ducky/nginx

Paddy 2015-06-30 Parent:20206854e82f

1:16bf0d2d11d1 tip Browse Files

Make nginx kubernetes-ready. Add our upstream definitions, to route requests to our ducky-authd service and our ducky-subscriptionsd service. Remove the test handler that was installed at /. Update our proxy-redirect rules so the proxy redirects actually work now, and what used to redirect us to /profiles now redirects us to /auth/profiles. Define a Replication Controller that will spin up nginx pods for us and auto-attach the necessary JWT secret volume to read our JWT secret. Define a Service that will route to nginx for us.

nginx/conf/nginx.conf replication-controllers/nginx.json services/nginx.json 

     1.1 --- a/nginx/conf/nginx.conf	Mon Jun 22 00:48:17 2015 -0400
     1.2 +++ b/nginx/conf/nginx.conf	Tue Jun 30 00:40:12 2015 -0400
     1.3 @@ -20,23 +20,18 @@
     1.4      require "resty.core"
     1.5    ';
     1.6  
     1.7 +  upstream auth {
     1.8 +    server ducky-authd;
     1.9 +  }
    1.10 +
    1.11 +  upstream subscriptions {
    1.12 +    server ducky-subscriptionsd;
    1.13 +  }
    1.14 +
    1.15    server {
    1.16      listen 8080;
    1.17      default_type application/json;
    1.18  
    1.19 -    location / {
    1.20 -      access_by_lua '
    1.21 -        local jwt = require("nginx-jwt")
    1.22 -	jwt.auth()
    1.23 -      ';
    1.24 -
    1.25 -      proxy_set_header X-Forwarded-Host $host;
    1.26 -      proxy_set_header X-Forwarded-Server $host;
    1.27 -      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    1.28 -      proxy_pass http://192.168.1.10:5000/;
    1.29 -      proxy_redirect off;
    1.30 -    }
    1.31 -
    1.32      location /auth {
    1.33        return 302 /auth/;
    1.34      }
    1.35 @@ -49,8 +44,9 @@
    1.36        proxy_set_header X-Forwarded-Host $host;
    1.37        proxy_set_header X-Forwarded-Server $host;
    1.38        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    1.39 -      proxy_pass http://192.168.1.10:9000/;
    1.40 -      proxy_redirect / /auth/;
    1.41 +      proxy_pass http://auth/;
    1.42 +      proxy_redirect ~^(http://[^:]+):8080/(.*)$ $1/auth/$2;
    1.43 +      proxy_redirect / http://$host/auth/;
    1.44      }
    1.45  
    1.46      location /subscriptions {
    1.47 @@ -65,8 +61,9 @@
    1.48        proxy_set_header X-Forwarded-Host $host;
    1.49        proxy_set_header X-Forwarded-Server $host;
    1.50        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    1.51 -      proxy_pass http://192.168.1.10:9001/;
    1.52 -      proxy_redirect / /subscriptions/;
    1.53 +      proxy_pass http://subscriptions/;
    1.54 +      proxy_redirect ~^(http://[^:]+):8080/(.*)$ $1/subscriptions/$2;
    1.55 +      proxy_redirect / http://$host/subscriptions/;
    1.56      }
    1.57    }
    1.58  }

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/replication-controllers/nginx.json	Tue Jun 30 00:40:12 2015 -0400
     2.3 @@ -0,0 +1,61 @@
     2.4 +{
     2.5 +   "kind":"ReplicationController",
     2.6 +   "apiVersion":"v1",
     2.7 +   "metadata":{
     2.8 +    "name": "ducky-nginx",
     2.9 +    "labels": {
    2.10 +      "name": "nginx",
    2.11 +      "context": "ducky",
    2.12 +      "repo": "ducky--nginx",
    2.13 +      "role": "proxy"
    2.14 +    }
    2.15 +   },
    2.16 +   "spec":{
    2.17 +      "replicas":1,
    2.18 +      "selector":{
    2.19 +         "context": "ducky",
    2.20 +         "name":"nginx",
    2.21 +	 "repo": "ducky--nginx",
    2.22 +	 "role": "proxy"
    2.23 +      },
    2.24 +      "template":{
    2.25 +         "metadata":{
    2.26 +            "labels":{
    2.27 +               "context": "ducky",
    2.28 +               "name":"nginx",
    2.29 +	       "repo": "ducky--nginx",
    2.30 +	       "role": "proxy"
    2.31 +            }
    2.32 +         },
    2.33 +         "spec":{
    2.34 +            "volumes": [
    2.35 +              {
    2.36 +                "name": "jwt-volume",
    2.37 +		"secret": {
    2.38 +                  "secretName": "jwt"
    2.39 +		}
    2.40 +	      }
    2.41 +	    ],
    2.42 +            "containers":[
    2.43 +               {
    2.44 +                  "name":"ducky-nginx",
    2.45 +		  "image": "ducky/nginx:latest",
    2.46 +		  "volumeMounts": [
    2.47 +                    {
    2.48 +                      "name": "jwt-volume",
    2.49 +		      "readOnly": true,
    2.50 +		      "mountPath": "/private/kubernetes/jwt"
    2.51 +		    }
    2.52 +		  ],
    2.53 +                  "ports":[
    2.54 +                     {
    2.55 +                        "name": "http",
    2.56 +                        "containerPort":8080
    2.57 +                     }
    2.58 +                  ]
    2.59 +               }
    2.60 +            ]
    2.61 +         }
    2.62 +      }
    2.63 +   }
    2.64 +}

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/services/nginx.json	Tue Jun 30 00:40:12 2015 -0400
     3.3 @@ -0,0 +1,34 @@
     3.4 +{
     3.5 +   "kind":"Service",
     3.6 +   "apiVersion":"v1",
     3.7 +   "metadata":{
     3.8 +      "name":"ducky-nginx",
     3.9 +      "labels":{
    3.10 +         "name":"nginx",
    3.11 +	 "context": "ducky",
    3.12 +	 "repo": "ducky--nginx",
    3.13 +	 "role": "proxy"
    3.14 +      }
    3.15 +   },
    3.16 +   "spec":{
    3.17 +      "ports": [
    3.18 +        {
    3.19 +          "name": "http",
    3.20 +          "port": 80,
    3.21 +          "targetPort": "http"
    3.22 +        },
    3.23 +	{
    3.24 +          "name": "https",
    3.25 +          "port": 443,
    3.26 +	  "targetPort": "https"
    3.27 +	}
    3.28 +      ],
    3.29 +      "selector":{
    3.30 +         "name":"nginx",
    3.31 +	 "context": "ducky",
    3.32 +	 "repo": "ducky--nginx",
    3.33 +	 "role": "proxy"
    3.34 +      },
    3.35 +      "type": "LoadBalancer"
    3.36 +   }
    3.37 +}