};
|
||||
ssl_certificate_key {{ $server.SSLCertificateKey }};{{ end }}
|
||||
{{ if $cfg.enableVtsStatus }}
|
||||
vhost_traffic_status_filter_by_set_key {{ $server.Name }} application::*;
|
||||
{{ end }}
|
||||
|
||||
server_name {{ $server.Name }};
|
||||
|
||||
|
|
@ -186,10 +202,10 @@ http {
|
|||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-For $pass_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
|
||||
|
||||
proxy_connect_timeout {{ $cfg.proxyConnectTimeout }}s;
|
||||
proxy_send_timeout {{ $cfg.proxySendTimeout }}s;
|
||||
|
|
@ -210,7 +226,6 @@ http {
|
|||
# default server, including healthcheck
|
||||
server {
|
||||
listen 8080 default_server{{ if $cfg.useProxyProtocol }} proxy_protocol{{ end }} reuseport;
|
||||
#vhost_traffic_status_filter_by_host on;
|
||||
|
||||
location /healthz {
|
||||
access_log off;
|
||||
|
|
@ -222,11 +237,14 @@ http {
|
|||
proxy_pass http://127.0.0.1:10249/healthz;
|
||||
}
|
||||
|
||||
location /nginx-status {
|
||||
#vhost_traffic_status_display;
|
||||
#vhost_traffic_status_display_format html;
|
||||
location /nginx_status {
|
||||
{{ if $cfg.enableVtsStatus }}
|
||||
vhost_traffic_status_display;
|
||||
vhost_traffic_status_display_format html;
|
||||
{{ else }}
|
||||
access_log off;
|
||||
stub_status on;
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
location / {
|
||||
|
|
|
|||
8
controllers/nginx-third-party/nginx/main.go
vendored
8
controllers/nginx-third-party/nginx/main.go
vendored
|
|
@ -87,6 +87,13 @@ type nginxConfiguration struct {
|
|||
// Sets the maximum allowed size of the client request body
|
||||
BodySize string `structs:"body-size,omitempty"`
|
||||
|
||||
// EnableVtsStatus allows the replacement of the default status page with a third party module named
|
||||
// nginx-module-vts - https://github.com/vozlt/nginx-module-vts
|
||||
// By default this is disabled
|
||||
EnableVtsStatus bool `structs:"enable-vts-status,omitempty"`
|
||||
|
||||
VtsStatusZoneSize string `structs:"vts-status-zone-size,omitempty"`
|
||||
|
||||
// http://nginx.org/en/docs/ngx_core_module.html#error_log
|
||||
// Configures logging level [debug | info | notice | warn | error | crit | alert | emerg]
|
||||
// Log levels above are listed in the order of increasing severity
|
||||
|
|
@ -250,6 +257,7 @@ func newDefaultNginxCfg() nginxConfiguration {
|
|||
UseProxyProtocol: false,
|
||||
UseGzip: true,
|
||||
WorkerProcesses: strconv.Itoa(runtime.NumCPU()),
|
||||
VtsStatusZoneSize: "10m",
|
||||
}
|
||||
|
||||
if glog.V(5) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue