DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add worker-cpu-affinity nginx option (#2201)

Browse source 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
This commit is contained in:
Oilbeater 2018-03-17 00:32:45 +08:00 committed by Manuel Alejandro de Brito Fontes
parent d27a13223f
commit 41cefeb178
6 changed files with 35 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -97,7 +97,7 @@ container: .container-$(ARCH)
.PHONY: .container-$(ARCH) .PHONY: .container-$(ARCH)
.container-$(ARCH): .container-$(ARCH):
cp -RP ./* $(TEMP_DIR) cp -RP ./* $(TEMP_DIR)
$(SED_I) 's|BASEIMAGE|$(BASEIMAGE)|g' $(DOCKERFILE) $(SED_I) "s|BASEIMAGE|$(BASEIMAGE)|g" $(DOCKERFILE)
$(SED_I) "s|QEMUARCH|$(QEMUARCH)|g" $(DOCKERFILE) $(SED_I) "s|QEMUARCH|$(QEMUARCH)|g" $(DOCKERFILE)
$(SED_I) "s|DUMB_ARCH|$(DUMB_ARCH)|g" $(DOCKERFILE) $(SED_I) "s|DUMB_ARCH|$(DUMB_ARCH)|g" $(DOCKERFILE)

10
docs/user-guide/configmap.md
View file

@ -88,6 +88,7 @@ The following table shows a configuration option's name, type, and the default v
|[use-http2](#use-http2)|bool|"true"| |[use-http2](#use-http2)|bool|"true"|
|[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"| |[gzip-types](#gzip-types)|string|"application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"|
|[worker-processes](#worker-processes)|string|`<Number of CPUs>`| |[worker-processes](#worker-processes)|string|`<Number of CPUs>`|
|[worker-cpu-affinity](#worker-cpu-affinity)|string|""|
|[worker-shutdown-timeout](#worker-shutdown-timeout)|string|"10s"| |[worker-shutdown-timeout](#worker-shutdown-timeout)|string|"10s"|
|[load-balance](#load-balance)|string|"least_conn"| |[load-balance](#load-balance)|string|"least_conn"|
|[variables-hash-bucket-size](#variables-hash-bucket-size)|int|128| |[variables-hash-bucket-size](#variables-hash-bucket-size)|int|128|
@ -489,6 +490,15 @@ Sets the MIME types in addition to "text/html" to compress. The special value "\
Sets the number of [worker processes](http://nginx.org/en/docs/ngx_core_module.html#worker_processes). Sets the number of [worker processes](http://nginx.org/en/docs/ngx_core_module.html#worker_processes).
The default of "auto" means number of available CPU cores. The default of "auto" means number of available CPU cores.
## worker-cpu-affinity
Binds worker processes to the sets of CPUs. [worker_cpu_affinity](http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity).
By default worker processes are not bound to any specific CPUs. The value can be:
- "": empty string indicate no affinity is applied.
- cpumask: e.g. `0001 0010 0100 1000` to bind processes to specific cpus.
- auto: binding worker processes automatically to available CPUs.
## worker-shutdown-timeout ## worker-shutdown-timeout
Sets a timeout for Nginx to [wait for worker to gracefully shutdown](http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout). The default is "10s". Sets a timeout for Nginx to [wait for worker to gracefully shutdown](http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout). The default is "10s".

8
internal/file/bindata.go
View file

File diff suppressed because one or more lines are too long

5
internal/ingress/controller/config/config.go
View file

@ -101,6 +101,10 @@ type Configuration struct {
// By default access logs go to /var/log/nginx/access.log // By default access logs go to /var/log/nginx/access.log
AccessLogPath string `json:"access-log-path,omitempty"` AccessLogPath string `json:"access-log-path,omitempty"`
// WorkerCpuAffinity bind nginx worker processes to CPUs this will improve response latency
// http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity
// By default this is disabled
WorkerCpuAffinity string `json:"worker-cpu-affinity,omitempty"`
// ErrorLogPath sets the path of the error logs // ErrorLogPath sets the path of the error logs
// http://nginx.org/en/docs/ngx_core_module.html#error_log // http://nginx.org/en/docs/ngx_core_module.html#error_log
// By default error logs go to /var/log/nginx/error.log // By default error logs go to /var/log/nginx/error.log
@ -492,6 +496,7 @@ func NewDefault() Configuration {
cfg := Configuration{ cfg := Configuration{
AllowBackendServerHeader: false, AllowBackendServerHeader: false,
AccessLogPath: "/var/log/nginx/access.log", AccessLogPath: "/var/log/nginx/access.log",
WorkerCpuAffinity: "",
ErrorLogPath: "/var/log/nginx/error.log", ErrorLogPath: "/var/log/nginx/error.log",
BrotliLevel: 4, BrotliLevel: 4,
BrotliTypes: brotliTypes, BrotliTypes: brotliTypes,

20
internal/ingress/controller/template/configmap.go
View file

@ -56,9 +56,9 @@ func ReadConfig(src map[string]string) config.Configuration {
errors := make([]int, 0) errors := make([]int, 0)
skipUrls := make([]string, 0) skipUrls := make([]string, 0)
whitelist := make([]string, 0) whiteList := make([]string, 0)
proxylist := make([]string, 0) proxyList := make([]string, 0)
hideHeaderslist := make([]string, 0) hideHeadersList := make([]string, 0)
bindAddressIpv4List := make([]string, 0) bindAddressIpv4List := make([]string, 0)
bindAddressIpv6List := make([]string, 0) bindAddressIpv6List := make([]string, 0)
@ -77,7 +77,7 @@ func ReadConfig(src map[string]string) config.Configuration {
} }
if val, ok := conf[hideHeaders]; ok { if val, ok := conf[hideHeaders]; ok {
delete(conf, hideHeaders) delete(conf, hideHeaders)
hideHeaderslist = strings.Split(val, ",") hideHeadersList = strings.Split(val, ",")
} }
if val, ok := conf[skipAccessLogUrls]; ok { if val, ok := conf[skipAccessLogUrls]; ok {
delete(conf, skipAccessLogUrls) delete(conf, skipAccessLogUrls)
@ -85,13 +85,13 @@ func ReadConfig(src map[string]string) config.Configuration {
} }
if val, ok := conf[whitelistSourceRange]; ok { if val, ok := conf[whitelistSourceRange]; ok {
delete(conf, whitelistSourceRange) delete(conf, whitelistSourceRange)
whitelist = append(whitelist, strings.Split(val, ",")...) whiteList = append(whiteList, strings.Split(val, ",")...)
} }
if val, ok := conf[proxyRealIPCIDR]; ok { if val, ok := conf[proxyRealIPCIDR]; ok {
delete(conf, proxyRealIPCIDR) delete(conf, proxyRealIPCIDR)
proxylist = append(proxylist, strings.Split(val, ",")...) proxyList = append(proxyList, strings.Split(val, ",")...)
} else { } else {
proxylist = append(proxylist, "0.0.0.0/0") proxyList = append(proxyList, "0.0.0.0/0")
} }
if val, ok := conf[bindAddress]; ok { if val, ok := conf[bindAddress]; ok {
delete(conf, bindAddress) delete(conf, bindAddress)
@ -137,11 +137,11 @@ func ReadConfig(src map[string]string) config.Configuration {
to := config.NewDefault() to := config.NewDefault()
to.CustomHTTPErrors = filterErrors(errors) to.CustomHTTPErrors = filterErrors(errors)
to.SkipAccessLogURLs = skipUrls to.SkipAccessLogURLs = skipUrls
to.WhitelistSourceRange = whitelist to.WhitelistSourceRange = whiteList
to.ProxyRealIPCIDR = proxylist to.ProxyRealIPCIDR = proxyList
to.BindAddressIpv4 = bindAddressIpv4List to.BindAddressIpv4 = bindAddressIpv4List
to.BindAddressIpv6 = bindAddressIpv6List to.BindAddressIpv6 = bindAddressIpv6List
to.HideHeaders = hideHeaderslist to.HideHeaders = hideHeadersList
to.HTTPRedirectCode = redirectCode to.HTTPRedirectCode = redirectCode
to.ProxyStreamResponses = streamResponses to.ProxyStreamResponses = streamResponses
to.DisableIpv6DNS = !ing_net.IsIPv6Enabled() to.DisableIpv6DNS = !ing_net.IsIPv6Enabled()

6
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -16,10 +16,14 @@ load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
daemon off; daemon off;
worker_processes {{ $cfg.WorkerProcesses }}; worker_processes {{ $cfg.WorkerProcesses }};
{{ if gt (len $cfg.WorkerCpuAffinity) 0 }}
worker_cpu_affinity {{ $cfg.WorkerCpuAffinity }};
{{ end }}
pid /run/nginx.pid; pid /run/nginx.pid;
{{ if ne .MaxOpenFiles 0 }} {{ if ne .MaxOpenFiles 0 }}
worker_rlimit_nofile {{ .MaxOpenFiles }}; worker_rlimit_nofile {{ .MaxOpenFiles }};
{{ end}} {{ end }}
{{/* http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout */}} {{/* http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout */}}
{{/* avoid waiting too long during a reload */}} {{/* avoid waiting too long during a reload */}}