艾艺的品牌网站设计,设计师网站设计,铜陵58同城做网站,网站模板文件在哪里下载1、亲和和反亲和
node的亲和性和反亲和性pod的亲和性和反亲和性
1.1node的亲和和反亲和
1.1.1ndoeSelector#xff08;node标签亲和#xff09;
#查看node的标签
rootk8s-master1:~# kubectl get nodes --show-labels
#给node节点添加标签
rootk8s-master1:~# kubectl la…1、亲和和反亲和
node的亲和性和反亲和性pod的亲和性和反亲和性
1.1node的亲和和反亲和
1.1.1ndoeSelectornode标签亲和
#查看node的标签
rootk8s-master1:~# kubectl get nodes --show-labels
#给node节点添加标签
rootk8s-master1:~# kubectl label nodes 172.17.1.107 disktypessd
node/172.17.1.107 labeled
rootk8s-master1:~# kubectl get nodes --show-labels |grep ssd
172.17.1.107 Ready node 7d19h v1.22.3 beta.kubernetes.io/archamd64,beta.kubernetes.io/oslinux,disktypessd,kubernetes.io/archamd64,kubernetes.io/hostname172.17.1.107,kubernetes.io/oslinux,kubernetes.io/rolenoderootk8s-master1:/app/yaml/qhx# cat nginx-nodeSelector.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod
spec:containers:- name: nginx-podimage: nginxnodeSelector:disktype: ssd此时pod只会部署在带有disktypessd的这个标签上 删除标签
rootk8s-master1:/app/yaml/qhx# kubectl label nodes 172.17.1.107 disktype-1.1.2 nodeName亲和
通过template中的spec指定nodeName也可以将pod运行在指定的node上
rootk8s-master1:/app/yaml/qhx# cat nginx-nodeName.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod-1
spec:nodeName: 172.17.1.108containers:- name: nginx-podimage: nginx1.1.3Affinity
类似于nodeSelector允许使用者指定一些pod在Node间调度的约束日常支持两种模式
requiredDuringSchedulingIgnoredDuringExecution: 硬性条件满足则调度不满足则不调度
preferedDuringShedulingIgnoreDuringExecution:软性条件不满足的情况下可以往其他不符合要求的node节点调度
IgnoreDuringExecution 如果Pod已经运行,如果标签发生变化不会影响已经运行的pod.
Affinity亲和,anti-affinity反亲和,相对于nodeSelector的功能更强大
标签支持and,还支持in,Notin,Exists,DoesNotExist,Gt,Lt可以设置软匹配和硬匹配在软匹配如果调度器无法匹配节点仍然会将pod调度到其他不符合的节点上去可以对pod定义和策略比如那些pod可以或者不可以被调度到同一个node上
In:标签的值存在列表中NotIn:标签的值不存在指定的匹配列表中Gt标签的值大于某个值字符串Lt:标签的值小于某个值Exists:指定的标签存在
1.1.3.1 硬策略-requiredDuringSchedulingIgnoredDuringExecution
注意:不匹配不会被调度
实例一当matchExpressions只有一个key,只要满足任意调度中的一个value就会被调度到相应的节点上多个条件之间是或的关系
rootk8s-master1:/app/yaml/qhx# cat pod-1.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod-2
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions: #匹配条件1,多个values可以调度- key: disktypeoperator: Invalues:- ssd- hdd- matchExpressions: #匹配条件1,多个matchExpressions加上每个的matchExpressions values只要其中有一个value匹配成功就可以被调度- key: projectoperator: Invalues:- Linux- Pythoncontainers:- name: nginx-podimage: nginxrootk8s-master1:/app/yaml/qhx# kubectl label nodes 172.17.1.108 disktypessd
node/172.17.1.108 labeled
rootk8s-master1:/app/yaml/qhx# kubectl get nodes --show-labels |grep ssd
172.17.1.108 Ready node 9d v1.22.3 beta.kubernetes.io/archamd64,beta.kubernetes.io/oslinux,disktypessd,kubernetes.io/archamd64,kubernetes.io/hostname172.17.1.108,kubernetes.io/oslinux,kubernetes.io/rolenode#此时当172.17.1.108带有disktypessd的标签时就可以被调度了
rootk8s-master1:/app/yaml/qhx# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mypod-1 1/1 Running 1 (45h ago) 46h 10.200.169.153 172.17.1.108 none none
mypod-2 1/1 Running 0 4m54s 10.200.169.154 172.17.1.108 none none实例二、当matchExpressions有多个key时,需要满足所有的key,才会被调度.一个key里多个值可以任意满足一个.
disktype这个key下ssd和hdd只要满足其中一个,那么这个条件即满足
project这个key必须满足disktype和project之间是andssd和hdd之间是or
rootk8s-master1:/app/yaml/qhx# cat pod-2.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod-3
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions: #匹配条件1,多个values可以调度- key: disktypeoperator: Invalues:- ssd- hdd #同个key多个value只要有一个value满足条件就可以了- key: project #当同一个matchExpressions存在多个key时要求多个key的条件同时满足才可以被调度operator: Invalues:- Linux- Pythoncontainers:- name: nginx-podimage: nginxrootk8s-master1:/app/yaml/qhx# kubectl apply -f pod-2.yaml
pod/mypod-3 created
rootk8s-master1:/app/yaml/qhx# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mypod-1 1/1 Running 1 (45h ago) 46h 10.200.169.153 172.17.1.108 none none
mypod-2 1/1 Running 0 19m 10.200.169.154 172.17.1.108 none none
mypod-3 0/1 Pending 0 7s none none none none
rootk8s-master1:/app/yaml/qhx# kubectl describe pod mypod-3
Name: mypod-3
Namespace: default
Priority: 0
Node: none
Labels: none
Annotations: none
Status: Pending
IP:
IPs: none
Containers:nginx-pod:Image: nginxPort: noneHost Port: noneEnvironment: noneMounts:/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-pfjf5 (ro)
Conditions:Type StatusPodScheduled False
Volumes:kube-api-access-pfjf5:Type: Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds: 3607ConfigMapName: kube-root-ca.crtConfigMapOptional: nilDownwardAPI: true
QoS Class: BestEffort
Node-Selectors: none
Tolerations: node.kubernetes.io/not-ready:NoExecute opExists for 300snode.kubernetes.io/unreachable:NoExecute opExists for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Warning FailedScheduling 23s default-scheduler 0/6 nodes are available: 3 node(s) didnt match Pods node affinity/selector, 3 node(s) were unschedulable.#因为172.17.1.108这个节点只满足一个key的要求故pod无法被调度到这个节点rootk8s-master1:/app/yaml/qhx# kubectl label nodes 172.17.1.109 disktypehdd projectLinux
node/172.17.1.109 labeled
rootk8s-master1:/app/yaml/qhx# kubectl get nodes --show-labels |grep 109
172.17.1.109 Ready node 9d v1.22.3 beta.kubernetes.io/archamd64,beta.kubernetes.io/oslinux,disktypehdd,kubernetes.io/archamd64,kubernetes.io/hostname172.17.1.109,kubernetes.io/oslinux,kubernetes.io/rolenode,projectLinux
rootk8s-master1:/app/yaml/qhx# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mypod-1 1/1 Running 1 (46h ago) 46h 10.200.169.153 172.17.1.108 none none
mypod-2 1/1 Running 0 29m 10.200.169.154 172.17.1.108 none none
mypod-3 1/1 Running 0 13s 10.200.107.239 172.17.1.109 none none
rootk8s-master1:/app/yaml/qhx# kubectl describe pod mypod-3
Name: mypod-3
Namespace: default
Priority: 0
Node: 172.17.1.109/172.17.1.109
Start Time: Wed, 31 Jan 2024 15:49:21 0800
Labels: none
Annotations: none
Status: Running
IP: 10.200.107.239
IPs:IP: 10.200.107.239
Containers:nginx-pod:Container ID: docker://19a130c06ea78cd4469fe724096f0bb066896e10c035c30c3553aafd580bf504Image: nginxImage ID: docker-pullable://nginxsha256:4c0fdaa8b6341bfdeca5f18f7837462c80cff90527ee35ef185571e1c327beacPort: noneHost Port: noneState: RunningStarted: Wed, 31 Jan 2024 15:49:27 0800Ready: TrueRestart Count: 0Environment: noneMounts:/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-544dq (ro)
Conditions:Type StatusInitialized TrueReady TrueContainersReady TruePodScheduled True
Volumes:kube-api-access-544dq:Type: Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds: 3607ConfigMapName: kube-root-ca.crtConfigMapOptional: nilDownwardAPI: true
QoS Class: BestEffort
Node-Selectors: none
Tolerations: node.kubernetes.io/not-ready:NoExecute opExists for 300snode.kubernetes.io/unreachable:NoExecute opExists for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 22s default-scheduler Successfully assigned default/mypod-3 to 172.17.1.109Normal Pulling 19s kubelet Pulling image nginxNormal Pulled 16s kubelet Successfully pulled image nginx in 2.972306097sNormal Created 16s kubelet Created container nginx-podNormal Started 16s kubelet Started container nginx-pod 1.1.3.2 软策略-preferedDuringShedulingIgnoreDuringExecution
如果匹配成功则会被调度到指定的Node上即使不匹配也会被调度
实例
rootk8s-master1:/app/yaml/qhx# cat pod-3.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod-4
spec:affinity:nodeAffinity:preferredDuringSchedulingIgnoredDuringExecution:- weight: 80 #权重范围1-100,权重越高越被优先调度preference:matchExpressions:- key: projectoperator: Invalues:- Javacontainers:- name: nginx-podimage: nginx
rootk8s-master1:/app/yaml/qhx# kubectl get nodes --show-labels |grep Java
rootk8s-master1:/app/yaml/qhx# kubectl apply -f pod-3.yaml
pod/mypod-4 created
rootk8s-master1:/app/yaml/qhx# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mypod-1 1/1 Running 1 (46h ago) 46h 10.200.169.153 172.17.1.108 none none
mypod-2 1/1 Running 0 49m 10.200.169.154 172.17.1.108 none none
mypod-3 1/1 Running 0 19m 10.200.107.239 172.17.1.109 none none
mypod-4 1/1 Running 0 13s 10.200.36.96 172.17.1.107 none none1.1.3.3 node软策略和硬策略的综合使用
硬策略是NotIn)反亲和不往master节点调度
软策略是In亲和优先将pod调度到含有标签的node节点如果没有任何node满足pod的标签再根据计算调度到其他节点上
1.2pod的亲和
Pod亲和与反亲和是根据已经运行在node节点上的Pod标签进行匹配的pod标签必须指定namespace
亲和将新创建的pod分配到有这些标签的node上可以减少网络传输的消耗 反亲和创建pod时避免将pod新建到有这些标签的node节点上可以用来做项目资源分配和高可用 Pod亲和与反亲和合法操作符有InNotInExistsDoesNotxist
1.2.1pod之间的亲和
rootk8s-master1:/app/yaml/qhx# kubectl get nodes --show-labels |grep Linux
172.17.1.107 Ready node 9d v1.22.3 beta.kubernetes.io/archamd64,beta.kubernetes.io/oslinux,kubernetes.io/archamd64,kubernetes.io/hostname172.17.1.107,kubernetes.io/oslinux,kubernetes.io/rolenode,projectLinuxrootk8s-master1:/app/yaml/qhx# cat deply-pod1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-deploymentnamespace: webwork
spec:replicas: 1selector:matchLabels:app: nginxproject: Linuxtemplate:metadata:labels:app: nginxproject: Linuxspec:containers:- name: nginximage: nginx:latestports:- containerPort: 80#此时pod被调度到含有projectLinux标签上的node节点上了
rootk8s-master1:/app/yaml/qhx# kubectl get pod -n webwork -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-55b448df4c-94bbl 1/1 Running 0 16s 10.200.36.99 172.17.1.107 none none
redis-deploy-79bb95b948-hhjtc 1/1 Running 5 (46h ago) 6d20h 10.200.107.237 172.17.1.109 none none1.2.2 pod间的软限制-preferredDuringSchedulingIgnoredDuringExecution
实例将nginx pod部署到命名空间为webwork中含有标签project值为webwork的pod一起
rootk8s-master1:/app/yaml/qhx# cat deply-pod3.yaml
rootk8s-master1:/app/yaml/qhx# cat deply-pod3.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nginxnamespace: webwork
spec:replicas: 3selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:affinity:podAffinity:preferredDuringSchedulingIgnoredDuringExecution:- weight: 100podAffinityTerm:labelSelector:matchExpressions:- key: projectoperator: Invalues:- LinuxtopologyKey: kubernetes.io/hostnamenamespaces:- webworkcontainers:- name: nginximage: nginx:latestports:- containerPort: 80rootk8s-master1:/app/yaml/qhx# kubectl get pod -o wide -n webwork --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
nginx-6fd5f8f696-65wtq 1/1 Running 0 9m41s 10.200.107.254 172.17.1.109 none none appnginx,pod-template-hash6fd5f8f696
nginx-6fd5f8f696-8gg5t 1/1 Running 0 9m41s 10.200.107.252 172.17.1.109 none none appnginx,pod-template-hash6fd5f8f696
nginx-6fd5f8f696-cg6k7 1/1 Running 0 9m41s 10.200.107.253 172.17.1.109 none none appnginx,pod-template-hash6fd5f8f696
nginx-deployment-7f6b97fd7f-lxksl 1/1 Running 0 53m 10.200.107.243 172.17.1.109 none none appnginx,pod-template-hash7f6b97fd7f,projectLinux
nginx-deployment-test-655f96f4c7-qtw5b 1/1 Running 0 51m 10.200.36.107 172.17.1.107 none none appnginx,pod-template-hash655f96f4c71.2.3 pod间的硬限制-requiredDuringSchedulingIgnoredDuringExecution
将nginx Pod的亲和到Namespace为wework标签为project值为wework的Pod的同一个Node上如果Node上资源不足或匹配失败则无法创建此Pod
rootk8s-master1:/app/yaml/qhx# cat deply-pod4.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-1namespace: webwork
spec:replicas: 3selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxcity: beijingspec:affinity:podAffinity:requiredDuringSchedulingIgnoredDuringExecution:- labelSelector:matchExpressions:- key: projectoperator: Invalues:- LinuxtopologyKey: kubernetes.io/hostnamenamespaces:- webworkcontainers:- name: nginximage: nginx:latestports:- containerPort: 80#现象因pod的硬限制无法被调度
rootk8s-master1:/app/yaml/qhx# kubectl describe pod nginx-1-f7ffc7d7-7x97n -n webwork
Name: nginx-1-f7ffc7d7-7x97n
Namespace: webwork
Priority: 0
Node: none
Labels: appnginxcitybeijingpod-template-hashf7ffc7d7
Annotations: none
Status: Pending
IP:
IPs: none
Controlled By: ReplicaSet/nginx-1-f7ffc7d7
Containers:nginx:Image: nginx:latestPort: 80/TCPHost Port: 0/TCPEnvironment: noneMounts:/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-vtl74 (ro)
Conditions:Type StatusPodScheduled False
Volumes:kube-api-access-vtl74:Type: Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds: 3607ConfigMapName: kube-root-ca.crtConfigMapOptional: nilDownwardAPI: true
QoS Class: BestEffort
Node-Selectors: none
Tolerations: node.kubernetes.io/not-ready:NoExecute opExists for 300snode.kubernetes.io/unreachable:NoExecute opExists for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Warning FailedScheduling 57s default-scheduler 0/6 nodes are available: 3 node(s) didnt match pod affinity rules, 3 node(s) were unschedulable.
1.3pod的反亲和
1.3.1硬限制–requiredDuringSchedulingIgnoredDuringExecution
实例将nginx Pod的亲和到Namespace为wework标签为project值为wework的Pod的不在同一个Node上如果Node上资源不足或匹配失败则无法创建此Pod
rootk8s-master1:/app/yaml/qhx# cat deply-pod5.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nginx-1namespace: webwork
spec:replicas: 3selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxcity: beijingspec:affinity:podAntiAffinity:requiredDuringSchedulingIgnoredDuringExecution:- labelSelector:matchExpressions:- key: projectoperator: Invalues:- LinuxtopologyKey: kubernetes.io/hostnamenamespaces:- webworkcontainers:- name: nginximage: nginx:latestports:- containerPort: 801.3.2软限制
rootk8s-master1:/app/yaml/qhx# cat deply-pod6.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: nginxnamespace: webwork
spec:replicas: 3selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:affinity:podAntiAffinity:preferredDuringSchedulingIgnoredDuringExecution:- weight: 100podAffinityTerm:labelSelector:matchExpressions:- key: projectoperator: Invalues:- LinuxtopologyKey: kubernetes.io/hostnamenamespaces:- webworkcontainers:- name: nginximage: nginx:latestports:- containerPort: 80
文章转载自: http://www.morning.kqbjy.cn.gov.cn.kqbjy.cn http://www.morning.fslrx.cn.gov.cn.fslrx.cn http://www.morning.qrqcr.cn.gov.cn.qrqcr.cn http://www.morning.smtrp.cn.gov.cn.smtrp.cn http://www.morning.fhxrb.cn.gov.cn.fhxrb.cn http://www.morning.clpdm.cn.gov.cn.clpdm.cn http://www.morning.xrsqb.cn.gov.cn.xrsqb.cn http://www.morning.mkpkz.cn.gov.cn.mkpkz.cn http://www.morning.brcdf.cn.gov.cn.brcdf.cn http://www.morning.xtgzp.cn.gov.cn.xtgzp.cn http://www.morning.xdwcg.cn.gov.cn.xdwcg.cn http://www.morning.bkpbm.cn.gov.cn.bkpbm.cn http://www.morning.cljmx.cn.gov.cn.cljmx.cn http://www.morning.mczjq.cn.gov.cn.mczjq.cn http://www.morning.mtxrq.cn.gov.cn.mtxrq.cn http://www.morning.nlywq.cn.gov.cn.nlywq.cn http://www.morning.wmfr.cn.gov.cn.wmfr.cn http://www.morning.tqpds.cn.gov.cn.tqpds.cn http://www.morning.jksgy.cn.gov.cn.jksgy.cn http://www.morning.ykxnp.cn.gov.cn.ykxnp.cn http://www.morning.nzsdr.cn.gov.cn.nzsdr.cn http://www.morning.5-73.com.gov.cn.5-73.com http://www.morning.xrwtk.cn.gov.cn.xrwtk.cn http://www.morning.crtgd.cn.gov.cn.crtgd.cn http://www.morning.rkfgx.cn.gov.cn.rkfgx.cn http://www.morning.lclpj.cn.gov.cn.lclpj.cn http://www.morning.rlns.cn.gov.cn.rlns.cn http://www.morning.rythy.cn.gov.cn.rythy.cn http://www.morning.ylklr.cn.gov.cn.ylklr.cn http://www.morning.snrhg.cn.gov.cn.snrhg.cn http://www.morning.srcth.cn.gov.cn.srcth.cn http://www.morning.ngmjn.cn.gov.cn.ngmjn.cn http://www.morning.yxlpj.cn.gov.cn.yxlpj.cn http://www.morning.ypcbm.cn.gov.cn.ypcbm.cn http://www.morning.lqljj.cn.gov.cn.lqljj.cn http://www.morning.jcyyh.cn.gov.cn.jcyyh.cn http://www.morning.kqwsy.cn.gov.cn.kqwsy.cn http://www.morning.kqxng.cn.gov.cn.kqxng.cn http://www.morning.nzqqd.cn.gov.cn.nzqqd.cn http://www.morning.mzwqt.cn.gov.cn.mzwqt.cn http://www.morning.nchlk.cn.gov.cn.nchlk.cn http://www.morning.nhlyl.cn.gov.cn.nhlyl.cn http://www.morning.rqdx.cn.gov.cn.rqdx.cn http://www.morning.prfrb.cn.gov.cn.prfrb.cn http://www.morning.pdmc.cn.gov.cn.pdmc.cn http://www.morning.cwlxs.cn.gov.cn.cwlxs.cn http://www.morning.mbdbe.cn.gov.cn.mbdbe.cn http://www.morning.ntyks.cn.gov.cn.ntyks.cn http://www.morning.mfnsn.cn.gov.cn.mfnsn.cn http://www.morning.yydzk.cn.gov.cn.yydzk.cn http://www.morning.dblgm.cn.gov.cn.dblgm.cn http://www.morning.rfhwc.cn.gov.cn.rfhwc.cn http://www.morning.mprtj.cn.gov.cn.mprtj.cn http://www.morning.ntzfl.cn.gov.cn.ntzfl.cn http://www.morning.grxyx.cn.gov.cn.grxyx.cn http://www.morning.rcqyk.cn.gov.cn.rcqyk.cn http://www.morning.stpkz.cn.gov.cn.stpkz.cn http://www.morning.mfzyn.cn.gov.cn.mfzyn.cn http://www.morning.njfgl.cn.gov.cn.njfgl.cn http://www.morning.fwlch.cn.gov.cn.fwlch.cn http://www.morning.cjxqx.cn.gov.cn.cjxqx.cn http://www.morning.jgnjl.cn.gov.cn.jgnjl.cn http://www.morning.rqhbt.cn.gov.cn.rqhbt.cn http://www.morning.tqdqc.cn.gov.cn.tqdqc.cn http://www.morning.mwnch.cn.gov.cn.mwnch.cn http://www.morning.nzqmw.cn.gov.cn.nzqmw.cn http://www.morning.jybj.cn.gov.cn.jybj.cn http://www.morning.mqtzd.cn.gov.cn.mqtzd.cn http://www.morning.lkxzb.cn.gov.cn.lkxzb.cn http://www.morning.thxfn.cn.gov.cn.thxfn.cn http://www.morning.yjfmj.cn.gov.cn.yjfmj.cn http://www.morning.zsgbt.cn.gov.cn.zsgbt.cn http://www.morning.yfrlk.cn.gov.cn.yfrlk.cn http://www.morning.pbzgj.cn.gov.cn.pbzgj.cn http://www.morning.qxlhj.cn.gov.cn.qxlhj.cn http://www.morning.yjdql.cn.gov.cn.yjdql.cn http://www.morning.nfbxgtj.com.gov.cn.nfbxgtj.com http://www.morning.jfmyt.cn.gov.cn.jfmyt.cn http://www.morning.rcntx.cn.gov.cn.rcntx.cn http://www.morning.nlgnk.cn.gov.cn.nlgnk.cn
