feat: add validDns option and headless distributor to Nginx (#366)

* feat: add validDns option and headless distributor to Nginx Signed-off-by: Loc Mai <[email protected]> * chore: update changelog, fix trailing space and typo Signed-off-by: Loc Mai <[email protected]> * Update naming Signed-off-by: Loc Mai <[email protected]> * remove extra line Signed-off-by: Loc Mai <[email protected]> * fix nginx conf Signed-off-by: Loc Mai <[email protected]> * fix nginx conf Signed-off-by: Loc Mai <[email protected]>
cortexproject · Jun 10, 2022 · 34b0650 · 34b0650
1 parent b9f640c
commit 34b0650
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 * [CHANGE] move from omegavvweapon/kopf-k8s-sidecar to kiwigrid/k8s-sidecar #365
 * [FEATURE] Add Overrides-Exporter #360
+* [ENHANCEMENT] Add dnsTTL option to nginx config #366
 * [BUGFIX] Fix query-scheduler address for query-frontend to use correct address #364
 * [DEPENDENCY] Update dependency nginx to v1.22 #357
 

diff --git a/README.md b/README.md
@@ -489,6 +489,7 @@ Kubernetes: `^1.19.0-0`
 | nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;basicAuthSecretName | string | `""` | (optional) Name of basic auth secret. In order to use this option, a secret with htpasswd formatted contents at the key ".htpasswd" must exist. For example:   apiVersion: v1   kind: Secret   metadata:     name: my-secret     namespace: <same as cortex installation>   stringData:     .htpasswd: |       user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0       user2:$apr1$QdR8fNLT$vbCEEzDj7LyqCMyNpSoBh/ Please note that the use of basic auth will not identify organizations the way X-Scope-OrgID does. Thus, the use of basic auth alone will not prevent one tenant from viewing the metrics of another. To ensure tenants are scoped appropriately, explicitly set the `X-Scope-OrgID` header in the nginx config. Example   setHeaders:     X-Scope-OrgID: $remote_user |
 | nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;client_max_body_size | string | `"1M"` | ref: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size |
 | nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;dnsResolver | string | `"kube-dns.kube-system.svc.cluster.local"` |  |
+| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;dnsTTL | string | `"15s"` | (optional) Including the valid parameter to the `resolver` directive to re-resolve names every `dnsTTL` seconds/minutes |
 | nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;httpSnippet | string | `""` | arbitrary snippet to inject in the http { } section of the nginx config |
 | nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;mainSnippet | string | `""` | arbitrary snippet to inject in the top section of the nginx config |
 | nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;serverSnippet | string | `""` | arbitrary snippet to inject in the server { } section of the nginx config |

diff --git a/templates/nginx/nginx-config.yaml b/templates/nginx/nginx-config.yaml
@@ -31,7 +31,7 @@ data:
       access_log   /dev/stderr  main;
       sendfile     on;
       tcp_nopush   on;
-      resolver {{ default (printf "kube-dns.kube-system.svc.%s" .Values.clusterDomain ) .Values.nginx.config.dnsResolver }};
+      resolver {{ default (printf "kube-dns.kube-system.svc.%s" .Values.clusterDomain ) .Values.nginx.config.dnsResolver }}{{- if .Values.nginx.config.dnsTTL }} valid={{ .Values.nginx.config.dnsTTL }}{{- end }};
 
       {{- with .Values.nginx.config.httpSnippet }}
       {{ tpl . $ | nindent 6 }}

diff --git a/values.yaml b/values.yaml
@@ -1276,7 +1276,8 @@ nginx:
     #   setHeaders:
     #     X-Scope-OrgID: $remote_user
     basicAuthSecretName: ""
-
+    # -- (optional) Including the valid parameter to the `resolver` directive to re-resolve names every `dnsTTL` seconds/minutes
+    dnsTTL: "15s"
   image:
     repository: nginx
     tag: 1.22