diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index c1626a5562a812963ff74ba05368931b6d663636..d7d194727873e9e9bdd1336b9f32d47cb4ef9127 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -200,7 +200,7 @@ kube_router_image_tag: "{{ kube_router_version }}"
multus_image_repo: "docker.io/nfvpe/multus"
multus_image_tag: "{{ multus_version }}"
nginx_image_repo: nginx
-nginx_image_tag: 1.13
+nginx_image_tag: 1.15
coredns_version: "1.4.0"
coredns_image_repo: "coredns/coredns"
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index e3f20d4a67f6cc0e17c5afbdb9ca58b07199187b..c802ab91efd25da1d09954259402635bfea2fbcd 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -42,9 +42,7 @@ kube_master_cpu_reserved: 200m
kubelet_status_update_frequency: 10s
-# Limits for nginx load balancer app
-nginx_memory_limit: 512M
-nginx_cpu_limit: 300m
+# Requests for nginx load balancer app
nginx_memory_requests: 32M
nginx_cpu_requests: 25m
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index fbe170cfa7d3fa7b92f841fc738f5b04e37015be..ed52f647eaebd2fa5a65ba1f61c5b81075ecd829 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -4,6 +4,7 @@ metadata:
name: nginx-proxy
namespace: kube-system
labels:
+ addonmanager.kubernetes.io/mode: Reconcile
k8s-app: kube-nginx
spec:
hostNetwork: true
@@ -17,9 +18,6 @@ spec:
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
- limits:
- cpu: {{ nginx_cpu_limit }}
- memory: {{ nginx_memory_limit }}
requests:
cpu: {{ nginx_cpu_requests }}
memory: {{ nginx_memory_requests }}
@@ -30,6 +28,10 @@ spec:
httpGet:
path: /healthz
port: {{ nginx_kube_apiserver_healthcheck_port }}
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ nginx_kube_apiserver_healthcheck_port }}
{% endif -%}
volumeMounts:
- mountPath: /etc/nginx
diff --git a/roles/kubernetes/node/templates/nginx.conf.j2 b/roles/kubernetes/node/templates/nginx.conf.j2
index 3e5374b71cb5f7b08dc31fbe51df359649b19197..274139529c78544f48724a9e332699f41302221b 100644
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -1,37 +1,50 @@
error_log stderr notice;
-worker_processes 1;
+worker_processes 2;
+worker_rlimit_nofile 130048;
+worker_shutdown_timeout 10s;
+
events {
multi_accept on;
use epoll;
- worker_connections 1024;
+ worker_connections 16384;
}
stream {
- upstream kube_apiserver {
- least_conn;
- {% for host in groups['kube-master'] -%}
- server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
- {% endfor -%}
- }
-
- server {
- listen 127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }};
- proxy_pass kube_apiserver;
- proxy_timeout 10m;
- proxy_connect_timeout 1s;
+ upstream kube_apiserver {
+ least_conn;
+ {% for host in groups['kube-master'] -%}
+ server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
+ {% endfor -%}
+ }
- }
+ server {
+ listen 127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }};
+ proxy_pass kube_apiserver;
+ proxy_timeout 10m;
+ proxy_connect_timeout 1s;
+ }
}
http {
- {% if nginx_kube_apiserver_healthcheck_port is defined -%}
- server {
- listen {{ nginx_kube_apiserver_healthcheck_port }};
- location /healthz {
- access_log off;
- return 200;
- }
- }
- {% endif -%}
+ aio threads;
+ aio_write on;
+ tcp_nopush on;
+ tcp_nodelay on;
+
+ keepalive_timeout 75s;
+ keepalive_requests 100;
+ reset_timedout_connection on;
+ server_tokens off;
+ autoindex off;
+
+ {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+ server {
+ listen {{ nginx_kube_apiserver_healthcheck_port }};
+ location /healthz {
+ access_log off;
+ return 200;
+ }
+ }
+ {% endif -%}
}