feature: add caching nginx (#153)

Author: shcherbak

charts/verdaccio/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: A lightweight private node.js proxy registry
 name: verdaccio
-version: 4.19.0
+version: 4.20.0
 appVersion: 6.0.0
 home: https://verdaccio.org
 icon: https://cdn.verdaccio.dev/logos/default.png

charts/verdaccio/templates/configmap-nginx.yaml

@@ -0,0 +1,78 @@
+{{- if .Values.cachingNginx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "verdaccio.fullname" . }}-nginx-config
+data:
+  nginx.conf: |
+    user nginx;
+    worker_processes 4;
+    pid /var/run/nginx.pid;
+    error_log /dev/stderr info;
+    events {
+    	worker_connections 10240;
+    	use epoll;
+    }
+    http {
+    	include     /etc/nginx/mime.types;
+    	default_type  application/octet-stream;
+    	server_names_hash_max_size 512;
+    	server_names_hash_bucket_size 64;
+    	sendfile on;
+    	tcp_nopush on;
+    	tcp_nodelay on;
+    	proxy_buffer_size 4k;
+    	proxy_buffers 1024 4k;
+    	proxy_read_timeout 2m;
+    	proxy_send_timeout 2m;
+    	fastcgi_buffer_size 4k;
+    	fastcgi_buffers 1024 4k;
+    	keepalive_timeout 10;
+    	keepalive_requests 100;
+    	reset_timedout_connection on;
+    	client_max_body_size 100m;
+    	gzip on;
+    	gzip_types text/css application/x-javascript application/javascript text/javascript text/plain;
+    	gzip_comp_level 6;
+    	gzip_min_length 100;
+    	gzip_http_version 1.0;
+    	gzip_proxied any;
+    	gzip_disable "msie6";
+    	gzip_vary on;
+    	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    	ssl_ciphers 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4';
+    	ssl_session_cache shared:SSL:10m;
+    	ssl_session_timeout 30m;
+    	ssl_buffer_size 4k;
+    	ssl_prefer_server_ciphers on;
+    	ssl_session_tickets off;
+      log_format main escape=json
+      '{'
+        '"time_local":"$time_local",'
+        '"remote_addr":"$remote_addr",'
+        '"remote_user":"$remote_user",'
+        '"request":"$request",'
+        '"status": "$status",'
+        '"body_bytes_sent":"$body_bytes_sent",'
+        '"request_time":"$request_time",'
+        '"http_referrer":"$http_referer",'
+        '"http_user_agent":"$http_user_agent"'
+      '}';
+    	access_log /dev/stdout main;
+    	real_ip_header X-Real-IP;
+    	set_real_ip_from 0.0.0.0/0;
+    	proxy_cache_path {{ .Values.cachingNginx.proxyCachePath }}
+    	include /etc/nginx/conf.d/*.conf;
+    }
+  default.conf: |
+    server {
+      listen 80;
+      location / {
+        proxy_pass http://127.0.0.1:4873;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+      }
+    }
+{{- end }}

charts/verdaccio/templates/deployment.yaml

@@ -31,6 +31,9 @@ spec:
         {{- if .Values.secretEnvVars }}
         checksum/env-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
         {{- end }}
+        {{- if .Values.cachingNginx.enabled }}
+        checksum/config-nginx: {{ include (print $.Template.BasePath "/configmap-nginx.yaml") . | sha256sum }}
+        {{- end }}
         {{- include "verdaccio.podAnnotations" . | nindent 8 }}
       labels:
         {{- include "verdaccio.podLabels" . | nindent 8 }}
@@ -46,6 +49,23 @@ spec:
         {{- include "tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
       {{- end }}
       containers:
+        {{- if .Values.cachingNginx.enabled }}
+        - name: {{ template "verdaccio.name" . }}-nginx
+          imagePullPolicy: {{ .Values.cachingNginx.pullPolicy }}
+          image: {{ .Values.cachingNginx.repository }}:{{ .Values.cachingNginx.tag }}
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+            - name: config-volume
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+          resources:
+            {{ toYaml .Values.cachingNginx.resources | nindent 12 }}
+          ports:
+            - containerPort: 80
+              name: caching-nginx
+        {{- end }}
         - name: {{ template "verdaccio.name" . }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -126,6 +146,11 @@ spec:
         secret:
           secretName: {{ include "verdaccio.fullname" . }}-htpasswd
       {{- end }}
+      {{- if .Values.cachingNginx.enabled }}
+      - name: config-volume
+        configMap:
+          name: {{ include "verdaccio.fullname" . }}-nginx-config
+      {{- end }}
       {{- with .Values.persistence.volumes }}
       {{- include "tplvalues.render" (dict "value" . "context" $) | nindent 6 }}
       {{- end }}

charts/verdaccio/templates/service.yaml

@@ -25,7 +25,11 @@ spec:
   {{- end }}
   ports:
     - port: {{ .Values.service.port }}
+      {{- if .Values.cachingNginx.enabled }}
+      targetPort: caching-nginx
+      {{- else }}
       targetPort: http
+      {{- end }}
       protocol: TCP
       name: {{ .Values.service.name | default "http"}}
       {{- if contains "NodePort" .Values.service.type }}

charts/verdaccio/values.yaml

@@ -278,3 +278,13 @@ extraManifests: []
   #         app: verdaccio
   #     endpoints:
   #     - port: metrics
+
+# Additional container with caching nginx
+# Can be useful for intensive load
+cachingNginx:
+  enabled: false
+  repository: nginx
+  tag: 1.25.0
+  pullPolicy: IfNotPresent
+  proxyCachePath: '/var/cache/nginx levels=1:2 keys_zone=STATIC:100m inactive=12h max_size=1g;'
+  resources: {}