Update nginx to 1.15. Update manifest and performance optimize (#4458)

2019-04-08 11:02:29 +02:00 · 2019-04-08 11:02:29 +02:00 · d18ad63e49
parent 3da392d1cf
commit d18ad63e49
4 changed files with 44 additions and 31 deletions
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -200,7 +200,7 @@ kube_router_image_tag: "{{ kube_router_version }}"
 multus_image_repo: "docker.io/nfvpe/multus"
 multus_image_tag: "{{ multus_version }}"
 nginx_image_repo: nginx
-nginx_image_tag: 1.13
+nginx_image_tag: 1.15
 coredns_version: "1.4.0"
 coredns_image_repo: "coredns/coredns"
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@ -42,9 +42,7 @@ kube_master_cpu_reserved: 200m
 kubelet_status_update_frequency: 10s
-# Limits for nginx load balancer app
+# Requests for nginx load balancer app
 nginx_memory_limit: 512M
 nginx_cpu_limit: 300m
 nginx_memory_requests: 32M
 nginx_cpu_requests: 25m
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@ -4,6 +4,7 @@ metadata:
  name: nginx-proxy
  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    k8s-app: kube-nginx
 spec:
  hostNetwork: true
@ -17,9 +18,6 @@ spec:
    image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
    imagePullPolicy: {{ k8s_image_pull_policy }}
    resources:
      limits:
        cpu: {{ nginx_cpu_limit }}
        memory: {{ nginx_memory_limit }}
      requests:
        cpu: {{ nginx_cpu_requests }}
        memory: {{ nginx_memory_requests }}
@ -30,6 +28,10 @@ spec:
      httpGet:
        path: /healthz
        port: {{ nginx_kube_apiserver_healthcheck_port }}
    readinessProbe:
      httpGet:
        path: /healthz
        port: {{ nginx_kube_apiserver_healthcheck_port }}
    {% endif -%}
    volumeMounts:
    - mountPath: /etc/nginx
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@ -1,37 +1,50 @@
 error_log stderr notice;
-worker_processes 1;
+worker_processes 2;
 worker_rlimit_nofile 130048;
 worker_shutdown_timeout 10s;
 events {
  multi_accept on;
  use epoll;
-  worker_connections 1024;
+  worker_connections 16384;
 }
 stream {
-        upstream kube_apiserver {
+  upstream kube_apiserver {
-            least_conn;
+    least_conn;
-            {% for host in groups['kube-master'] -%}
+    {% for host in groups['kube-master'] -%}
-            server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
+    server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
-            {% endfor -%}
+    {% endfor -%}
-        }
+  }
-        server {
+  server {
-            listen        127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }};
+    listen        127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }};
-            proxy_pass    kube_apiserver;
+    proxy_pass    kube_apiserver;
-            proxy_timeout 10m;
+    proxy_timeout 10m;
-            proxy_connect_timeout 1s;
+    proxy_connect_timeout 1s;
-
+  }
        }
 }
 http {
-        {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+  aio threads;
-        server {
+  aio_write on;
-            listen {{ nginx_kube_apiserver_healthcheck_port }};
+  tcp_nopush on;
-            location /healthz {
+  tcp_nodelay on;
-              access_log off;
+
-              return 200;
+  keepalive_timeout 75s;
-            }
+  keepalive_requests 100;
-        }
+  reset_timedout_connection on;
-        {% endif -%}  
+  server_tokens off;
  autoindex off;
  {% if nginx_kube_apiserver_healthcheck_port is defined -%}
  server {
    listen {{ nginx_kube_apiserver_healthcheck_port }};
    location /healthz {
      access_log off;
      return 200;
    }
  }
  {% endif -%}
 }