我有一个kubernetes集群,在其中使用helm nginx-ingress chart部署了一个nginx入口控制器。
我需要将一些自定义配置添加到在nginx-controller-pod中生成的nginx.conf文件中,并且遇到一个问题,如果我添加单行选项(例如proxy-buffer-size: "512k",我可以看到这反映在nginx.conf文件中,并且一切正常。
但是,如果我尝试添加一个片段来完成同一件事:
location-snippet: |
proxy_buffer_size "512k";
这似乎被nginx.conf文件忽略,并且proxy_buffer_size设置保持其默认值。
我需要能够添加http-snippet,server-snippet和location-snippet覆盖,但是无论我尝试将它们添加到ConfigMap还是作为Ingress.yaml文件中的注释,它们都是总是被忽略。
我的Ingress Yaml文件:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/secure-backends: "true"
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/location-snippet: |
proxy_buffer_size 512k; --This does not update the nginx.conf
spec:
tls:
- hosts:
- my.app.co.uk
secretName: tls-secret
rules:
- host: my.app.co.uk
http:
paths:
- path: /
backend:
serviceName: myappweb-service
servicePort: 80
我的nginx配置图:
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-0.28.3
component: controller
heritage: Tiller
release: nginx-ingress
name: nginx-ingress-controller
namespace: default
data:
proxy-buffer-size: "512k" -- this works and updates the nginx.conf
location-snippet: |
proxy_buffers 4 512k; -- this does not update the nginx.conf
server-snippet: | -- this does not update the nginx.conf
location /messagehub {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
答案 0 :(得分:4)
如果您想修改Kubernetes Ingress,则注释选项如下:
nginx.ingress.kubernetes.io/configuration-snippet(用于Nginx位置阻止代码段)nginx.ingress.kubernetes.io/server-snippet用于nginx config服务块中的代码片段在这种情况下,您似乎正在使用nginx.org/location-snippets:。
在nginx配置示例上还有一个YAML无效语法,并且您还应根据此example使用server-snippets中的复数形式。在撰写本文时,docs中有一个错字。打开this ticket进行跟踪。
应该是这样的:
server-snippets: |
location /messagehub {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
代替此:
server-snippet: |
location /messagehub {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
注意最后一个花括号的缩进。
答案 1 :(得分:4)
事实证明,我的问题是由于我正在应用的摘录的内容。每次运行kubectl apply -f myconfigmap.yaml时,都会针对您尝试应用到nginx.conf的更改运行验证。当此验证失败时,它会静默失败,并且在终端中没有任何警报可提醒您。
实际上,您仍然收到configmap/nginx-ingress-controller configured消息。
例如,当我将其添加到配置映射时,它将按预期更新nginx.conf:
http-snippet: |
sendfile on;
但是,当我添加它时,什么都没有改变:
http-snippet: |
sendfile on;
tcp_nopush on;
原因是此操作未通过验证,但找出该错误的唯一方法是查看nginx入口控制器容器的日志。在这种情况下,我看到:
Error: exit status 1
2018/10/16 07:45:49 [emerg] 470#470: "tcp_nopush" directive is duplicate in
/tmp/nginx-cfg468835321:245
nginx: [emerg] "tcp_nopush" directive is duplicate in /tmp/nginx-cfg468835321:245
nginx: configuration file /tmp/nginx-cfg468835321 test failed
所以我要复制一个已经存在的指令。
答案 2 :(得分:0)
我花了一天直到得到 ingress-nginx (来自Kubernetes)有*-snippet,但是得到 nginx-ingress (来自NGINX) *-snippets和 s 。
看这里: