-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13840 from rajatchopra/nginx
Automatic merge from submit-queue nginx router based on template template based nginx router implementation /cc @jawnsy
- Loading branch information
Showing
6 changed files
with
264 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
job-id: origin-nginx-router |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# | ||
# This is the NGINX router for OpenShift Origin. | ||
# | ||
# The standard name for this image is openshift/origin-nginx-router | ||
# | ||
FROM openshift/origin | ||
|
||
RUN INSTALL_PKGS="nginx" && \ | ||
yum install -y "epel-release" && \ | ||
yum install -y $INSTALL_PKGS && \ | ||
rpm -V $INSTALL_PKGS && \ | ||
yum clean all && \ | ||
mkdir -p /var/lib/nginx/router/{certs,cacerts} && \ | ||
mkdir -p /var/lib/nginx/{conf,run,bin,log,logs} && \ | ||
touch /var/lib/nginx/conf/{{os_http_be,os_edge_http_be,os_tcp_be,os_sni_passthrough,os_reencrypt,os_route_http_expose,os_route_http_redirect,cert_config,os_wildcard_domain}.map,nginx.config} && \ | ||
setcap 'cap_net_bind_service=ep' /usr/sbin/nginx && \ | ||
chown -R :0 /var/lib/nginx && \ | ||
chown -R :0 /var/log/nginx && \ | ||
chmod -R 777 /var/log/nginx && \ | ||
chmod -R 777 /var/lib/nginx | ||
|
||
COPY . /var/lib/nginx/ | ||
|
||
LABEL io.k8s.display-name="OpenShift Origin NGINX Router" \ | ||
io.k8s.description="This is a component of OpenShift Origin and contains an NGINX instance that automatically exposes services within the cluster through routes, and offers TLS termination, reencryption, or SNI-passthrough on ports 80 and 443." | ||
USER 1001 | ||
EXPOSE 80 443 | ||
WORKDIR /var/lib/nginx/conf | ||
ENV TEMPLATE_FILE=/var/lib/nginx/conf/nginx-config.template \ | ||
RELOAD_SCRIPT=/var/lib/nginx/reload-nginx | ||
ENTRYPOINT ["/usr/bin/openshift-router"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
HTTP/1.0 503 Service Unavailable | ||
Pragma: no-cache | ||
Cache-Control: private, max-age=0, no-cache, no-store | ||
Connection: close | ||
Content-Type: text/html | ||
|
||
<html> | ||
<head> | ||
<meta name="viewport" content="width=device-width, initial-scale=1"> | ||
|
||
<style type="text/css"> | ||
/*! | ||
* Bootstrap v3.3.5 (http://getbootstrap.com) | ||
* Copyright 2011-2015 Twitter, Inc. | ||
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) | ||
*/ | ||
/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */ | ||
html { | ||
font-family: sans-serif; | ||
-ms-text-size-adjust: 100%; | ||
-webkit-text-size-adjust: 100%; | ||
} | ||
body { | ||
margin: 0; | ||
} | ||
h1 { | ||
font-size: 1.7em; | ||
font-weight: 400; | ||
line-height: 1.3; | ||
margin: 0.68em 0; | ||
} | ||
* { | ||
-webkit-box-sizing: border-box; | ||
-moz-box-sizing: border-box; | ||
box-sizing: border-box; | ||
} | ||
*:before, | ||
*:after { | ||
-webkit-box-sizing: border-box; | ||
-moz-box-sizing: border-box; | ||
box-sizing: border-box; | ||
} | ||
html { | ||
-webkit-tap-highlight-color: rgba(0, 0, 0, 0); | ||
} | ||
body { | ||
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; | ||
line-height: 1.66666667; | ||
font-size: 13px; | ||
color: #333333; | ||
background-color: #ffffff; | ||
margin: 2em 1em; | ||
} | ||
p { | ||
margin: 0 0 10px; | ||
font-size: 13px; | ||
} | ||
.alert.alert-info { | ||
padding: 15px; | ||
margin-bottom: 20px; | ||
border: 1px solid transparent; | ||
background-color: #f5f5f5; | ||
border-color: #8b8d8f; | ||
color: #363636; | ||
margin-top: 30px; | ||
} | ||
.alert p { | ||
padding-left: 35px; | ||
} | ||
a { | ||
color: #0088ce; | ||
} | ||
|
||
ul { | ||
position: relative; | ||
padding-left: 51px; | ||
} | ||
p.info { | ||
position: relative; | ||
font-size: 15px; | ||
margin-bottom: 10px; | ||
} | ||
p.info:before, p.info:after { | ||
content: ""; | ||
position: absolute; | ||
top: 9%; | ||
left: 0; | ||
} | ||
p.info:before { | ||
content: "i"; | ||
left: 3px; | ||
width: 20px; | ||
height: 20px; | ||
font-family: serif; | ||
font-size: 15px; | ||
font-weight: bold; | ||
line-height: 21px; | ||
text-align: center; | ||
color: #fff; | ||
background: #4d5258; | ||
border-radius: 16px; | ||
} | ||
|
||
@media (min-width: 768px) { | ||
body { | ||
margin: 4em 3em; | ||
} | ||
h1 { | ||
font-size: 2.15em;} | ||
} | ||
|
||
</style> | ||
</head> | ||
<body> | ||
<div> | ||
<h1>Application is not available</h1> | ||
<p>The application is currently not serving requests at this endpoint. It may not have been started or is still starting.</p> | ||
|
||
<div class="alert alert-info"> | ||
<p class="info"> | ||
Possible reasons you are seeing this page: | ||
</p> | ||
<ul> | ||
<li> | ||
<strong>The host doesn't exist.</strong> | ||
Make sure the hostname was typed correctly and that a route matching this hostname exists. | ||
</li> | ||
<li> | ||
<strong>The host exists, but doesn't have a matching path.</strong> | ||
Check if the URL path was typed correctly and that the route was created using the desired path. | ||
</li> | ||
<li> | ||
<strong>Route and path matches, but all pods are down.</strong> | ||
Make sure that the resources exposed by this route (pods, services, deployment configs, etc) have at least one pod running. | ||
</li> | ||
</ul> | ||
</div> | ||
</div> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
{{/* | ||
nginx.config: contains the main config with helper backends that are used to terminate | ||
encryption before finally sending to a host_be which is the backend that is the final | ||
backend for a route and contains all the endpoints for the service | ||
*/}} | ||
{{- define "/var/lib/nginx/conf/nginx.config" -}} | ||
{{- $workingDir := .WorkingDir }} | ||
#user www www; ## Default: nobody | ||
worker_processes 5; ## Default: 1 | ||
error_log /var/lib/nginx/logs/error.log; | ||
pid /var/lib/nginx/logs/nginx.pid; | ||
worker_rlimit_nofile 8192; | ||
|
||
events { | ||
worker_connections 4096; ## Default: 1024 | ||
} | ||
|
||
http { | ||
#include conf/mime.types; | ||
#include /etc/nginx/proxy.conf; | ||
#include /etc/nginx/fastcgi.conf; | ||
index index.html index.htm index.php; | ||
|
||
default_type application/octet-stream; | ||
log_format main '$remote_addr - $remote_user [$time_local] $status ' | ||
'"$request" $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
access_log /var/lib/nginx/logs/access.log main; | ||
sendfile on; | ||
tcp_nopush on; | ||
server_names_hash_bucket_size 128; # this seems to be required for some vhosts | ||
|
||
|
||
|
||
{{- range $cfgIdx, $cfg := .State }} | ||
|
||
upstream be_{{$cfg.Namespace}}_{{$cfg.Name}} { | ||
{{- range $serviceUnitName, $weight := $cfg.ServiceUnitNames }} | ||
{{- with $serviceUnit := index $.ServiceUnits $serviceUnitName }} | ||
{{- range $idx, $endpoint := endpointsForAlias $cfg $serviceUnit }} | ||
server {{$endpoint.IP}}:{{$endpoint.Port}}; | ||
{{ end -}} | ||
{{ end -}} | ||
{{ end -}} | ||
} | ||
|
||
server { # simple load balancing | ||
{{- if (eq $cfg.TLSTermination "") }} | ||
listen 80; | ||
{{- else }} | ||
listen 443 ssl; | ||
{{ end -}} | ||
|
||
server_name {{$cfg.Host}}; | ||
{{- if and (ne $cfg.Host "") (or (eq $cfg.TLSTermination "edge") (eq $cfg.TLSTermination "reencrypt")) -}} | ||
{{ $cert := index $cfg.Certificates $cfg.Host -}} | ||
{{ if ne $cert.Contents "" }} | ||
ssl_certificate {{$workingDir}}/certs/{{$cfgIdx}}.pem; | ||
ssl_certificate_key {{$workingDir}}/certs/{{$cfgIdx}}.pem; | ||
{{ end -}} | ||
{{ end -}} | ||
access_log /var/lib/nginx/logs/be_{{$cfgIdx}}.log main; | ||
|
||
location / { | ||
proxy_pass http://be_{{$cfg.Namespace}}_{{$cfg.Name}}; | ||
} | ||
} | ||
{{ end -}}{{/* end all routes */}} | ||
} | ||
{{ end -}}{{/* end config file */}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/bin/bash | ||
|
||
set -o nounset | ||
|
||
config_file=/var/lib/nginx/conf/nginx.config | ||
if [ -f /var/lib/nginx/logs/nginx.pid ]; then | ||
/usr/sbin/nginx -c ${config_file} -s reload | ||
reload_status=$? | ||
else | ||
/usr/sbin/nginx -c ${config_file} | ||
reload_status=$? | ||
fi | ||
exit $reload_status |