Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow run time updating of GeoIP databases #2100

Closed
Stono opened this issue Feb 15, 2018 · 9 comments · Fixed by #2107
Closed

Allow run time updating of GeoIP databases #2100

Stono opened this issue Feb 15, 2018 · 9 comments · Fixed by #2107

Comments

@Stono
Copy link
Contributor

Stono commented Feb 15, 2018

Hey,
At the moment, the following GeoIP databases are downloaded as part of the nginx base image build:

  - geoip_country       /etc/nginx/GeoIP.dat;
  - geoip_city          /etc/nginx/GeoLiteCity.dat;
  - geoip_org           /etc/nginx/GeoIPASNum.dat;

These databases get updated (GeoIPASNum more than others), and I think it'd be nice to find a way to update this outside the update cycle of ingress-nginx

I'm unsure however, the best way to do this so didn't want to implement a PR without talking it through first. I see the following options:

  1. Add --update-geo-ip, which downloads these files every time the container boots, or if they're over some arbitrary age.
  2. Have a separate side car which keeps these files up to date, but that would some how have to trigger an nginx -s reload

I'm totally open to ideas?
@aledbf
Copy link
Member

aledbf commented Feb 16, 2018

@Stono what we can do is to change the path of the files to a directory like /etc/nginx/geoip and then you can use a custom deployment with an additional container that updates the file and an emptyDir volume mounted in /etc/nginx/geoip

@Stono
Copy link
Contributor Author

Stono commented Feb 16, 2018

@aledbf that makes sense, but then how would that side car trigger an nginx -s reload when the db changes?

@aledbf
Copy link
Member

aledbf commented Feb 16, 2018

that makes sense, but then how would that side car trigger an nginx -s reload when the db changes?

I was thinking to just wait until the next event that triggers an update in the controller

@aledbf
Copy link
Member

aledbf commented Feb 16, 2018

@Stono or run nginx -s reload using kubectl exec from the side car

@Stono
Copy link
Contributor Author

Stono commented Feb 16, 2018
edited
Loading

hmm then i'd have to give the sidecar RBAC access to exec pods on kubectl which feels a bit wrong ;'(

@aledbf
Copy link
Member

aledbf commented Feb 16, 2018

@Stono ok, then I can add another notify listener for the geoip directory and trigger a reload like here https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/nginx.go#L170

@Stono
Copy link
Contributor Author

Stono commented Feb 16, 2018
edited
Loading

Ahh great idea @aledbf - leave it with me and I'll (try) to do a PR!

@Stono Stono mentioned this issue Feb 16, 2018
Merged
@Stono
Copy link
Contributor Author

Stono commented Feb 16, 2018

OK @aledbf - gave it my best shot! See the attached PR

@Niteesh
Copy link

Niteesh commented Nov 9, 2019

can this help, the feature is already provided by geoip2 module, can we exploit that.

http {

    geoip2 /etc/GeoLite2-Country.mmdb {
        **auto_reload 5m;**
        $geoip2_metadata_country_build metadata build_epoch;
        $geoip2_data_country_code default=US source=$http_x_forwarded_for country iso_code;
        $geoip2_data_country_name source=$http_x_forwarded_for country names en;
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enabled the dynamic reload of GeoIP data
3 participants
@aledbf @Stono @Niteesh