Dec*_*lty 10 yaml nginx kubernetes kubernetes-ingress nginx-ingress
我有一个kubernetes集群,我使用helm nginx-ingress图表部署了一个nginx入口控制器.
我需要在nginx-controller-pod中生成的nginx.conf文件中添加一些自定义配置,我看到一个问题,如果我添加一行选项,如proxy-buffer-size: "512k"我可以看到这反映在nginx.conf中文件和一切按预期工作.
但是,如果我尝试添加一个片段来完成同样的事情:
location-snippet: |
proxy_buffer_size "512k";
就好像nginx.conf文件忽略了proxy_buffer_size它,并且设置保持默认值.
我需要能够添加http-snippet,server-snippet和location-snippet重写,但我是否尝试将它们添加到ConfigMap或注释中Ingress.yaml文件,他们总是被忽略.
我的Ingress yaml文件:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/secure-backends: "true"
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/location-snippet: |
proxy_buffer_size 512k; --This does not update the nginx.conf
spec:
tls:
- hosts:
- my.app.co.uk
secretName: tls-secret
rules:
- host: my.app.co.uk
http:
paths:
- path: /
backend:
serviceName: myappweb-service
servicePort: 80
我的nginx配置图:
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-0.28.3
component: controller
heritage: Tiller
release: nginx-ingress
name: nginx-ingress-controller
namespace: default
data:
proxy-buffer-size: "512k" -- this works and updates the nginx.conf
location-snippet: |
proxy_buffers 4 512k; -- this does not update the nginx.conf
server-snippet: | -- this does not update the nginx.conf
location /messagehub {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
小智 23
我花了一天的时间才知道对于ingress-nginx(来自 Kubernetes)有*-snippet,但是对于nginx-ingress(来自 NGINX)则*-snippets有s。
看这里:
如果您想修改Kubernetes,Ingress则注释选项如下:
nginx.ingress.kubernetes.io/configuration-snippet 用于nginx位置阻止代码段nginx.ingress.kubernetes.io/server-snippet 在Nginx config服务块中的代码段看起来您正在使用nginx.org/location-snippets:这种情况。
Nginx配置示例上还有一个YAML无效语法,并且您应该server-snippets按照此示例使用复数形式。在撰写本文时,文档中有一个错字。打开此票以跟进。
应该是这样的:
server-snippets: |
location /messagehub {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
代替这个:
server-snippet: |
location /messagehub {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
请注意最后一个花括号的缩进。
原来,我的问题是由于我正在应用的摘录的内容。每次运行时kubectl apply -f myconfigmap.yaml,都会对要应用于nginx.conf的更改进行验证。当此验证失败时,它会静默失败,并且在终端中没有任何警报可提醒您。
实际上,您仍然会收到configmap/nginx-ingress-controller configured消息。
例如,当我将其添加到配置映射时,它会按预期更新nginx.conf:
http-snippet: |
sendfile on;
但是,当我添加此内容时,没有任何变化:
http-snippet: |
sendfile on;
tcp_nopush on;
原因是此操作未通过验证,但找出该错误的唯一方法是查看nginx入口控制器容器的日志。在这种情况下,我看到:
Error: exit status 1
2018/10/16 07:45:49 [emerg] 470#470: "tcp_nopush" directive is duplicate in
/tmp/nginx-cfg468835321:245
nginx: [emerg] "tcp_nopush" directive is duplicate in /tmp/nginx-cfg468835321:245
nginx: configuration file /tmp/nginx-cfg468835321 test failed
所以我在复制一个已经存在的指令。
| 归档时间: |
|
| 查看次数: |
5198 次 |
| 最近记录: |