allow init containers, e.g. to deploy a crl file to nginx #2100

g10f · 2021-10-14T22:45:58Z

Proposed changes

For deploying crl files with size of several MBs to nginx we need an InitContainer.
Our crl file is about 8 MB which can not be stored in a config map because of the size. Therfore we use an init container to provide the crl.
E. g. here a values file snippet with an init container that copys a crl file to data/pem/crl.pem

  initContainers:
  - name: init-nginx
    image: xyz.dkr.ecr.eu-central-1.amazonaws.com/init-nginx:1.1.12 
    volumeMounts:
    - name: extra-volume
      mountPath: /data/pem
  volumeMounts:
  - name: extra-volume
    mountPath: /etc/nginx/crl.pem
    subPath: crl.pem
  volumes:
  - name: extra-volume
    emptyDir: {}

The corresponding ingress yaml snippet is

metadata:
  annotations:
    nginx.org/server-snippets: |
      ssl_verify_client optional;
      ssl_verify_depth 2;
      ssl_crl crl.pem;
      ...

Additionally we use a cronjob which does a kubectl rollout restart of the deployment so that new crl files are used by nginx. Would be nice, if this is supported by the helm chart.

pleshakov · 2021-10-15T19:05:49Z

Hi @g10f Thanks for the PR!

Could you possibly clarify the use case(s) for init containers in the Ingress Controller? You mentioned crl files. However, could you explain how it works?

g10f · 2021-10-17T20:20:57Z

Hi @g10f Thanks for the PR!

Could you possibly clarify the use case(s) for init containers in the Ingress Controller? You mentioned crl files. However, could you explain how it works?

I added some information above. The main thing is, that we copy the crl file with the init container to a shared mount.

tomasohaodha · 2021-10-28T10:23:00Z

Hi Gunnar,

Many thanks for the PR, we are eager to merge it. Some further feedback:

Could you update deployments/helm-chart/templates/controller-daemonset.yaml to include the init containers
In deployments/helm-chart/values.yaml, the entry for init container needs to have a doc that matches the entry in the helm readme for consistency:

## InitContainers for the Ingress controller pods.  
initContainers: []

Can you update https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/content/installation/installation-with-helm.md#configuration similarly to the helm readme
Optional but useful: In the values file, also include an example of an init container in the comment, similarly to the volumeMounts: []. For example:

  initContainers:
  # - name: init-container
  #   image: busybox:1.34
  #   command: ['sh', '-c', 'echo "init container will run for 120s" && sleep 120']

g10f · 2021-10-29T14:36:11Z

Hi Gunnar,

Many thanks for the PR, we are eager to merge it. Some further feedback:

Could you update deployments/helm-chart/templates/controller-daemonset.yaml to include the init containers

In deployments/helm-chart/values.yaml, the entry for init container needs to have a doc that matches the entry in the helm readme for consistency:
## InitContainers for the Ingress controller pods.  
initContainers: []
Can you update https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/content/installation/installation-with-helm.md#configuration similarly to the helm readme

Optional but useful: In the values file, also include an example of an init container in the comment, similarly to the volumeMounts: []. For example:
  initContainers:
  # - name: init-container
  #   image: busybox:1.34
  #   command: ['sh', '-c', 'echo "init container will run for 120s" && sleep 120']

Hi @tomasohaodha, thank you for the feedback. I updated the pull request.

tomasohaodha · 2021-11-01T18:11:47Z

Hi Gunnar,
Many thanks for the PR, we are eager to merge it. Some further feedback:

Could you update deployments/helm-chart/templates/controller-daemonset.yaml to include the init containers

In deployments/helm-chart/values.yaml, the entry for init container needs to have a doc that matches the entry in the helm readme for consistency:
## InitContainers for the Ingress controller pods.  
initContainers: []
Can you update https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/content/installation/installation-with-helm.md#configuration similarly to the helm readme

Optional but useful: In the values file, also include an example of an init container in the comment, similarly to the volumeMounts: []. For example:
  initContainers:
  # - name: init-container
  #   image: busybox:1.34
  #   command: ['sh', '-c', 'echo "init container will run for 120s" && sleep 120']
Hi @tomasohaodha, thank you for the feedback. I updated the pull request.

Thanks for that Gunnar, we'll review asap

vepatel · 2021-11-03T11:51:07Z

Verified:

  Normal  Pulled     3m20s  kubelet            Container image "busybox:1.34" already present on machine
  Normal  Created    3m20s  kubelet            Created container init-container
  Normal  Started    3m20s  kubelet            Started container init-container

@g10f approved 👍🏼 , just a few minor comments:

ReadMe: can we remove crl.pem specific line Useful for fetching crl files from a URL and copy the data to a mounted volume to crl.pem for using with nginx or maybe add Init containers can contain utilities or setup scripts not present in an app image instead?

In values.yaml, can give a more generic example like:

initContainers: 
 - name: init-container
    image: busybox:1.34
    command: ['sh', '-c', 'echo this is initial setup!']

- consistent doc info - example for initContainers

g10f · 2021-11-04T10:07:24Z

Verified:
  Normal  Pulled     3m20s  kubelet            Container image "busybox:1.34" already present on machine
  Normal  Created    3m20s  kubelet            Created container init-container
  Normal  Started    3m20s  kubelet            Started container init-container
@g10f approved 👍🏼 , just a few minor comments:
ReadMe: can we remove crl.pem specific line Useful for fetching crl files from a URL and copy the data to a mounted volume to crl.pem for using with nginx or maybe add Init containers can contain utilities or setup scripts not present in an app image instead?
In values.yaml, can give a more generic example like:
initContainers: 
 - name: init-container
    image: busybox:1.34
    command: ['sh', '-c', 'echo this is initial setup!']

Thanks for reviewing. I have implemented your suggestions.

tomasohaodha · 2021-11-04T10:21:33Z

Merged into master, many thanks @g10f Gunnar.

pleshakov added the proposal An issue that proposes a feature request label Oct 15, 2021

tomasohaodha requested review from vepatel and pleshakov November 2, 2021 17:09

pleshakov approved these changes Nov 2, 2021

View reviewed changes

vepatel approved these changes Nov 3, 2021

View reviewed changes

g10f added 4 commits November 3, 2021 22:18

allow init containers, e.g. to deploy a crl file to nginx

fa20209

- updated daemonset.yaml and fixed deployment.yaml

26671da

- consistent doc info - example for initContainers

- updated daemonset.yaml and fixed deployment.yaml

3dbc0b0

- consistent doc info - example for initContainers

more generic description an sample

6217c2f

tomasohaodha added the enhancement Pull requests for new features/feature enhancements label Nov 4, 2021

tomasohaodha enabled auto-merge (squash) November 4, 2021 10:08

tomasohaodha merged commit 3770c0a into nginx:master Nov 4, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

allow init containers, e.g. to deploy a crl file to nginx #2100

allow init containers, e.g. to deploy a crl file to nginx #2100

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

allow init containers, e.g. to deploy a crl file to nginx #2100

allow init containers, e.g. to deploy a crl file to nginx #2100

Uh oh!

Conversation

Uh oh!

Proposed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!