8157b39ea4
Some checks failed
CI / build (push) Failing after 12s
GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432
186 lines
4.8 KiB
Jsonnet
186 lines
4.8 KiB
Jsonnet
local kube = import 'k8s/configs/base.libsonnet';
|
|
local linuxserver = import 'k8s/configs/templates/core/linuxserver.libsonnet';
|
|
|
|
local nginxConf = |||
|
|
user nginx;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log notice;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
|
|
proxy_cache_path /data/cache_v2 levels=1:2 keys_zone=bin_cache:100m max_size=50g inactive=365d use_temp_path=off;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name localhost;
|
|
|
|
resolver 8.8.8.8;
|
|
recursive_error_pages on;
|
|
proxy_cache_revalidate on;
|
|
|
|
# Allow large downloads
|
|
client_max_body_size 0;
|
|
proxy_max_temp_file_size 0;
|
|
|
|
# Handle large headers from upstream (e.g. GitHub/S3)
|
|
proxy_buffer_size 16k;
|
|
proxy_buffers 4 16k;
|
|
proxy_busy_buffers_size 24k;
|
|
|
|
# Internal location to follow redirects
|
|
location @handle_redirect {
|
|
resolver 8.8.8.8;
|
|
set $saved_redirect_location '$upstream_http_location';
|
|
proxy_pass $saved_redirect_location;
|
|
|
|
proxy_cache bin_cache;
|
|
proxy_cache_valid 200 301 302 365d;
|
|
proxy_cache_key "$scheme$request_method$host$request_uri";
|
|
|
|
proxy_ssl_server_name on;
|
|
# Do NOT set Host header here, let Nginx set it based on the URL
|
|
}
|
|
|
|
# Bazel binary cache
|
|
location /bazel/ {
|
|
proxy_pass https://github.com;
|
|
rewrite ^/bazel/(.*) /bazelbuild/bazel/releases/download/$1 break;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
|
|
proxy_intercept_errors on;
|
|
error_page 301 302 307 = @handle_redirect;
|
|
|
|
# We don't cache the initial redirect, we follow it
|
|
proxy_cache off;
|
|
|
|
proxy_ssl_server_name on;
|
|
proxy_set_header Host github.com;
|
|
}
|
|
|
|
# Bazelisk binary cache
|
|
location /bazelisk/ {
|
|
proxy_pass https://github.com;
|
|
rewrite ^/bazelisk/(.*) /bazelbuild/bazelisk/releases/download/$1 break;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
|
|
proxy_intercept_errors on;
|
|
error_page 301 302 307 = @handle_redirect;
|
|
|
|
# We don't cache the initial redirect, we follow it
|
|
proxy_cache off;
|
|
|
|
proxy_ssl_server_name on;
|
|
proxy_set_header Host github.com;
|
|
}
|
|
|
|
# Health check
|
|
location /healthz {
|
|
return 200 'OK';
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
}
|
|
|||;
|
|
|
|
local Params = kube.simpleFieldStruct([
|
|
'namespace',
|
|
'name',
|
|
'dataClaimName',
|
|
'configClaimName',
|
|
]);
|
|
|
|
local ConfigMap(params) = kube.ConfigMap(params.namespace, params.name) {
|
|
data: {
|
|
"nginx.conf": nginxConf,
|
|
},
|
|
};
|
|
|
|
local App(params) =
|
|
local baseApp = linuxserver.App(linuxserver.AppParams {
|
|
name: params.name,
|
|
namespace: params.namespace,
|
|
filePath: std.thisFile,
|
|
templatePath: std.thisFile,
|
|
baseAppName: 'nginx',
|
|
imageName: 'nginx:alpine', // We need to ensure this image is in images.libsonnet or use a direct string if linuxserver supports it
|
|
ports: [
|
|
kube.DeployUtil.ContainerPort('http', 80),
|
|
],
|
|
pvcs: [
|
|
linuxserver.Pvc {
|
|
name: 'data',
|
|
mountPath: '/data',
|
|
bindName: params.dataClaimName,
|
|
},
|
|
],
|
|
configMaps: [
|
|
linuxserver.ConfigMap {
|
|
name: 'config',
|
|
bindName: params.configClaimName,
|
|
mountPath: '/etc/nginx/nginx.conf',
|
|
mountSubPath: 'nginx.conf',
|
|
},
|
|
],
|
|
services: [
|
|
linuxserver.Service {
|
|
suffix: 'http',
|
|
spec: kube.SvcUtil.BasicHttpClusterIpSpec(80),
|
|
},
|
|
],
|
|
resources: {
|
|
requests: {
|
|
cpu: '300m',
|
|
memory: '256Mi',
|
|
},
|
|
limits: {
|
|
cpu: '500m',
|
|
memory: '512Mi',
|
|
},
|
|
},
|
|
});
|
|
|
|
// Override the image lookup if linuxserver.libsonnet expects a key in images.libsonnet
|
|
// but we want to use a raw string.
|
|
// However, linuxserver.libsonnet does: image: images.Prod[params.imageName]
|
|
// So we MUST have the image in images.libsonnet.
|
|
// Alternatively, we can patch the deployment after generation.
|
|
baseApp {
|
|
deployment+: {
|
|
spec+: {
|
|
template+: {
|
|
spec+: {
|
|
containers: [
|
|
c { image: 'nginx:1.26.2-alpine' }
|
|
for c in super.containers
|
|
],
|
|
},
|
|
},
|
|
},
|
|
},
|
|
};
|
|
|
|
{
|
|
Params: Params,
|
|
ConfigMap: ConfigMap,
|
|
App: App,
|
|
}
|