vukhanhtruong · May 4, 2021 09:33
diff --git a/configmap.yaml b/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: nginx-conf-configmap
  labels:
    app: your-app
 data:
  nginx.conf: |-
    error_log /dev/stdout info;
    events {
      worker_connections 768;
    }
  
    http {
      proxy_cache_path      /tmp/nginx-cache levels=1:2 keys_zone=app_cache:10m max_size=10g inactive=240m use_temp_path=off;
      proxy_cache_key       $scheme$proxy_host$request_uri;
      proxy_cache_lock      on;
      proxy_cache_use_stale updating;
  
      # Nginx will handle gzip compression of responses from the app server
      gzip on;
      gzip_proxied any;
      gzip_types text/plain application/json;
      gzip_min_length 1000;
  
      server {
        listen 80;
  
        # Nginx will reject anything not matching /api
        location / {
          # Reject requests with unsupported HTTP method
          if ($request_method !~ ^(GET|POST|HEAD|OPTIONS|PUT|DELETE)$) {
            return 405;
          }
  
          # Only requests matching the whitelist expectations will
          # get sent to the application server
          proxy_pass http://localhost:3000;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection 'upgrade';
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_cache_bypass $http_upgrade;
          
          # Bypass Authorization header
          proxy_pass_request_headers on;
          proxy_no_cache $cookie_nocache $arg_nocache$arg_comment;
          proxy_no_cache $http_pragma $http_authorization;
          proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
          proxy_cache_bypass $http_pragma $http_authorization;          
  
          proxy_cache app_cache;
          proxy_cache_revalidate on;
          proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
          proxy_cache_bypass $http_x_purge;
          proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
          proxy_cache_valid 200 60s;
          expires 60s;
          add_header X-Cache-Status $upstream_cache_status;
        }
      }
    }
diff --git a/deployment.yaml b/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: your-app
  labels:
    app: your-app
    version: "1.0"
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: your-app
      version: "1.0"
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  template:
    metadata:
      labels:
        app: your-label
        version: "1.0"
    spec:
      containers:
        - name: nginx
          image: nginx:stable
          ports:
            - containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: nginx-conf
              mountPath: /etc/nginx
        - name: your-app
          image: "dockerhub.com/your-app:latest"
          ports:
            - containerPort: 3000
              protocol: TCP
      volumes:
        - name: nginx-conf
          configMap:
            name: api-gateway-nginx-conf-configmap
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: nginx-conf-configmap
	labels:
	app: your-app
	data:
	nginx.conf: \|-
	error_log /dev/stdout info;
	events {
	worker_connections 768;
	}

	http {
	proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=app_cache:10m max_size=10g inactive=240m use_temp_path=off;
	proxy_cache_key $scheme$proxy_host$request_uri;
	proxy_cache_lock on;
	proxy_cache_use_stale updating;

	# Nginx will handle gzip compression of responses from the app server
	gzip on;
	gzip_proxied any;
	gzip_types text/plain application/json;
	gzip_min_length 1000;

	server {
	listen 80;

	# Nginx will reject anything not matching /api
	location / {
	# Reject requests with unsupported HTTP method
	if ($request_method !~ ^(GET\|POST\|HEAD\|OPTIONS\|PUT\|DELETE)$) {
	return 405;
	}

	# Only requests matching the whitelist expectations will
	# get sent to the application server
	proxy_pass http://localhost:3000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_cache_bypass $http_upgrade;

	# Bypass Authorization header
	proxy_pass_request_headers on;
	proxy_no_cache $cookie_nocache $arg_nocache$arg_comment;
	proxy_no_cache $http_pragma $http_authorization;
	proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
	proxy_cache_bypass $http_pragma $http_authorization;

	proxy_cache app_cache;
	proxy_cache_revalidate on;
	proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
	proxy_cache_bypass $http_x_purge;
	proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
	proxy_cache_valid 200 60s;
	expires 60s;
	add_header X-Cache-Status $upstream_cache_status;
	}
	}
	}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: your-app
	labels:
	app: your-app
	version: "1.0"
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: your-app
	version: "1.0"
	strategy:
	type: RollingUpdate
	rollingUpdate:
	maxUnavailable: 0
	maxSurge: 1
	template:
	metadata:
	labels:
	app: your-label
	version: "1.0"
	spec:
	containers:
	- name: nginx
	image: nginx:stable
	ports:
	- containerPort: 80
	protocol: TCP
	volumeMounts:
	- name: nginx-conf
	mountPath: /etc/nginx
	- name: your-app
	image: "dockerhub.com/your-app:latest"
	ports:
	- containerPort: 3000
	protocol: TCP
	volumes:
	- name: nginx-conf
	configMap:
	name: api-gateway-nginx-conf-configmap