local kube = import 'k8s/configs/base.libsonnet'; local linuxserver = import 'k8s/configs/templates/core/linuxserver.libsonnet'; local nginxConf = ||| user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; proxy_cache_path /data/cache_v2 levels=1:2 keys_zone=bin_cache:100m max_size=50g inactive=365d use_temp_path=off; server { listen 80; server_name localhost; resolver 8.8.8.8; recursive_error_pages on; proxy_cache_revalidate on; # Allow large downloads client_max_body_size 0; proxy_max_temp_file_size 0; # Handle large headers from upstream (e.g. GitHub/S3) proxy_buffer_size 16k; proxy_buffers 4 16k; proxy_busy_buffers_size 24k; # Internal location to follow redirects location @handle_redirect { resolver 8.8.8.8; set $saved_redirect_location '$upstream_http_location'; proxy_pass $saved_redirect_location; proxy_cache bin_cache; proxy_cache_valid 200 301 302 365d; proxy_cache_key "$scheme$request_method$host$request_uri"; proxy_ssl_server_name on; # Do NOT set Host header here, let Nginx set it based on the URL } # Bazel binary cache location /bazel/ { proxy_pass https://github.com; rewrite ^/bazel/(.*) /bazelbuild/bazel/releases/download/$1 break; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; # We don't cache the initial redirect, we follow it proxy_cache off; proxy_ssl_server_name on; proxy_set_header Host github.com; } # Bazelisk binary cache location /bazelisk/ { proxy_pass https://github.com; rewrite ^/bazelisk/(.*) /bazelbuild/bazelisk/releases/download/$1 break; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; # We don't cache the initial redirect, we follow it proxy_cache off; proxy_ssl_server_name on; proxy_set_header Host github.com; } # Health check location /healthz { return 200 'OK'; add_header Content-Type text/plain; } } } |||; local Params = kube.simpleFieldStruct([ 'namespace', 'name', 'dataClaimName', 'configClaimName', ]); local ConfigMap(params) = kube.ConfigMap(params.namespace, params.name) { data: { "nginx.conf": nginxConf, }, }; local App(params) = local baseApp = linuxserver.App(linuxserver.AppParams { name: params.name, namespace: params.namespace, filePath: std.thisFile, templatePath: std.thisFile, baseAppName: 'nginx', imageName: 'nginx:alpine', // We need to ensure this image is in images.libsonnet or use a direct string if linuxserver supports it ports: [ kube.DeployUtil.ContainerPort('http', 80), ], pvcs: [ linuxserver.Pvc { name: 'data', mountPath: '/data', bindName: params.dataClaimName, }, ], configMaps: [ linuxserver.ConfigMap { name: 'config', bindName: params.configClaimName, mountPath: '/etc/nginx/nginx.conf', mountSubPath: 'nginx.conf', }, ], services: [ linuxserver.Service { suffix: 'http', spec: kube.SvcUtil.BasicHttpClusterIpSpec(80), }, ], resources: { requests: { cpu: '300m', memory: '256Mi', }, limits: { cpu: '500m', memory: '512Mi', }, }, }); // Override the image lookup if linuxserver.libsonnet expects a key in images.libsonnet // but we want to use a raw string. // However, linuxserver.libsonnet does: image: images.Prod[params.imageName] // So we MUST have the image in images.libsonnet. // Alternatively, we can patch the deployment after generation. baseApp { deployment+: { spec+: { template+: { spec+: { containers: [ c { image: 'nginx:1.26.2-alpine' } for c in super.containers ], }, }, }, }, }; { Params: Params, ConfigMap: ConfigMap, App: App, }