kubernetes云原生纪元:领悟Ingress Nginx(中)
续领悟Ingress Nginx(上)
文章目录
解决问题如何自定义nginx 配置
自定义nginx 配置
Ingress-nginx 的配置跟原始的nginx的配置nginx.conf 没什么区别,可以使用ConfigMap来设置nginx的全局配置
data:
以下是设置的nginx 配置
nginx-config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data: # 设置自定义配置
proxy-body-size: "64m" # 文件大小的限制
proxy-read-timeout: "180" #读写时间180s
proxy-send-timeout: "180"
可以看下官网可以通过ConfigMap支持的配置
我们创建下
[root@master-001 ~]# kubectl apply -f nginx-config.yaml
configmap/nginx-configuration configured
我们进入到nginx容器里面看下配置是否生效
[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4 siriuszg/nginx-ingress-controller "/usr/bin/dumb-init …" About an hour ago Up About an hour k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh
$ more nginx.comf
文件太大我们使用more
查看
搜索我们刚吃配置的nginx 配置,已经生效了
注意:这里的生效的nginx 配置跟我们在configmap配置的名字不太一样,但是作用是一致的我们用之前最好去官网去查阅,不要写nginx的key,是不生效的。
Nginx 增加header 信息
全局header
如果我们要在nginx加一下header头部信息 需要增加proxy-set-headers: "ingress-nginx/custom-headers"
把custom-headers当作header引入进去,具体如下
custom-header-global.yaml
apiVersion: v1
kind: ConfigMap
data:
proxy-set-headers: "ingress-nginx/custom-headers" #通过这个proxy-set-headers 引入下面的custom-headers定义的header信息
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
data: # header配置信息
X-Different-Name: "true"
X-Request-Start: t=${msec}
X-Using-Nginx-Controller: "true"
metadata:
name: custom-headers
namespace: ingress-nginx
创建一下
[root@master-001 ~]# kubectl apply -f custom-header-global.yaml
configmap/nginx-configuration configured
configmap/custom-headers created
我们进入到nginx容器里面看下配置是否生效
[root@node-001 ~]# docker ps |grep nginx
d76f216c99a4 siriuszg/nginx-ingress-controller "/usr/bin/dumb-init …" About an hour ago Up About an hour k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
d26440f04b55 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0
[root@node-001 ~]# docker exec -it d7 sh
$ more nginx.comf
某个ingress header
唯一区别是增加annotations:
通过nginx.ingress.kubernetes.io/configuration-snippet: |
配置多个header,然后通过host:
指定那个ingress-nginx
custom-header-spec-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Request-Id: $req_id";
name: web-demo
namespace: dev
spec:
rules:
- host: web-dev.mooc.com # 指定对应的nignx 代理域名的
http:
paths:
- backend:
serviceName: web-demo
servicePort: 80
path: /
我们进入到nginx容器里面看下配置,也就是说只在server_name 是web-dev.mooc.com生效
Nginx 模版
可能以上还不能满足我们的要求,我就就可以用nginx模版custom nginx template
这个模版通过程序生成模版文件 路径:/etc/nginx/template/nginx.tmpl
-
拿到模版文件
来到按照ingress-nginx的node节点,通过
docker cp b63:/etc/nginx/template/nginx.tmpl .
拿取到模版文件,然后发送到主节点[root@node-001 ~]# docker cp b63:/etc/nginx/template/nginx.tmpl . [root@node-001 ~]# ls anaconda-ks.cfg ingress-demo.yaml nginx-config.yaml nginx.tmpl [root@node-001 ~]# scp nginx.tmpl 172.16.126.132:~/ nginx.tmpl 100% 49KB 16.8MB/s 00:00
-
创建模版
来到主节点,把刚才传过来的模版文件创建一下
[root@master-001 ~]# kubectl create cm nginx-template --from-file nginx.tmpl -n ingress-nginx configmap/nginx-template created [root@master-001 ~]# kubectl get cm -n ingress-nginx NAME DATA AGE custom-headers 3 75m ingress-controller-leader-nginx 0 26d nginx-configuration 1 26d nginx-template 1 16s tcp-services 1 26d udp-services 0 26d
nginx.tmpl 文件太大了这里不查看了
-
挂载nginx.tmpl
需要修改nginx-ingress-controller 增加数据卷通过configMap指定nginx.tmpl, 在容器级增加volume挂载,具体如下
nginx-ingress-controller.yaml
[root@master-001 ~]# vi nginx-ingress-controller.yaml apiVersion: apps/v1 kind: DaemonSet metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx name: nginx-ingress-controller namespace: ingress-nginx spec: revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: annotations: prometheus.io/port: "10254" prometheus.io/scrape: "true" creationTimestamp: null labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: containers: - args: - /nginx-ingress-controller - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io # 增加数据卷挂载, volumeMounts: - mountPath: /etc/nginx/template name: nginx-template readOnly: true # end env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: siriuszg/nginx-ingress-controller:latest imagePullPolicy: Always lifecycle: preStop: exec: command: - /wait-shutdown livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 name: nginx-ingress-controller ports: - containerPort: 80 hostPort: 80 name: http protocol: TCP - containerPort: 443 hostPort: 443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 resources: {} securityContext: allowPrivilegeEscalation: true capabilities: add: - NET_BIND_SERVICE drop: - ALL runAsUser: 33 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst hostNetwork: true nodeSelector: kubernetes.io/os: linux app: ingress restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: nginx-ingress-serviceaccount serviceAccountName: nginx-ingress-serviceaccount terminationGracePeriodSeconds: 300 # 通过configmap指定我们上面创建的nginx.tmpl volumes: - name: nginx-template-volume configMap: name: nginx-template items: - key: nginx.tmpl path: nginx.tmpl
创建一下
[root@master-001 ~]# kubectl apply -f nginx-ingress-controller.yaml
我看可以去 容器运行节点查看下,这里就不看了…
-
修改模版测试
修改的时候不需要,知道太多语法,直接照猫画虎就可以
随便修改一点东西
[root@master-001 ~]# kubectl edit cm -n ingress-nginx nginx-template
..... http2_max_field_size {{ $cfg.HTTP2MaxFieldSize }}; http2_max_header_size {{ $cfg.HTTP2MaxHeaderSize }}; http2_max_requests {{ $cfg.HTTP2MaxRequests }}; # 比如把types_hash_max_size 2048改成4096 types_hash_max_size 4096; server_names_hash_max_size {{ $cfg.ServerNameHashMaxSize }}; server_names_hash_bucket_size {{ $cfg.ServerNameHashBucketSize }}; map_hash_bucket_size {{ $cfg.MapHashBucketSize }}; ......
保存后我们去容器运行节点查看一下配置
[root@node-001 ~]# docker ps |grep nginx d76f216c99a4 siriuszg/nginx-ingress-controller "/usr/bin/dumb-init …" About an hour ago Up About an hour k8s_nginx-ingress-controller_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0 d26440f04b55 registry.aliyuncs.com/google_containers/pause:3.1 "/pause" About an hour ago Up About an hour k8s_POD_nginx-ingress-controller-s2nt5_ingress-nginx_0f3f90fe-9416-44eb-998b-cd408fd593de_0 [root@node-001 ~]# docker exec -it d7 sh $ more nginx.comf
我们看到已经生效,这个原理是由kubelt定期自动检查configmap,动态更新配置