tencent cloud

controller:
  extraInitContainers:
    - name: sysctl
      image: busybox
      securityContext:
        privileged: true
      imagePullPolicy: IfNotPresent
      command:
        - sh
        - -c
        - |
          sysctl -w net.core.somaxconn=65535 # Increase connection queue to prevent queue overflow
          sysctl -w net.ipv4.ip_local_port_range="1024 65535" # Expand source port range to prevent port exhaustion
          sysctl -w net.ipv4.tcp_tw_reuse=1 # Enable TIME_WAIT reuse to avoid port exhaustion and allow new connections
          sysctl -w fs.file-max=1048576 # Increase file handle count to prevent connection overflow from exhausting file handles
  config:
    # The number of requests that can be processed by a persistent connection between Nginx and the client, which defaults to 100. We recommend that you increase this number in high-concurrency scenarios, but setting it too high may cause uneven load after Nginx Ingress scale-out.
    # Reference: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#keep-alive-requests
    keep-alive-requests: "1000"
    # The maximum number of idle persistent connections (not the maximum number of connections) between Nginx and the upstream, which defaults to 320. We recommend that you increase this number in high-concurrency scenarios to prevent the frequent establishment of connections from significantly increasing the number of TIME_WAIT connections.
    # Reference: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-connections
    upstream-keepalive-connections: "2000"
    # The maximum number of connections that each worker process can open, which defaults to 16384.
    # Reference: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#max-worker-connections
    max-worker-connections: "65536"
    log-format-upstream: $remote_addr - $remote_user [$time_local] "$request"
      $status $body_bytes_sent "$http_referer" "$http_user_agent"
      $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr
      $upstream_response_length $upstream_response_time $upstream_status $req_id $host
    # Nginx logs are written to log files to avoid high CPU usage under high concurrency
    access-log-path: /var/log/nginx/nginx_access.log
    error-log-path: /var/log/nginx/nginx_error.log
  extraEnvs:
    - name: TZ
      value: Asia/Shanghai
  extraVolumes:
    - name: log
      emptyDir: {}
  extraVolumeMounts:
    - name: log
      mountPath: /var/log/nginx
  extraContainers:
    - name: logrotate
      image: imroc/logrotate:latest
      imagePullPolicy: Always
      env:
        - name: LOGROTATE_FILE_PATTERN # Pattern of rotated log files, matching the log file path configured in nginx
          value: "/var/log/nginx/nginx_*.log"
        - name: LOGROTATE_FILESIZE # Log rotation threshold size
          value: "100M"
        - name: LOGROTATE_FILENUM # Number of rotations per log file
          value: "3"
        - name: CRON_EXPR # Crontab expression for periodic logrotate, here it runs every minute
          value: "*/1 * * * *"
        - name: CROND_LOGLEVEL # Crond log level, 0~8, the smaller the value, the more detailed
          value: "8"
      volumeMounts:
        - name: log
          mountPath: /var/log/nginx
  podAnnotations:
    tke.cloud.tencent.com/networks: tke-route-eni # Declare the use of VPC-CNI network
  resources: # Declare the use of ENI in resources
    requests:
      tke.cloud.tencent.com/eni-ip: "1"
    limits:
      tke.cloud.tencent.com/eni-ip: "1"
  service:
    annotations:
      service.cloud.tencent.com/direct-access: "true" # Enable CLB Direct Access
  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 10
    targetCPUUtilizationPercentage: 50
    targetMemoryUtilizationPercentage: 50
    behavior: # Quick scaling to handle traffic peaks, slow scaling to leave a buffer and avoid abnormal traffic
      scaleUp:
        stabilizationWindowSeconds: 300
        policies:
          - type: Percent
            value: 900
            periodSeconds: 15 # Allow scaling up to 9 times the current number of replicas every 15 seconds
      scaleDown:
        stabilizationWindowSeconds: 300
        policies:
          - type: Pods
            value: 1
            periodSeconds: 600 # Allow shrinking by only 1 pod every 10 minutes
  topologySpreadConstraints: # Strategy to maximize spreading
    - labelSelector:
        matchLabels:
          app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
          app.kubernetes.io/instance: "{{ .Release.Name }}"
          app.kubernetes.io/component: controller
      topologyKey: topology.kubernetes.io/zone
      maxSkew: 1
      whenUnsatisfiable: ScheduleAnyway
    - labelSelector:
        matchLabels:
          app.kubernetes.io/name: '{{ include "ingress-nginx.name" . }}'
          app.kubernetes.io/instance: "{{ .Release.Name }}"
          app.kubernetes.io/component: controller
      topologyKey: kubernetes.io/hostname
      maxSkew: 1
      whenUnsatisfiable: ScheduleAnyway
  image:
    registry: docker.io
    image: k8smirror/ingress-nginx-controller
  admissionWebhooks:
    patch:
      image: # The default image cannot be pulled domestically, it can be replaced with the mirror image on Docker Hub
        registry: docker.io
        image: k8smirror/ingress-nginx-kube-webhook-certgen
  defaultBackend:
    image: # The default image cannot be pulled domestically, it can be replaced with the mirror image on Docker Hub
      registry: docker.io
      image: k8smirror/defaultbackend-amd64
  opentelemetry:
    image: # The default image cannot be pulled domestically, it can be replaced with the mirror image on Docker Hub
      registry: docker.io
      image: k8smirror/ingress-nginx-opentelemetry