跳到主要内容

values.yaml 完整配置示例

以下是比较完整的 values.yaml 配置示例,可复制下来然后并根据自己需求来进行增删改:

values.yaml
controller:
extraInitContainers:
- name: sysctl
image: busybox
securityContext:
privileged: true
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
sysctl -w net.core.somaxconn=65535 # 调大链接队列,防止队列溢出
sysctl -w net.ipv4.ip_local_port_range="1024 65535" # 扩大源端口范围,防止端口耗尽
sysctl -w net.ipv4.tcp_tw_reuse=1 # TIME_WAIT 复用,避免端口耗尽后无法新建连接
sysctl -w fs.file-max=1048576 # 调大文件句柄数,防止连接过多导致文件句柄耗尽
config:
# nginx 与 client 保持的一个长连接能处理的请求数量,默认100,高并发场景建议调高,但过高也可能导致 nginx ingress 扩容后负载不均。
# 参考: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#keep-alive-requests
keep-alive-requests: "1000"
# nginx 与 upstream 保持长连接的最大空闲连接数 (不是最大连接数),默认 320,在高并发下场景下调大,避免频繁建联导致 TIME_WAIT 飙升。
# 参考: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-connections
upstream-keepalive-connections: "2000"
# 每个 worker 进程可以打开的最大连接数,默认 16384。
# 参考: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#max-worker-connections
max-worker-connections: "65536"
log-format-upstream: $remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer" "$http_user_agent"
$request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr
$upstream_response_length $upstream_response_time $upstream_status $req_id $host
# nginx 日志落盘到日志文件,避免高并发下占用过多 CPU
access-log-path: /var/log/nginx/nginx_access.log
error-log-path: /var/log/nginx/nginx_error.log
extraEnvs:
- name: TZ
value: Asia/Shanghai
extraVolumes:
- name: log
emptyDir: {}
extraVolumeMounts:
- name: log
mountPath: /var/log/nginx
extraContainers:
- name: logrotate
image: imroc/logrotate:latest
imagePullPolicy: Always
env:
- name: LOGROTATE_FILE_PATTERN # 轮转的日志文件pattern,与 nginx 配置的日志文件路径相匹配
value: "/var/log/nginx/nginx_*.log"
- name: LOGROTATE_FILESIZE # 日志文件超过多大后轮转
value: "100M"
- name: LOGROTATE_FILENUM # 每个日志文件轮转的数量
value: "3"
- name: CRON_EXPR # logrotate 周期性运行的 crontab 表达式,这里每分钟一次
value: "*/1 * * * *"
- name: CROND_LOGLEVEL # crond 日志级别,0~8,越小越详细
value: "8"
volumeMounts:
- name: log
mountPath: /var/log/nginx
podAnnotations:
tke.cloud.tencent.com/networks: tke-route-eni # 声明使用 VPC-CNI 网络
resources: # resources 里声明使用弹性网卡
requests:
tke.cloud.tencent.com/eni-ip: "1"
limits:
tke.cloud.tencent.com/eni-ip: "1"
service:
annotations:
service.cloud.tencent.com/direct-access: "true" # 启用 CLB 直通
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
behavior: # 快速扩容应对流量洪峰,缓慢缩容预留 buffer 避免流量异常
scaleUp:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 900
periodSeconds: 15 # 每 15s 最多允许扩容 9 倍于当前副本数
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Pods
value: 1
periodSeconds: 600 # 每 10 分钟最多只允许缩掉 1 个 Pod
topologySpreadConstraints: # 尽量打散的策略
- labelSelector:
matchLabels:
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/component: controller
topologyKey: topology.kubernetes.io/zone
maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
- labelSelector:
matchLabels:
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/component: controller
topologyKey: kubernetes.io/hostname
maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
image:
registry: docker.io
image: k8smirror/ingress-nginx-controller
admissionWebhooks:
patch:
image: # 默认的镜像在境内无法拉取,可替换为 docker hub 上的 mirror 镜像
registry: docker.io
image: k8smirror/ingress-nginx-kube-webhook-certgen
defaultBackend:
image: # 默认的镜像在境内无法拉取,可替换为 docker hub 上的 mirror 镜像
registry: docker.io
image: k8smirror/defaultbackend-amd64
opentelemetry:
image: # 默认的镜像在境内无法拉取,可替换为 docker hub 上的 mirror 镜像
registry: docker.io
image: k8smirror/ingress-nginx-opentelemetry