controller:
extraInitContainers:
- name: sysctl
image: busybox
securityContext:
privileged: true
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
sysctl -w net.core.somaxconn=65535 # Increase connection queue to prevent queue overflow
sysctl -w net.ipv4.ip_local_port_range="1024 65535" # Expand source port range to prevent port exhaustion
sysctl -w net.ipv4.tcp_tw_reuse=1 # Enable TIME_WAIT reuse to avoid port exhaustion and allow new connections
sysctl -w fs.file-max=1048576 # Increase file handle count to prevent connection overflow from exhausting file handles
config:
keep-alive-requests: "1000"
upstream-keepalive-connections: "2000"
max-worker-connections: "65536"
log-format-upstream: $remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer" "$http_user_agent"
$request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr
$upstream_response_length $upstream_response_time $upstream_status $req_id $host
access-log-path: /var/log/nginx/nginx_access.log
error-log-path: /var/log/nginx/nginx_error.log
extraEnvs:
- name: TZ
value: Asia/Shanghai
extraVolumes:
- name: log
emptyDir: {}
extraVolumeMounts:
- name: log
mountPath: /var/log/nginx
extraContainers:
- name: logrotate
image: imroc/logrotate:latest
imagePullPolicy: Always
env:
- name: LOGROTATE_FILE_PATTERN
value: "/var/log/nginx/nginx_*.log"
- name: LOGROTATE_FILESIZE
value: "100M"
- name: LOGROTATE_FILENUM
value: "3"
- name: CRON_EXPR
value: "*/1 * * * *"
- name: CROND_LOGLEVEL
value: "8"
volumeMounts:
- name: log
mountPath: /var/log/nginx
podAnnotations:
tke.cloud.tencent.com/networks: tke-route-eni
resources:
requests:
tke.cloud.tencent.com/eni-ip: "1"
limits:
tke.cloud.tencent.com/eni-ip: "1"
service:
annotations:
service.cloud.tencent.com/direct-access: "true"
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
behavior:
scaleUp:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 900
periodSeconds: 15
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Pods
value: 1
periodSeconds: 600
topologySpreadConstraints:
- labelSelector:
matchLabels:
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/component: controller
topologyKey: topology.kubernetes.io/zone
maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
- labelSelector:
matchLabels:
app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/component: controller
topologyKey: kubernetes.io/hostname
maxSkew: 1
whenUnsatisfiable: ScheduleAnyway
image:
registry: docker.io
image: k8smirror/ingress-nginx-controller
admissionWebhooks:
patch:
image:
registry: docker.io
image: k8smirror/ingress-nginx-kube-webhook-certgen
defaultBackend:
image:
registry: docker.io
image: k8smirror/defaultbackend-amd64
opentelemetry:
image:
registry: docker.io
image: k8smirror/ingress-nginx-opentelemetry
Was this page helpful?