diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md index ee93a7e05..144885120 100644 --- a/docs/user-guide/nginx-configuration/configmap.md +++ b/docs/user-guide/nginx-configuration/configmap.md @@ -60,7 +60,8 @@ The following table shows a configuration option's name, type, and the default v |[log-format-upstream](#log-format-upstream)|string|`%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`| |[log-format-stream](#log-format-stream)|string|`[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`| |[enable-multi-accept](#enable-multi-accept)|bool|"true"| -|[max-worker-connections](#max-worker-connections)|int|16384| +|[max-worker-connections](#max-worker-connections)|int|0| +|[max-worker-open-files](#max-worker-open-files)|int|0| |[map-hash-bucket-size](#max-worker-connections)|int|64| |[nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)|[]string|"127.0.0.1"| |[nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)|[]string|"::1"| @@ -359,7 +360,15 @@ _References:_ ## max-worker-connections -Sets the maximum number of simultaneous connections that can be opened by each [worker process](http://nginx.org/en/docs/ngx_core_module.html#worker_connections) +Sets the [maximum number of simultaneous connections](http://nginx.org/en/docs/ngx_core_module.html#worker_connections) that can be opened by each worker process. +The default of 0 uses the value of [max-worker-open-files](#max-worker-open-files). +_**default:**_ 0 + +## max-worker-open-files + +Sets the [maximum number of files](http://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile) that can be opened by each worker process. +The default of 0 means "max open files (system's limit) / [worker-processes](#worker-processes) - 1024". +_**default:**_ 0 ## map-hash-bucket-size diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 84ea2f516..3dfdccddb 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -235,6 +235,10 @@ type Configuration struct { // http://nginx.org/en/docs/ngx_core_module.html#worker_connections MaxWorkerConnections int `json:"max-worker-connections,omitempty"` + // Maximum number of files that can be opened by each worker process. + // http://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile + MaxWorkerOpenFiles int `json:"max-worker-open-files,omitempty"` + // Sets the bucket size for the map variables hash tables. // Default value depends on the processor’s cache line size. // http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size @@ -605,7 +609,8 @@ func NewDefault() Configuration { LogFormatStream: logFormatStream, LogFormatUpstream: logFormatUpstream, EnableMultiAccept: true, - MaxWorkerConnections: 16384, + MaxWorkerConnections: 0, + MaxWorkerOpenFiles: 0, MapHashBucketSize: 64, NginxStatusIpv4Whitelist: defNginxStatusIpv4Whitelist, NginxStatusIpv6Whitelist: defNginxStatusIpv6Whitelist, @@ -697,7 +702,6 @@ func (cfg Configuration) BuildLogFormatUpstream() string { type TemplateConfig struct { ProxySetHeaders map[string]string AddHeaders map[string]string - MaxOpenFiles int BacklogSize int Backends []*ingress.Backend PassthroughBackends []*ingress.SSLPassthroughBackend diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index 22065aa40..46725b5c7 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -522,18 +522,27 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error { cfg.ServerNameHashMaxSize = serverNameHashMaxSize } - // the limit of open files is per worker process - // and we leave some room to avoid consuming all the FDs available - wp, err := strconv.Atoi(cfg.WorkerProcesses) - klog.V(3).Infof("Number of worker processes: %d", wp) - if err != nil { - wp = 1 + if cfg.MaxWorkerOpenFiles == 0 { + // the limit of open files is per worker process + // and we leave some room to avoid consuming all the FDs available + wp, err := strconv.Atoi(cfg.WorkerProcesses) + klog.V(3).Infof("Number of worker processes: %d", wp) + if err != nil { + wp = 1 + } + maxOpenFiles := (sysctlFSFileMax() / wp) - 1024 + klog.V(3).Infof("Maximum number of open file descriptors: %d", maxOpenFiles) + if maxOpenFiles < 1024 { + // this means the value of RLIMIT_NOFILE is too low. + maxOpenFiles = 1024 + } + klog.V(3).Infof("Adjusting MaxWorkerOpenFiles variable to %d", maxOpenFiles) + cfg.MaxWorkerOpenFiles = maxOpenFiles } - maxOpenFiles := (sysctlFSFileMax() / wp) - 1024 - klog.V(2).Infof("Maximum number of open file descriptors: %d", maxOpenFiles) - if maxOpenFiles < 1024 { - // this means the value of RLIMIT_NOFILE is too low. - maxOpenFiles = 1024 + + if cfg.MaxWorkerConnections == 0 { + klog.V(3).Infof("Adjusting MaxWorkerConnections variable to %d", cfg.MaxWorkerOpenFiles) + cfg.MaxWorkerConnections = cfg.MaxWorkerOpenFiles } setHeaders := map[string]string{} @@ -583,7 +592,6 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error { tc := ngx_config.TemplateConfig{ ProxySetHeaders: setHeaders, AddHeaders: addHeaders, - MaxOpenFiles: maxOpenFiles, BacklogSize: sysctlSomaxconn(), Backends: ingressCfg.Backends, PassthroughBackends: ingressCfg.PassthroughBackends, diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index c8473afa7..cec76426d 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -29,9 +29,7 @@ worker_processes {{ $cfg.WorkerProcesses }}; worker_cpu_affinity {{ $cfg.WorkerCPUAffinity }}; {{ end }} -{{ if ne .MaxOpenFiles 0 }} -worker_rlimit_nofile {{ .MaxOpenFiles }}; -{{ end }} +worker_rlimit_nofile {{ $cfg.MaxWorkerOpenFiles }}; {{/* http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout */}} {{/* avoid waiting too long during a reload */}}