Skip to content

Instantly share code, notes, and snippets.

@aledbf
Last active Feb 8, 2016
Embed
What would you like to do?

Custom nginx Ingress controller similar to nginx-alpha but with a custom configuration.

  • enable ThirdPartyResources in apiserver

--runtime-config=extensions/v1beta1/thirdpartyresources=true

  • create a new resource
metadata:
  name: nginx-ingress-load-balancer.k8s.io
apiVersion: extensions/v1beta1
kind: ThirdPartyResource
description: "nginx custom configuration"
versions:
- name: stable/v1
  • Create a configuration

curl -X POST http://172.17.4.99:8080/apis/k8s.io/stable/v1/namespaces/default/nginxingressloadbalancers/ -d @lb.json

this is an JSON object. The idea to not show a valid json is to show the default values. the idea is to load the defaults and merge that with the configured values

{
  "metadata": {
    "name": "DefaultNginxIngressLoadBalancer"   -> it allows multiple configurations
                                                for different envs (pin a lb to one 
                                                node for dev/next and other for "prod")
  },
  "apiVersion": "k8s.io/stable/v1",
  "kind": "NginxIngressLoadBalancer",
  [
    affinityArg               false                  [false,hash,ip]
    bodySize                  1m
    defaultTimeout            1300
    enforceHTTPS              false
    enforceWhitelist          ""                     [ip addressess] 
    errorLogLevel             info
    htsEnabled                true
    htsIncludeSubDomains      true
    htsMaxAge                 360000000
    keepalive                 75
    maxWorkerConnections      768
    proxyRealIpCidr           10.0.0.0/8
    secrets                   "" -> secrets to mount containing ssl cert and key
    serverNameHashMaxSize     512
    serverNameHashBucketSize  64
    sslBufferSize             4k
    sslDhparam                file
    sslProtocols              TLSv1 TLSv1.1 TLSv1.2
    sslSessionCache           true
    sslSessionTickets         on
    sslSessionTimeout         10m
    useProxyProtocol          false
    useFirewall               false
    useGzip                   true                    [true,false]
  ]
}
  • create ingress rules

  • create nginx ingress lb

  • add annotation to ^^ to associate the "configuration"

nginxIngressLoadBalancer.k8s.io:"DefaultNginxIngressLoadBalancer"

the nginx controller wil read the annotation, reload and use new configuration. It must be possible to update/change the configuration without manual intervention in the pod

References:

Next:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment