2

我正在尝试以nginx非 root 用户身份运行容器我正在尝试配置我的nginx.conf文件,然后我将其放入 k8s configmap,但是当容器启动时,它会不断抛出错误,例如

/etc/nginx/conf.d/nginx-kibana.conf:4 中不允许使用“pid”指令

以及随后的每一个

我需要在配置中修复或调整什么,还是需要volume:在 nginx-deployment.yaml中调整

这是我的 nginx.conf

error_log /tmp/error.log;

# The pidfile will be written to /var/run unless this is set.
pid /tmp/nginx.pid;

worker_processes 1;

events {
  worker_connections 1024;
}
http {
  # Set an array of temp and cache file options that will otherwise default to
  # restricted locations accessible only to root.
  client_body_temp_path /tmp/client_body;
  fastcgi_temp_path /tmp/fastcgi_temp;
  proxy_temp_path /tmp/proxy_temp;
  scgi_temp_path /tmp/scgi_temp;
  uwsgi_temp_path /tmp/uwsgi_temp;

  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;

  include /etc/nginx/mime.types;
  index index.html index.htm index.php;

  default_type application/octet-stream;
  server {
        listen 8080 default_server;
        listen [::]:8080 default_server ipv6only=on;
        server_name  localhost;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        # the UI will send the request with query string pageId to kibana to load a specific page
        # e.g: iframe src="/kibana/page?pageId=dashboard"
        # set proxy_pass to root kibana does not see the query params, so we have to go to /app/kibana
        location ^~ /${KIBANA_PATH}/page {
          proxy_pass http://127.0.0.1:5601/app/kibana/${ESC}is_args${ESC}args;
          proxy_http_version 1.1;
          proxy_set_header Upgrade ${ESC}http_upgrade;
          proxy_set_header Connection 'upgrade';
          proxy_set_header Host ${ESC}host;
          proxy_cache_bypass ${ESC}http_upgrade;
        }

        # have to re-write URLs for kibana to strip out the /kibana part
        location /${KIBANA_PATH}/ {
          proxy_pass http://127.0.0.1:5601/;
          proxy_http_version 1.1;
          proxy_set_header Upgrade ${ESC}http_upgrade;
          proxy_set_header Connection 'upgrade';
          proxy_set_header Host ${ESC}host;
          proxy_cache_bypass ${ESC}http_upgrade;
        }

    }
}

这就是我将配置映射安装到容器上的方式

      securityContext:
        fsGroup: 2000
        runAsUser: 2000
      volumes:
      - name: nginxconfigmap-volume
        configMap:
          name: my-nginx-configmap

      containers:
      - name: nginx
        image: nginx:stable
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        livenessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
        readinessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 2
          failureThreshold: 6
        volumeMounts:
        - mountPath: /etc/nginx/conf.d
          name: nginxconfigmap-volume
4

3 回答 3

1

通过修复两件事解决了问题。首先,我必须确保将我的 conf 文件命名为 nginx.conf 而不是 nginx-kibana.conf

其次必须确保我将安装路径设置为 mountPath: /etc/nginx

于 2019-10-24T14:24:13.280 回答
0

该文件位于不在nginx.conf的路径/etc/nginx/etc/nginx/conf.d。你得到的错误是 nginx 相关的,与 kubernetes 无关。更改路径以正确加载您的 nginx 配置。

于 2019-10-23T16:07:20.697 回答
0

如果我将卷安装路径修改为

   volumeMounts:
        - mountPath: /etc/nginx
          name: nginxconfigmap-volume

然后我得到这个错误 2019/10/23 02:50:49 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (2: No such file or directory) nginx: [emerg] open() "/etc/nginx/nginx.conf" 失败(2:没有这样的文件或目录)

不确定如何进行

于 2019-10-23T02:55:28.147 回答