|
3 months ago | |
---|---|---|
README.md | 3 months ago | |
cert.yaml | 4 months ago | |
deploy.yaml | 3 months ago | |
namespace.yaml | 4 months ago |
For serving requests into different ips in the cluster.
I mainly chose to do it via a single deployment, because my fucking internet provider is too incompetent to assign me a second ipv4 address without me having to pay millions.
Contains a CR (custom Resource) from the Cert-manager project. If you installed my PowerDns deployment and followed the DNS-01 setup it should generate an appropriate wildcard cert for your domain.
contains the entire config map for my nginx reverse proxy setup.
Also contains services that expose http and https ports bound to my floating keepalived ip. That is in short an ip that is managed by multiple servers, keepalived takes care of keeping that ip alive. If the server that holds the ip currently dies, and the others notice it (1 sec timeout), one of them will take it up.
in order to dynamically proxy pass to a service in another namespace we do the following:
We also tell it that its valid for 60 seconds. That means whatever dns nginx resolved using that ip, is cached for only 60 seconds. any requests beyond that require a new lookup.
http {
# get your static coredns ip from the service located in the kube-system namespace
resolver 10.2.0.10 valid=60s;
...
}
server {
...
location / {
set $endpoint http://wiki.tobias-huebner.svc.cluster.local;
proxy_pass $endpoint$request_uri;
...
}
}
notice the following things
ping wiki
, that only works because in the resolv.conf there are a couple of settings that always try to append stuff like .tobias-huebner.svc.cluster.local, .svc.cluster.localWe use this to pipe all access logs to our graylog syslog udp input.
http {
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
access_log syslog:server=logs.tobias-huebner.org:12401 graylog2_json;
}
On our graylog server we want to create a dedicated udp syslog input. We also want to add two extractors, one on the field “message” using the pattern nginx:\s+(.*)
;
Now all thats left is to add the default JSON extractor on the field generated by the previous extractor.