Skip to content

Instantly share code, notes, and snippets.

@encryptblockr

encryptblockr/app-virtual-server.yaml

Forked from nginx-gists/app-virtual-server.yaml
Created June 18, 2022 22:15
Show Gist options
  • Save encryptblockr/d2aaccb4ac1eb22949baa28f2f8b9af1 to your computer and use it in GitHub Desktop.
Save encryptblockr/d2aaccb4ac1eb22949baa28f2f8b9af1 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @nginx-gists nginx-gists revised this gist Nov 1, 2021. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion default.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -9,7 +9,7 @@ server {
    ssl_certificate_key /etc/ssl/my_key.key;

    location / {
    proxy_set_header Connection '';
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    proxy_pass http://backend;
    }
  2. @nginx-gists nginx-gists revised this gist Oct 28, 2021. 4 changed files with 177 additions and 0 deletions.
    16 changes: 16 additions & 0 deletions app-virtual-server.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,16 @@
    apiVersion: k8s.nginx.org/v1
    kind: VirtualServer
    metadata:
    name: app-ingress
    spec:
    host: app.example.com
    tls:
    secret: app-secret-ecc
    upstreams:
    - name: web-server-payload
    service: web-server-svc
    port: 80
    routes:
    - path: /
    action:
    pass: web-server-payload
    51 changes: 51 additions & 0 deletions backend-daemonset.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,51 @@
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: web-server-payload
    spec:
    selector:
    matchLabels:
    app: web-server-payload
    template:
    metadata:
    labels:
    app: web-server-payload
    spec:
    hostNetwork: true
    nodeSelector:
    kubernetes.io/hostname: poweredge.hostnmame-2
    containers:
    - name: web-server-payload
    image: nginx
    ports:
    - containerPort: 80
    volumeMounts:
    - name: app-config-volume
    mountPath: /etc/nginx/conf.d
    - name: main-config-volume
    mountPath: /etc/nginx
    - name: binary-payload
    mountPath: /usr/share/nginx/bin
    volumes:
    - name: app-config-volume
    configMap:
    name: app-conf
    - name: main-config-volume
    configMap:
    name: main-conf
    - name: binary-payload
    configMap:
    name: binary
    ---
    apiVersion: v1
    kind: Service
    metadata:
    name: web-server-svc
    spec:
    ports:
    - port: 80
    targetPort: 80
    protocol: TCP
    name: http
    selector:
    app: web-server-payload
    66 changes: 66 additions & 0 deletions nginx-ingress-rke.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,66 @@
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
    name: nginx-ingress
    namespace: nginx-ingress
    spec:
    selector:
    matchLabels:
    app: nginx-ingress
    template:
    metadata:
    labels:
    app: nginx-ingress
    spec:
    securityContext:
    sysctls:
    - name: net.ipv4.ip_local_port_range
    value: "10240 65535"
    nodeSelector:
    kubernetes.io/hostname: poweredge.hostname-1
    serviceAccountName: nginx-ingress
    containers:
    - image: nginx/nginx-ingress:latest
    imagePullPolicy: Always
    name: nginx-ingress
    ports:
    - name: http
    containerPort: 80
    hostPort: 80
    - name: https
    containerPort: 443
    hostPort: 443
    - name: readiness-port
    containerPort: 8081
    #- name: prometheus
    #containerPort: 9113
    readinessProbe:
    httpGet:
    path: /nginx-ready
    port: readiness-port
    periodSeconds: 1
    securityContext:
    allowPrivilegeEscalation: true
    runAsUser: 101 #nginx
    capabilities:
    drop:
    - ALL
    add:
    - NET_BIND_SERVICE
    env:
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    args:
    - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
    - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
    #- -v=3 # Enables extensive logging. Useful for troubleshooting.
    #- -report-ingress-status
    #- -external-service=nginx-ingress
    #- -enable-prometheus-metrics
    #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration
    44 changes: 44 additions & 0 deletions volumes.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,44 @@
    apiVersion: v1
    data:
    app.conf: "server {\n listen 80 reuseport;\nlocation / {\n return 200;
    \n }\n}\n"
    kind: ConfigMap
    metadata:
    name: app-conf
    namespace: default
    ---
    apiVersion: v1
    data:
    nginx.conf: |+
    user nginx;
    worker_processes 24;
    worker_rlimit_nofile 10240;
    worker_cpu_affinity auto 111111111111111111111111;
    error_log /var/log/nginx/error.log notice;
    pid /var/run/nginx.pid;
    events {
    worker_connections 10000;
    }
    http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile on;
    # access_log /var/log/nginx/access.log main;
    access_log off;
    include /etc/nginx/conf.d/*.conf;
    }
    kind: ConfigMap
    metadata:
    name: main-conf
    namespace: default
    ---

    apiVersion: v1
    data:
    1kb.bin: "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
    kind: ConfigMap
    metadata:
    name: binary
    namespace: default
  3. @nginx-gists nginx-gists revised this gist Oct 26, 2021. 1 changed file with 5 additions and 5 deletions.
    10 changes: 5 additions & 5 deletions nginx.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,5 @@
    user nginx;
    worker_processes 8;
    worker_processes 8;
    worker_cpu_affinity auto 000011111111000000000000;
    worker_rlimit_nofile 10400;

    @@ -18,12 +18,12 @@ http {
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log /var/log/nginx/access.log main;
    access_log off;
    sendfile on;
    #access_log /var/log/nginx/access.log main;
    access_log off;
    sendfile on;

    # Enable when testing for RPS
    #keepalive_timeout 315s;
    #keepalive_timeout 315s;
    #keepalive_requests 10000000;

    # Enable when testing for SSL TPS
  4. @nginx-gists nginx-gists created this gist Oct 22, 2021.
    26 changes: 26 additions & 0 deletions default.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,26 @@
    #
    # IMPORTANT: Install in /etc/nginx/conf.d/
    #

    server {
    listen 192.168.1.4:80 reuseport backlog=1200;
    listen 192.168.1.4:443 ssl;
    ssl_certificate /etc/ssl/my_cert.crt;
    ssl_certificate_key /etc/ssl/my_key.key;

    location / {
    proxy_set_header Connection “'';
    proxy_http_version 1.1;
    proxy_pass http://backend;
    }
    }

    upstream backend {
    server 192.168.1.63:80;
    server 192.168.1.68:80;
    server 192.168.1.73:80;
    server 192.168.1.78:80;
    keepalive 150;
    }

    # vim: syntax=nginx
    131 changes: 131 additions & 0 deletions nginx.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,131 @@
    user nginx;
    worker_processes 8;
    worker_cpu_affinity auto 000011111111000000000000;
    worker_rlimit_nofile 10400;

    error_log /var/log/nginx/error.log notice;
    pid /var/run/nginx.pid;

    events {
    worker_connections 10000;
    }

    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" $ssl_cipher $ssl_protocol'
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log /var/log/nginx/access.log main;
    access_log off;
    sendfile on;

    # Enable when testing for RPS
    #keepalive_timeout 315s;
    #keepalive_requests 10000000;

    # Enable when testing for SSL TPS
    keepalive_timeout 0;
    keepalive_requests 1;

    #gzip on;

    include /etc/nginx/conf.d/*.conf;

    # configuration file /etc/nginx/mime.types:
    types {
    text/html html htm shtml;
    text/css css;
    text/xml xml;
    image/gif gif;
    image/jpeg jpeg jpg;
    application/javascript js;
    application/atom+xml atom;
    application/rss+xml rss;

    text/mathml mml;
    text/plain txt;
    text/vnd.sun.j2me.app-descriptor jad;
    text/vnd.wap.wml wml;
    text/x-component htc;

    image/png png;
    image/svg+xml svg svgz;
    image/tiff tif tiff;
    image/vnd.wap.wbmp wbmp;
    image/webp webp;
    image/x-icon ico;
    image/x-jng jng;
    image/x-ms-bmp bmp;

    font/woff woff;
    font/woff2 woff2;

    application/java-archive jar war ear;
    application/json json;
    application/mac-binhex40 hqx;
    application/msword doc;
    application/pdf pdf;
    application/postscript ps eps ai;
    application/rtf rtf;
    application/vnd.apple.mpegurl m3u8;
    application/vnd.google-earth.kml+xml kml;
    application/vnd.google-earth.kmz kmz;
    application/vnd.ms-excel xls;
    application/vnd.ms-fontobject eot;
    application/vnd.ms-powerpoint ppt;
    application/vnd.oasis.opendocument.graphics odg;
    application/vnd.oasis.opendocument.presentation odp;
    application/vnd.oasis.opendocument.spreadsheet ods;
    application/vnd.oasis.opendocument.text odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
    application/vnd.wap.wmlc wmlc;
    application/x-7z-compressed 7z;
    application/x-cocoa cco;
    application/x-java-archive-diff jardiff;
    application/x-java-jnlp-file jnlp;
    application/x-makeself run;
    application/x-perl pl pm;
    application/x-pilot prc pdb;
    application/x-rar-compressed rar;
    application/x-redhat-package-manager rpm;
    application/x-sea sea;
    application/x-shockwave-flash swf;
    application/x-stuffit sit;
    application/x-tcl tcl tk;
    application/x-x509-ca-cert der pem crt;
    application/x-xpinstall xpi;
    application/xhtml+xml xhtml;
    application/xspf+xml xspf;
    application/zip zip;

    application/octet-stream bin exe dll;
    application/octet-stream deb;
    application/octet-stream dmg;
    application/octet-stream iso img;
    application/octet-stream msi msp msm;

    audio/midi mid midi kar;
    audio/mpeg mp3;
    audio/ogg ogg;
    audio/x-m4a m4a;
    audio/x-realaudio ra;

    video/3gpp 3gpp 3gp;
    video/mp2t ts;
    video/mp4 mp4;
    video/mpeg mpeg mpg;
    video/quicktime mov;
    video/webm webm;
    video/x-flv flv;
    video/x-m4v m4v;
    video/x-mng mng;
    video/x-ms-asf asx asf;
    video/x-ms-wmv wmv;
    video/x-msvideo avi;
    }
    }