Update nginx to 1.15. Update manifest and performance optimize (#4458)

This commit is contained in:
Andreas Krüger 2019-04-08 11:02:29 +02:00 committed by Kubernetes Prow Robot
parent 3da392d1cf
commit d18ad63e49
4 changed files with 44 additions and 31 deletions

View file

@ -200,7 +200,7 @@ kube_router_image_tag: "{{ kube_router_version }}"
multus_image_repo: "docker.io/nfvpe/multus" multus_image_repo: "docker.io/nfvpe/multus"
multus_image_tag: "{{ multus_version }}" multus_image_tag: "{{ multus_version }}"
nginx_image_repo: nginx nginx_image_repo: nginx
nginx_image_tag: 1.13 nginx_image_tag: 1.15
coredns_version: "1.4.0" coredns_version: "1.4.0"
coredns_image_repo: "coredns/coredns" coredns_image_repo: "coredns/coredns"

View file

@ -42,9 +42,7 @@ kube_master_cpu_reserved: 200m
kubelet_status_update_frequency: 10s kubelet_status_update_frequency: 10s
# Limits for nginx load balancer app # Requests for nginx load balancer app
nginx_memory_limit: 512M
nginx_cpu_limit: 300m
nginx_memory_requests: 32M nginx_memory_requests: 32M
nginx_cpu_requests: 25m nginx_cpu_requests: 25m

View file

@ -4,6 +4,7 @@ metadata:
name: nginx-proxy name: nginx-proxy
namespace: kube-system namespace: kube-system
labels: labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: kube-nginx k8s-app: kube-nginx
spec: spec:
hostNetwork: true hostNetwork: true
@ -17,9 +18,6 @@ spec:
image: {{ nginx_image_repo }}:{{ nginx_image_tag }} image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
resources: resources:
limits:
cpu: {{ nginx_cpu_limit }}
memory: {{ nginx_memory_limit }}
requests: requests:
cpu: {{ nginx_cpu_requests }} cpu: {{ nginx_cpu_requests }}
memory: {{ nginx_memory_requests }} memory: {{ nginx_memory_requests }}
@ -30,6 +28,10 @@ spec:
httpGet: httpGet:
path: /healthz path: /healthz
port: {{ nginx_kube_apiserver_healthcheck_port }} port: {{ nginx_kube_apiserver_healthcheck_port }}
readinessProbe:
httpGet:
path: /healthz
port: {{ nginx_kube_apiserver_healthcheck_port }}
{% endif -%} {% endif -%}
volumeMounts: volumeMounts:
- mountPath: /etc/nginx - mountPath: /etc/nginx

View file

@ -1,37 +1,50 @@
error_log stderr notice; error_log stderr notice;
worker_processes 1; worker_processes 2;
worker_rlimit_nofile 130048;
worker_shutdown_timeout 10s;
events { events {
multi_accept on; multi_accept on;
use epoll; use epoll;
worker_connections 1024; worker_connections 16384;
} }
stream { stream {
upstream kube_apiserver { upstream kube_apiserver {
least_conn; least_conn;
{% for host in groups['kube-master'] -%} {% for host in groups['kube-master'] -%}
server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }}; server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
{% endfor -%} {% endfor -%}
} }
server { server {
listen 127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}; listen 127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }};
proxy_pass kube_apiserver; proxy_pass kube_apiserver;
proxy_timeout 10m; proxy_timeout 10m;
proxy_connect_timeout 1s; proxy_connect_timeout 1s;
}
}
} }
http { http {
{% if nginx_kube_apiserver_healthcheck_port is defined -%} aio threads;
server { aio_write on;
listen {{ nginx_kube_apiserver_healthcheck_port }}; tcp_nopush on;
location /healthz { tcp_nodelay on;
access_log off;
return 200; keepalive_timeout 75s;
} keepalive_requests 100;
} reset_timedout_connection on;
{% endif -%} server_tokens off;
autoindex off;
{% if nginx_kube_apiserver_healthcheck_port is defined -%}
server {
listen {{ nginx_kube_apiserver_healthcheck_port }};
location /healthz {
access_log off;
return 200;
}
}
{% endif -%}
} }