东营利津网站建设,做网站应该注意什么,如何用dw建立网站,五力合一营销型网站建设系统------ 课程视频同步分享在今日头条和B站
大家好#xff0c;我是博哥爱运维。
学习这些枯燥难懂的知识点#xff0c;最好的方式就是利用实战内容进行讲解。在第12关 精通K8s下的Ingress-Nginx控制器#xff1a;生产环境实战配置指南中#xff0c;我们部署了ingress-n…------ 课程视频同步分享在今日头条和B站
大家好我是博哥爱运维。
学习这些枯燥难懂的知识点最好的方式就是利用实战内容进行讲解。在第12关 精通K8s下的Ingress-Nginx控制器生产环境实战配置指南中我们部署了ingress-nginx-controller对于这个服务的yaml配置里面就完美贴合了这节课我们要讲的所有内容包含了亲和性、反亲和性、污点、容忍和节点选择器的使用后面我们在其他生产服务上使用依葫芦画瓢即可。
---
apiVersion: apps/v1
kind: DaemonSet
#kind: Deployment
metadata:name: nginx-ingress-controllernamespace: kube-systemlabels:app: ingress-nginxannotations:component.revision: 2component.version: 1.9.3
spec:# Deployment need:# ----------------
# replicas: 1# ----------------selector:matchLabels:app: ingress-nginxtemplate:metadata:labels:app: ingress-nginxannotations:prometheus.io/port: 10254prometheus.io/scrape: truespec:# DaemonSet need:# ----------------hostNetwork: true# ----------------affinity:podAntiAffinity: #反亲和性preferredDuringSchedulingIgnoredDuringExecution:- podAffinityTerm:labelSelector:matchExpressions:- key: appoperator: Invalues:- ingress-nginxtopologyKey: kubernetes.io/hostnameweight: 100nodeAffinity: #节点亲和性requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: typeoperator: NotInvalues:- virtual-kubelet- key: k8s.aliyun.comoperator: NotInvalues:- truecontainers:- args:- /nginx-ingress-controller- --election-idingress-controller-leader-nginx- --ingress-classnginx- --watch-ingress-without-class- --controller-classk8s.io/ingress-nginx- --configmap$(POD_NAMESPACE)/nginx-configuration- --tcp-services-configmap$(POD_NAMESPACE)/tcp-services- --udp-services-configmap$(POD_NAMESPACE)/udp-services- --annotations-prefixnginx.ingress.kubernetes.io- --publish-service$(POD_NAMESPACE)/nginx-ingress-lb- --validating-webhook:8443- --validating-webhook-certificate/usr/local/certificates/cert- --validating-webhook-key/usr/local/certificates/key- --enable-metricsfalse- --v2env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: LD_PRELOADvalue: /usr/local/lib/libmimalloc.soimage: registry-cn-hangzhou.ack.aliyuncs.com/acs/aliyun-ingress-controller:v1.9.3-aliyun.1imagePullPolicy: IfNotPresentlifecycle:preStop:exec:command:- /wait-shutdownlivenessProbe:failureThreshold: 5httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10timeoutSeconds: 1successThreshold: 1name: nginx-ingress-controllerports:- name: httpcontainerPort: 80protocol: TCP- name: httpscontainerPort: 443protocol: TCP- name: webhookcontainerPort: 8443protocol: TCPreadinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 10periodSeconds: 10timeoutSeconds: 1successThreshold: 1
# resources:
# limits:
# cpu: 1
# memory: 2G
# requests:
# cpu: 1
# memory: 2GsecurityContext:allowPrivilegeEscalation: truecapabilities:drop:- ALLadd:- NET_BIND_SERVICErunAsUser: 101# if get mount: mounting rw on /proc/sys failed: Permission denied, use:
# privileged: true
# procMount: Default
# runAsUser: 0volumeMounts:- name: webhook-certmountPath: /usr/local/certificates/readOnly: true- mountPath: /etc/localtimename: localtimereadOnly: truednsPolicy: ClusterFirstinitContainers:- command:- /bin/sh- -c- |if [ $POD_IP ! $HOST_IP ]; thenmount -o remount rw /proc/syssysctl -w net.core.somaxconn65535sysctl -w net.ipv4.ip_local_port_range1024 65535sysctl -w kernel.core_uses_pid0fienv:- name: POD_IPvalueFrom:fieldRef:apiVersion: v1fieldPath: status.podIP- name: HOST_IPvalueFrom:fieldRef:apiVersion: v1fieldPath: status.hostIPimage: registry.cn-shanghai.aliyuncs.com/acs/busybox:v1.29.2imagePullPolicy: IfNotPresentname: init-sysctlresources:limits:cpu: 100mmemory: 70Mirequests:cpu: 100mmemory: 70MisecurityContext:capabilities:add:- SYS_ADMINdrop:- ALL# if get mount: mounting rw on /proc/sys failed: Permission denied, use:privileged: trueprocMount: DefaultrunAsUser: 0# choose node with set this label running# kubectl label node xx.xx.xx.xx boge/ingress-controller-readytrue# kubectl get node --show-labels# kubectl label node xx.xx.xx.xx boge/ingress-controller-ready-nodeSelector: #节点选择器boge/ingress-controller-ready: truepriorityClassName: system-node-criticalrestartPolicy: AlwaysschedulerName: default-schedulersecurityContext: {}serviceAccount: ingress-nginxserviceAccountName: ingress-nginxterminationGracePeriodSeconds: 300# 污点# kubectl taint nodes xx.xx.xx.xx boge/ingress-controller-readytrue:NoExecute# kubectl taint nodes xx.xx.xx.xx boge/ingress-controller-ready:NoExecute-# 容忍tolerations:- operator: Exists
# tolerations:
# - effect: NoExecute
# key: boge/ingress-controller-ready
# operator: Equal
# value: truevolumes:- name: webhook-certsecret:defaultMode: 420secretName: ingress-nginx-admission- hostPath:path: /etc/localtimetype: Filename: localtime---
