chore(reliability): Allow fence-config to override Nginx rate limit. (#…

…1613) * chore(reliability): Allow fence-config to override Nginx rate limit * use appname var instead of hardcoded service name * fix code to identify and capture OVERRIDE_NGINX_RATE_LIMIT * capturing default config from correct config file * rely on environment variable set in fence's Dockerfile * export OVERRIDE_NGINX_RATE_LIMIT in pod startup command * use fence-public-config and fallback on fence-default config for OVERRIDE_NGINX_RATE_LIMIT * use fence-public-config and fallback on fence-default config for OVERRIDE_NGINX_RATE_LIMIT * remove testing value
uc-cdis · May 24, 2021 · 463b527 · 463b527
1 parent 0d3a8ae
commit 463b527
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/Docker/python-nginx/python3.6-alpine3.7/entrypoint.sh b/Docker/python-nginx/python3.6-alpine3.7/entrypoint.sh
@@ -1,9 +1,19 @@
 #!/usr/bin/env sh
 set -e
 
+rate_limit=""
 if [ ! -z $NGINX_RATE_LIMIT ]; then
+  echo "Found NGINX_RATE_LIMIT environment variable..."
+  if [ ! -z $OVERRIDE_NGINX_RATE_LIMIT ]; then
+    rate_limit=$OVERRIDE_NGINX_RATE_LIMIT
+    echo "Overriding Nginx rate limit with new value ${rate_limit}..."
+  else
+    rate_limit=$NGINX_RATE_LIMIT
+    echo "Applying Nginx rate limit from k8s deployment descriptor..."
+  fi
+
   # Add rate_limit config
-  rate_limit_conf="\ \ \ \ limit_req_zone \$binary_remote_addr zone=one:10m rate=${NGINX_RATE_LIMIT}r/s;"
+  rate_limit_conf="\ \ \ \ limit_req_zone \$binary_remote_addr zone=one:10m rate=${rate_limit}r/s;"
   sed -i "/http\ {/a ${rate_limit_conf}" /etc/nginx/nginx.conf
   if [ -f /etc/nginx/sites-available/uwsgi.conf ]; then
     limit_req_config="\ \ \ \ \ \ \ \ limit_req zone=one;"

diff --git a/kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml b/kube/services/presigned-url-fence/presigned-url-fence-deploy.yaml
@@ -208,6 +208,11 @@ spec:
             echo -e "ENABLE_DB_MIGRATION: false" > "/var/www/fence/fence-config-bonus1.yaml"
             python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config-step1.yaml
             python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-bonus1.yaml /var/www/fence/fence-config-step1.yaml > /var/www/fence/fence-config.yaml
+            nginx_limit=$(cat /var/www/fence/fence-config.yaml | sed -n -e 's/^.*\"OVERRIDE_NGINX_RATE_LIMIT\": //p' | sed 's/.$//')
+            if [ -z "$nginx_limit" ]; then
+              nginx_limit=$(cat /fence/fence/config-default.yaml | sed -n -e 's/^.*OVERRIDE_NGINX_RATE_LIMIT: //p')
+            fi
+            export OVERRIDE_NGINX_RATE_LIMIT="$nginx_limit"
             ([[ ! -f /entrypoint.sh ]] || bash /entrypoint.sh) && /fence/dockerrun.bash && if [[ -f /dockerrun.sh ]]; then /dockerrun.sh; fi
       - name: nginx-prometheus-exporter-wrapper
         GEN3_NGINX_PROMETHEUS_EXPORTER_WRAPPER_IMAGE|-image: quay.io/cdis/nginx-prometheus-exporter-wrapper:pybase3-1.4.0-|