From 9653bdcf694e2317754060056dec31577e8d55ae Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 20 Dec 2019 16:06:19 +0000 Subject: [PATCH] fix(infra/k8s): Workaround for nginx crash on pidfile write Newer versions of nginx apparently hard-crash if they can't write a PID file in the current directory. To work around this, some writeable scratch space is created for the nginx daemon to write its PID to. --- infra/kubernetes/nginx/nginx.conf | 1 + infra/kubernetes/nginx/nginx.yaml | 7 ++++++- infra/kubernetes/primary-cluster.yaml | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/infra/kubernetes/nginx/nginx.conf b/infra/kubernetes/nginx/nginx.conf index 5a008a0b9..ead5c4061 100644 --- a/infra/kubernetes/nginx/nginx.conf +++ b/infra/kubernetes/nginx/nginx.conf @@ -1,6 +1,7 @@ daemon off; worker_processes 1; error_log stderr; +pid /run/nginx.pid; events { worker_connections 1024; diff --git a/infra/kubernetes/nginx/nginx.yaml b/infra/kubernetes/nginx/nginx.yaml index d0ee520d2..983b265ba 100644 --- a/infra/kubernetes/nginx/nginx.yaml +++ b/infra/kubernetes/nginx/nginx.yaml @@ -26,20 +26,25 @@ spec: spec: containers: - name: tazblog - image: nixery.local/shell/nginx:{{ .version }} + image: nixery.local/shell/third_party.nginx:{{ .version }} command: ["/bin/bash", "-c"] args: - | + cd /run echo 'nogroup:x:30000:nobody' >> /etc/group echo 'nobody:x:30000:30000:nobody:/tmp:/bin/bash' >> /etc/passwd exec nginx -c /etc/nginx/nginx.conf volumeMounts: - name: nginx-conf mountPath: /etc/nginx + - name: nginx-rundir + mountPath: /run volumes: - name: nginx-conf configMap: name: nginx-conf + - name: nginx-rundir + emptyDir: {} --- apiVersion: v1 kind: Service diff --git a/infra/kubernetes/primary-cluster.yaml b/infra/kubernetes/primary-cluster.yaml index b79181d17..1d5d33e0b 100644 --- a/infra/kubernetes/primary-cluster.yaml +++ b/infra/kubernetes/primary-cluster.yaml @@ -35,4 +35,4 @@ include: - name: https-lb - name: nginx values: - version: 52fabe4423095f12f67be1c7dbf88b801c1bb521 + version: a349d5e9145ae9a6c89f62ec631f01fb180de546