虫子个人博客

第一题Set configuration context $ kubectl config use-context k8s  Monitor the logs of Pod foobar and Extract log lines corresponding to error file-not-found Write them to /opt/KULM00201/foobar Question weight 5% 1# kubectl logs foobar |grep file-not-found >> /opt/KULM00201/foobar 第二题Set configuration context $ kubectl config use-context k8s List all PVs sorted by name saving the full kubectl output to /opt/KUCC0010/my_volumes . Use kubectl’s own functionally for sorting the output, and do ...

初识kubernetes kubernetes之“Hello World” kubeadm部署k8s集群 安装harbor kubernetes安装dashboard Liveness, Readiness与Startup Probes kubernetes POD控制器 RS与Deployment Service资源 K8s部署Ingress Traefik traefik配置dashboard https访问 Kubernetes部署nginx-ingress使用 Kubernetes的ConfigMap使用 Kubernetes的Secret使用 Kubernetes的Volume使用 Kubernetes的PV、PVC使用 Kubernetes集群的污点与容忍 Kubernetes安全之kubeconfig访问控制 Kubernetes的helm部署 Helm部署dashboard k8s部署prometheus、grafana监控 二进制部署高可用集群 日志收集 k8s监控系统 Spinnaker持续交付 待更新

kubeadm 默认证书为一年，一年过期后，会导致api service不可用，使用过程中会出现：x509: certificate has expired or is not yet valid. 查看集群版本信息# kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:47:53Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"} 查看集群证书过期时间# kubeadm alp ...

资源配置清单CRDRBACConfigMapDaemonSetMiddlewareServiceIngressCRD 自定义资源二次开发能力来扩展 Kubernetes API，通过 CRD 我们可以向 Kubernetes API 中增加新资源类型，而不需要修改 Kubernetes 源码来创建自定义的 API server，该功能大大提高了 Kubernetes 的扩展能力 apiVersion: apiextensions.k8s.io/v1beta1kind: CustomResourceDefinitionmetadata: name: ingressroutes.traefik.containo.usspec: group: traefik.containo.us version: v1alpha1 names: kind: IngressRoute plural: ingressroutes singular: ingressroute scope: Namespaced---apiVersion: apiextensions.k8s.io/v ...

gitlab创建OAuth应用创建一个GitLab OAuth应用程序。使用者密钥和使用者密钥用于授权访问GitLab资源 授权回调URL必须与以下格式和路径匹配，并且必须使用确切的服务器方案和主机 填写名称(name),回调地址(Redirect URI),勾选api与read_user权限 配置gitlab出站请求 gitlab 10.6 版本以后为了安全，不允许向本地网络发送webhook请求，如果想向本地网络发送webhook请求，则需要使用管理员帐号登录配置OutBound Request 使用管理员账号登录 setting => network => Outbound requests Expand-勾选Allow requests to the local network from web hooks and services 创建共享秘密 创建一个共享密钥，以验证runner与drone服务器之间的通信 # openssl rand -hex 16d065db69f7dcc35bd6a0658a9e8b4201 安装drone-server ...

准备资源配置清单 consul.yaml 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384# vim consul.yamlapiVersion: apps/v1kind: StatefulSetmetadata: name: consul namespace: demo labels: app: consul component: serverspec: serviceName: consul replicas: 3 selector: matchLabels: app: consul component: server template: metadata: labels: app: consul component: ...

nfs-client-provisioner,它可以使用现有的和已配置的NFS服务器来通过持久卷声明来动态供应Kubernetes持久卷使用sig-storage-lib-external-provisioner的开发nfs-subdir-external-provisioner进行配置 安装nfs每个slave节点安装nfs 1# yum install -y nfs-utils 安装storage class准备资源清单 rbac 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960apiVersion: v1kind: ServiceAccountmetadata: name: nfs-client-provisioner namespace: kube-system---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata: ...

gitlab配置公钥代码仓库：代码仓库：https://github.com/wq-h/demo-2048.git 创建密钥 123456789101112131415161718# ssh-keygen -t rsa -b 2048 -C "weiqun_h@163.com" -N "" -f /root/.ssh/id_rsaGenerating public/private rsa key pair.Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:lo1dX2Kj+5Z8n7LiICLc9yYJdkhlY9W2YpNsTn/pmrI weiqun_h@163.comThe key's randomart image is:+---[RSA 2048]----+| ... || ...

jenkins集成k8s集群 创建证书 打开~/.kube/config文件 123456789101112复制certificate-authority-data的内容，运行以下命令生成client.crt# echo "<certificate-authority-data>" | base64 -d > ca.crt复制client-certificate-data的内容，运行以下命令生成client.crt# echo "<client-certificate-data>" | base64 -d > client.crt复制client-key-data的内容，运行以下命令生成client.key# echo "<client-key-data>" | base64 -d > client.key再根据前面步骤生成的ca.crt, client.crt和client.key来生成PKCS12格式的cert.pfx以下命令运行时，需要输入4位以上的密码# open ...

使用centos镜像作为yum源挂载iso镜像至mnt目录 # mount -o loop /root/CentOS-7-x86_64-Everything-2009.iso /mntmount: /dev/loop0 is write-protected, mounting read-only# ll /mnt/total 1668-rw-r--r--. 1 root root 14 Oct 30 05:14 CentOS_BuildTagdrwxr-xr-x. 3 root root 2048 Oct 27 00:25 EFI-rw-rw-r--. 17 root root 227 Aug 30 2017 EULA-rw-rw-r--. 17 root root 18009 Dec 10 2015 GPLdrwxr-xr-x. 3 root root 2048 Oct 27 00:26 imagesdrwxr-xr-x. 2 root root 2048 Oct 27 00:25 isolinuxdrwxr-xr-x. 2 ro ...