一、部署準備
說明:全部的容器組都運行在kube-system 命名空間
本文參考https://github.com/kubernetes/autoscaler
因爲官方維護的版本在現有的部署環境出現問題因此下面作了一些修改及變動不影響總體效果
同時vpa只做爲學習使用,生產環境可能會出現一些未知問題,它會從新建立pod 可能業務會出現短暫的中斷
二、準備相關yaml
git clone https://github.com/kubernetes/autoscaler
cd autoscaler/vertical-pod-autoscaler/deploy/
## 刪除沒用的crd
rm -rf vpa-beta2-crd.yaml vpa-crd.yaml vpa-beta-crd.yaml
三、建立admission-controller 使用證書
cd autoscaler/vertical-pod-autoscaler/deploy/
cat << EOF | tee /apps/work/k8s/cfssl/k8s/vpa_webhook.json
{
"CN": "vpa-webhook.kube-system.svc",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF
cfssl gencert -ca=/apps/work/k8s/cfssl/pki/k8s/k8s-ca.pem -ca-key=/apps/work/k8s/cfssl/pki/k8s/k8s-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes /apps/work/k8s/cfssl/k8s/vpa_webhook.json | cfssljson -bare ./vpa_webhook
### 重命名證書
cp /opt/k8s/cfssl/pki/k8s/k8s-ca.pem ./caCert.pem
mv vpa_webhook.pem serverCert.pem
mv vpa_webhook-key.pem serverKey.pem
### 建立 secret
kubectl create secret --namespace=kube-system generic vpa-tls-certs --from-file=caCert.pem --from-file=serverKey.pem --from-file=serverCert.pem
kubectl get secret -n kube-system | grep vpa-tls-certs
kubectl get secret vpa-tls-certs -n kube-system -o yaml
四、修改yaml
4.一、vpa-rbac
vi vpa-rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:metrics-reader
rules:
- apiGroups:
- "metrics.k8s.io"
resources:
- pods
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:vpa-actor
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- limitranges
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- apiGroups:
- "poc.autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- patch
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:vpa-checkpoint-actor
rules:
- apiGroups:
- "poc.autoscaling.k8s.io"
resources:
- verticalpodautoscalercheckpoints
verbs:
- get
- list
- watch
- create
- patch
- delete
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalercheckpoints
verbs:
- get
- list
- watch
- create
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:evictioner
rules:
- apiGroups:
- "extensions"
resources:
- replicasets
verbs:
- get
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:metrics-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-reader
subjects:
- kind: ServiceAccount
name: vpa-recommender
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:vpa-actor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:vpa-actor
subjects:
- kind: ServiceAccount
name: vpa-recommender
namespace: kube-system
- kind: ServiceAccount
name: vpa-updater
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:vpa-checkpoint-actor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:vpa-checkpoint-actor
subjects:
- kind: ServiceAccount
name: vpa-recommender
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:vpa-target-reader
rules:
- apiGroups:
- ""
resources:
- replicationcontrollers
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:vpa-target-reader-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:vpa-target-reader
subjects:
- kind: ServiceAccount
name: vpa-recommender
namespace: kube-system
- kind: ServiceAccount
name: vpa-admission-controller
namespace: kube-system
- kind: ServiceAccount
name: vpa-updater
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:vpa-evictionter-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:evictioner
subjects:
- kind: ServiceAccount
name: vpa-updater
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vpa-admission-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:admission-controller
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
- nodes
- limitranges
verbs:
- get
- list
- watch
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- mutatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- apiGroups:
- "poc.autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:admission-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:admission-controller
subjects:
- kind: ServiceAccount
name: vpa-admission-controller
namespace: kube-system
4.二、vpa-v1-crd
vi vpa-v1-crd.yaml
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: verticalpodautoscalers.autoscaling.k8s.io
spec:
group: autoscaling.k8s.io
scope: Namespaced
names:
plural: verticalpodautoscalers
singular: verticalpodautoscaler
kind: VerticalPodAutoscaler
shortNames:
- vpa
version: v1beta1
versions:
- name: v1beta1
served: true
storage: false
- name: v1beta2
served: true
storage: true
- name: v1
served: true
storage: false
validation:
# openAPIV3Schema is the schema for validating custom objects.
openAPIV3Schema:
properties:
spec:
required: []
properties:
targetRef:
type: object
updatePolicy:
properties:
updateMode:
type: string
resourcePolicy:
properties:
containerPolicies:
type: array
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: verticalpodautoscalercheckpoints.autoscaling.k8s.io
spec:
group: autoscaling.k8s.io
scope: Namespaced
names:
plural: verticalpodautoscalercheckpoints
singular: verticalpodautoscalercheckpoint
kind: VerticalPodAutoscalerCheckpoint
shortNames:
- vpacheckpoint
version: v1beta1
versions:
- name: v1beta1
served: true
storage: false
- name: v1beta2
served: true
storage: true
- name: v1
served: true
storage: false
4.三、admission-controller-deployment
vi admission-controller-deployment.yaml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: vpa-admission-controller
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: vpa-admission-controller
spec:
serviceAccountName: vpa-admission-controller
containers:
- name: admission-controller
image: juestnow/vpa-admission-controller:0.5.0
imagePullPolicy: Always
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: tls-certs
mountPath: "/etc/tls-certs"
readOnly: true
resources:
limits:
cpu: 200m
memory: 500Mi
requests:
cpu: 50m
memory: 200Mi
ports:
- name: vpa-webhook
containerPort: 8000
- name: http-metrics
containerPort: 8944
volumes:
- name: tls-certs
secret:
secretName: vpa-tls-certs
---
apiVersion: v1
kind: Service
metadata:
name: vpa-webhook
namespace: kube-system
labels:
k8s-app: vpa-admission-controller
spec:
ports:
- name: vpa-webhook
port: 443
targetPort: 8000
- name: http-metrics
port: 8944
protocol: TCP
selector:
app: vpa-admission-controller
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: vpa-admission-controller
namespace: monitoring
spec:
endpoints:
- interval: 15s
port: http-metrics
namespaceSelector:
matchNames:
- kube-system
selector:
matchLabels:
k8s-app: vpa-admission-controller
4.四、updater-deployment
vi updater-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vpa-updater
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: vpa-updater
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: vpa-updater
spec:
serviceAccountName: vpa-updater
containers:
- name: updater
image: juestnow/vpa-updater:0.5.0
imagePullPolicy: Always
resources:
limits:
cpu: 200m
memory: 1000Mi
requests:
cpu: 50m
memory: 500Mi
ports:
- name: http-metrics
containerPort: 8943
---
apiVersion: v1
kind: Service
metadata:
name: vpa-updater
namespace: kube-system
labels:
k8s-app: vpa-updater
spec:
clusterIP: None
ports:
- name: http-metrics
port: 8943
protocol: TCP
selector:
app: vpa-updater
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: vpa-updater
namespace: monitoring
spec:
endpoints:
- interval: 15s
port: http-metrics
namespaceSelector:
matchNames:
- kube-system
selector:
matchLabels:
k8s-app: vpa-updater
4.五、recommender-deployment
vi recommender-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vpa-recommender
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: vpa-recommender
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: vpa-recommender
spec:
serviceAccountName: vpa-recommender
containers:
- name: recommender
image: juestnow/vpa-recommender:0.5.0
imagePullPolicy: Always
args:
- "--v=4"
- "--stderrthreshold=info"
- "--storage=prometheus"
- "--prometheus-address=http://prometheus-k8s.monitoring.svc:9090"
- "--prometheus-cadvisor-job-name=kubelet"
resources:
limits:
cpu: 200m
memory: 1000Mi
requests:
cpu: 50m
memory: 500Mi
ports:
- name: http-metrics
containerPort: 8942
---
apiVersion: v1
kind: Service
metadata:
name: vpa-recommender
namespace: kube-system
labels:
k8s-app: vpa-recommender
spec:
clusterIP: None
ports:
- name: http-metrics
port: 8942
protocol: TCP
selector:
app: vpa-recommender
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: vpa-recommender
namespace: monitoring
spec:
endpoints:
- interval: 15s
port: http-metrics
namespaceSelector:
matchNames:
- kube-system
selector:
matchLabels:
k8s-app: vpa-recommender
#### 說明已對vpa-recommender 容器 從新封裝了官方容器有一些問題
五、執行yaml 建立vpa 相關服務
kubectl apply -f .
六、驗證vpa 服務是否建立正常
[root@jenkins deploy]# kubectl api-versions| grep autoscaling.k8s
autoscaling.k8s.io/v1
autoscaling.k8s.io/v1beta2
[root@jenkins deploy]# kubectl get pods -n kube-system -o wide | grep vpa
vpa-admission-controller-79d7cdfc9c-9t7m6 1/1 Running 1 14d 10.65.2.106 nginx-1 <none> <none>
vpa-recommender-5fd87bcbb6-wbgvj 1/1 Running 1 14d 10.65.2.107 nginx-1 <none> <none>
vpa-updater-794499ddc8-hcnrv 1/1 Running 1 14d 10.65.2.104 nginx-1 <none> <none>
[root@jenkins deploy]# kubectl get service -n kube-system | grep vpa
vpa-webhook ClusterIP 10.64.220.134 <none> 443/TCP 14d
http://10.65.2.106:8944/metrics
能夠看到vpa-admission-controller 監控 指標
http://10.65.2.104:8943/metrics
vpa-updater 監控指標
http://10.65.2.107:8942/metrics
vpa_recommender 監控指標接口
[root@jenkins kubernetes-monitor]# kubectl get vpa
No resources found.
7 建立測試項目測試vpa
vim nginx.yaml
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: my-rec-vpa
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: nginx-controller
updatePolicy:
updateMode: "Auto"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-controller
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
resources:
requests:
cpu: 100m
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: nginx-controller
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginx
kubectl apply -f nginx.yaml
驗證 項目部署是否成功
[root@jenkins vpa]# kubectl get pod | grep nginx
nginx-controller-7f548944c-lh89n 0/1 Terminating 0 75m
nginx-controller-7f548944c-znwpt 1/1 Running 0 75m
[root@jenkins vpa]# kubectl get service | grep nginx
nginx-controller ClusterIP 10.64.32.252 <none> 80/TCP 76m
http://10.64.32.252/
[root@jenkins vpa]# kubectl get vpa
NAME AGE
my-rec-vpa 2m56s
[root@jenkins vpa]# kubectl describe vpa my-rec-vpa
Name: my-rec-vpa
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"autoscaling.k8s.io/v1beta1","kind":"VerticalPodAutoscaler","metadata":{"annotations":{},"name":"my-rec-vpa","namespace":"de...
API Version: autoscaling.k8s.io/v1
Kind: VerticalPodAutoscaler
Metadata:
Creation Timestamp: 2019-06-27T02:47:31Z
Generation: 10
Resource Version: 14368055
Self Link: /apis/autoscaling.k8s.io/v1/namespaces/default/verticalpodautoscalers/my-rec-vpa
UID: e88c46af-9885-11e9-85e9-525400b41cf0
Spec:
Target Ref:
API Version: apps/v1
Kind: Deployment
Name: nginx-controller
Update Policy:
Update Mode: Auto
Status:
Conditions:
Last Transition Time: 2019-06-27T02:47:37Z
Status: True
Type: RecommendationProvided
Recommendation:
Container Recommendations:
Container Name: nginx
Lower Bound:
Cpu: 25m
Memory: 262144k
Target:
Cpu: 25m
Memory: 262144k
Uncapped Target:
Cpu: 25m
Memory: 262144k
Upper Bound:
Cpu: 1595m
Memory: 1667500k
Events: <none>
kubectl get pod -o wide | grep nginx-controller
[root@jenkins vpa]# kubectl get pod -o wide | grep nginx-controller
nginx-controller-7f548944c-xm79w 1/1 Running 0 33s 10.65.2.133 nginx-1 <none> <none>
nginx-controller-7f548944c-znwpt 1/1 Running 0 86m 10.65.5.21 node04 <none> <none>
[root@jenkins vpa]# kubectl describe pod nginx-controller-7f548944c-znwpt
Name: nginx-controller-7f548944c-znwpt
Namespace: default
Node: node04/192.168.2.167
Start Time: Thu, 27 Jun 2019 09:33:16 +0800
Labels: app=nginx
pod-template-hash=7f548944c
Annotations: podpreset.admission.kubernetes.io/podpreset-allow-lxcfs-tz-env: 13290360
Status: Running
IP: 10.65.5.21
Controlled By: ReplicaSet/nginx-controller-7f548944c
Containers:
nginx:
Container ID: docker://547c23db018073756b7e2266d01ad431a3e78bb05fb5edadc51202401548a79f
Image: nginx:latest
Image ID: docker-pullable://nginx@sha256:bdbf36b7f1f77ffe7bd2a32e59235dff6ecf131e3b6b5b96061c652f30685f3a
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Thu, 27 Jun 2019 09:36:43 +0800
Ready: True
Restart Count: 0
Requests:
cpu: 100m### 默認yaml 值
memory: 50Mi ### 默認yaml 值
Environment: <none>
Mounts:
/etc/localtime from allow-tz-env (rw)
/proc/cpuinfo from proc-cpuinfo (rw)
/proc/diskstats from proc-diskstats (rw)
/proc/meminfo from proc-meminfo (rw)
/proc/stat from proc-stat (rw)
/proc/swaps from proc-swaps (rw)
/proc/uptime from proc-uptime (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-7b8ng (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
proc-cpuinfo:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/cpuinfo
HostPathType:
proc-diskstats:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/diskstats
HostPathType:
proc-meminfo:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/meminfo
HostPathType:
proc-stat:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/stat
HostPathType:
proc-swaps:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/swaps
HostPathType:
proc-uptime:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/uptime
HostPathType:
allow-tz-env:
Type: HostPath (bare host directory volume)
Path: /usr/share/zoneinfo/Asia/Shanghai
HostPathType:
default-token-7b8ng:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-7b8ng
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/memory-pressure:NoSchedule
node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events: <none>
等待一段時間
再次
kubectl get pod -o wide | grep nginx-controller
[root@jenkins vpa]# kubectl get pod -o wide | grep nginx-controller
nginx-controller-7f548944c-8mknl 1/1 Running 0 2m27s 10.65.2.146 nginx-1 <none> <none>
nginx-controller-7f548944c-mcg49 1/1 Running 0 3m30s 10.65.5.35 node04 <none> <none>
POD name 已經改變
再次執行
kubectl describe pod nginx-controller-7f548944c-8mknl
[root@jenkins vpa]# kubectl describe pod nginx-controller-7f548944c-8mknl
Name: nginx-controller-7f548944c-8mknl
Namespace: default
Node: nginx-1/192.168.2.186
Start Time: Thu, 27 Jun 2019 11:37:53 +0800
Labels: app=nginx
pod-template-hash=7f548944c
Annotations: podpreset.admission.kubernetes.io/podpreset-allow-lxcfs-tz-env: 13290360
vpaUpdates: Pod resources updated by my-rec-vpa: container 0: cpu request, memory request
Status: Running
IP: 10.65.2.146
Controlled By: ReplicaSet/nginx-controller-7f548944c
Containers:
nginx:
Container ID: docker://46efdddab5036df39e2c0f8044804e022159f09b0e4ac42c8c9591922f8d5263
Image: nginx:latest
Image ID: docker-pullable://nginx@sha256:bdbf36b7f1f77ffe7bd2a32e59235dff6ecf131e3b6b5b96061c652f30685f3a
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Thu, 27 Jun 2019 11:37:58 +0800
Ready: True
Restart Count: 0
Requests:
cpu: 25m
memory: 262144k
Environment: <none>
Mounts:
/etc/localtime from allow-tz-env (rw)
/proc/cpuinfo from proc-cpuinfo (rw)
/proc/diskstats from proc-diskstats (rw)
/proc/meminfo from proc-meminfo (rw)
/proc/stat from proc-stat (rw)
/proc/swaps from proc-swaps (rw)
/proc/uptime from proc-uptime (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-7b8ng (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
proc-cpuinfo:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/cpuinfo
HostPathType:
proc-diskstats:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/diskstats
HostPathType:
proc-meminfo:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/meminfo
HostPathType:
proc-stat:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/stat
HostPathType:
proc-swaps:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/swaps
HostPathType:
proc-uptime:
Type: HostPath (bare host directory volume)
Path: /var/lib/lxcfs/proc/uptime
HostPathType:
allow-tz-env:
Type: HostPath (bare host directory volume)
Path: /usr/share/zoneinfo/Asia/Shanghai
HostPathType:
default-token-7b8ng:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-7b8ng
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/memory-pressure:NoSchedule
node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m20s default-scheduler Successfully assigned default/nginx-controller-7f548944c-8mknl to nginx-1
Normal Pulling 3m4s kubelet, nginx-1 Pulling image "nginx:latest"
Normal Pulled 3m kubelet, nginx-1 Successfully pulled image "nginx:latest"
Normal Created 3m kubelet, nginx-1 Created container nginx
Normal Started 2m59s kubelet, nginx-1 Started container nginx
cpu 內存已經修改成vpa 推薦數值