代码拉取完成,页面将自动刷新
同步操作将从 sasori/kubernetes安装-CentOS7 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-controller
namespace: nginx-ingress
data:
# nginx 与 client 保持的一个长连接能处理的请求数量,默认 100,高并发场景建议调高。
# 参考: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#keep-alive-requests
keep-alive-requests: "10000"
# nginx 与 upstream 保持长连接的最大空闲连接数 (不是最大连接数),默认 32,在高并发下场景下调大,避免频繁建连导致 TIME_WAIT 飙升。
# 参考: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-connections
upstream-keepalive-connections: "200"
# 每个 worker 进程可以打开的最大连接数,默认 16384。
# 参考: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#max-worker-connections
max-worker-connections: "65536"
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: nginx-ingress
component: controller
name: nginx-ingress-controller
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: nginx-ingress
minAvailable: 1
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: nginx-ingress
name: nginx-ingress
namespace: nginx-ingress
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: nginx-ingress
name: nginx-ingress-backend
namespace: nginx-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: nginx-ingress
name: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: nginx-ingress
name: nginx-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress
subjects:
- kind: ServiceAccount
name: nginx-ingress
namespace: nginx-ingress
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: nginx-ingress
name: nginx-ingress
namespace: nginx-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: nginx-ingress
name: nginx-ingress
namespace: nginx-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress
subjects:
- kind: ServiceAccount
name: nginx-ingress
namespace: nginx-ingress
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ingress
component: controller
name: nginx-ingress-controller-metrics
namespace: nginx-ingress
spec:
ports:
- name: metrics
port: 9913
targetPort: metrics
selector:
app: nginx-ingress
component: controller
type: "ClusterIP"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ingress
component: controller
name: nginx-ingress-controller
namespace: nginx-ingress
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: nginx-ingress
component: controller
# 使用Nginx Ingress获取真实源IP,(通过 HTTP Header 获取), 参见:https://cloud.tencent.com/document/product/457/48949 场景二;
externalTrafficPolicy: Local
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ingress
component: "default-backend"
name: nginx-ingress-default-backend
namespace: nginx-ingress
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: nginx-ingress
component: default-backend
type: "ClusterIP"
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-ingress
component: controller
name: nginx-ingress-controller
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: nginx-ingress
component: controller
replicas: 1
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app: nginx-ingress
component: controller
spec:
nodeSelector:
edgenode: 'true'
dnsPolicy: ClusterFirst
initContainers:
- name: setsysctl
image: busybox
securityContext:
privileged: true
command:
- sh
- -c
- |
sysctl -w net.core.somaxconn=65535
sysctl -w net.ipv4.ip_local_port_range="1024 65535"
sysctl -w net.ipv4.tcp_tw_reuse=1
sysctl -w fs.file-max=1048576
containers:
- name: nginx-ingress-controller
image: "ccr.ccs.tencentyun.com/mirrors/nginx-ingress-controller:v0.34.1"
imagePullPolicy: "IfNotPresent"
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/nginx-ingress-default-backend
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/nginx-ingress-controller
- --v=2
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: metrics
containerPort: 10254
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
hostNetwork: false
serviceAccountName: nginx-ingress
terminationGracePeriodSeconds: 60
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-ingress
component: default-backend
name: nginx-ingress-default-backend
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: nginx-ingress
component: default-backend
replicas: 1
revisionHistoryLimit: 10
template:
metadata:
labels:
app: nginx-ingress
component: default-backend
spec:
nodeSelector:
edgenode: 'true'
containers:
- name: nginx-ingress-default-backend
image: "ccr.ccs.tencentyun.com/mirrors/ingress-defaultbackend-amd64:1.5"
imagePullPolicy: "IfNotPresent"
args:
securityContext:
runAsUser: 65534
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
ports:
- name: http
containerPort: 8080
protocol: TCP
serviceAccountName: nginx-ingress-backend
terminationGracePeriodSeconds: 60
# 腾讯云 nginx-ingress
# 第一步: kubectl create ns nginx-ingress
# 第二部:安装该文件:kubectl apply -f https://gitee.com/ylp657/kubernetes/raw/master/nginx-ingress-deployment.yaml -n nginx-ingress
# 卸载:kubectl delete -f https://gitee.com/ylp657/kubernetes/raw/master/nginx-ingress-deployment.yaml -n nginx-ingress
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手