Sunday Blog

人生是一场刻意练习

Kubernetes监控kube-prometheus使用

Kube Prometheus

kube-prometheus github 部署 git clone https://github.com/prometheus-operator/kube-prometheus.git cd kube-prometheus git checkout v0.11.0 # 切换kubernetes兼容版本 首先创建需要的命名空间和 CRDs,等待它们可用后再创建其余资源 kubectl apply --server-side -f manifests/setup kubectl wait \ --for condition=Established

Posted by BlueFat on Friday, November 25, 2022

Kubernetes EFK日志收集

Kubernetes Es Logging

上传镜像(可选) export tag=7.17.3 images=( docker.elastic.co/elasticsearch/elasticsearch:${tag} docker.elastic.co/kibana/kibana:${tag} docker.elastic.co/beats/filebeat:${tag} ) # 上传至harhar export https_proxy="192.168.10.250:7890" # 代理 for image in ${images[@]}; do skopeo copy docker://${image} docker://registry.sundayhk.com/elastic/${image#*/}; done 部署Elasticsearch helm及添加storageC

Posted by BlueFat on Wednesday, November 23, 2022

Kubernetes Note

Kubernetes Note

微服务的容器服务都应该使用 StatefulSet 而不是 Deployment 使用 preStop 和 readinessProbe 保证服务平滑更新不中断 通常对于常规分布式微服务业务系统来说,StatefulSet 的顺序性保证

Posted by BlueFat on Wednesday, November 16, 2022

Kubernetes 常用命令

Kubernetes Command

# 缩容 kubectl scale -n kube-system deployment coredns --replicas=1 # 设置污点 kubectl taint node master node-role.kubernetes.io/master="":NoSchedule # 取消污点 kubectl taint node master1 node-role.kubernetes.io/master- deployment daemonset 回滚 kubectl rollout history daemonset -n kube-system fluentd-elasticsearch kubectl rollout undo --to-revision=1 daemonset -n kube-system fluentd-elasticsearch

Posted by BlueFat on Wednesday, November 16, 2022

Kubernetes 1.24 二进制高可用集群安装

Kubernetes Binary Build High Availability

生产环境中,建议使用版本大于5的Kubernetes版本,如1.24.6 系统:CentOS 7.5 K8S:1.24.6 containerd: v1.6.4 calico: 1.24 集群环境 hostname IP/VIP software k8s-master01 192.168.1.171 e

Posted by BlueFat on Tuesday, May 17, 2022

Kubeadm搭建高可用Kubernetes v1.23.5集群

Kubeadm Builds High Availability Kubernetes

基础环境配置 IP地址 主机名 服务 配置 192.168.1.171 k8s-01 k8s-master、containerd、keepalived、nginx 2c4g 192.168.1.172 k8s-02 k8s-master

Posted by BlueFat on Tuesday, May 17, 2022

Kubernetes使用 OpenEBS 实现 Local PV 动态持久化存储

Openebs

仅限开发测试使用 OpenEBS安装条件 # 安装 iscsi yum install iscsi-initiator-utils -y # 查看 InitiatorName 是否正常配置 cat /etc/iscsi/initiatorname.iscsi # 启动查看状态 systemctl enable --now iscsid systemctl start iscsid.service systemctl status iscsid.service openebs quickstart 安装方式 方式一 helm helm repo add openebs

Posted by BlueFat on Thursday, January 20, 2022

Nodelocaldns 导致 Coredns hosts 失效

Coredns Host Invalid

问题:coredns configmap 添加hosts不起作用 coredns: 10.233.0.3 nodelocaldns: 169.254.25.10 kubectl edit configmap coredns -n kube-system apiVersion: v1 data: Corefile: | .:53 { errors health { lameduck 5s } log ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } ## 添加部分 hosts { 192.168.10.220 rancher.sundayhk.com 192.168.10.220 ha.sundayhk.com fallthrough

Posted by BlueFat on Wednesday, November 17, 2021

安装Kuboard管理Kubernetes集群

Kuboard

https://kuboard.cn/install/v3-upgrade.html#%E5%A6%82%E6%9E%9C%E4%BB%A5-docker-run-%E8%BF%90%E8%A1%8C-kuboard 安装方式 Kuboard 作为多个集群的管理界面应该独立于任何集群之外 建议docker运行 Kuboard, 不建议安装在有业务的Kubernetes集群中 停止已有 kuboard 容器 docker

Posted by BlueFat on Friday, May 21, 2021

Kubespray 离线安装配置

Kubespray Offline

https://github.com/kubernetes-sigs/kubespray/blob/master/docs/offline-environment.md 背景 在国内使用 kubespray 安装 Kubernetes 集群,下载依赖的文件和镜像时,往往会遇到下载失败,这时我们可以利用 kubespray 离线安装配置的能力来部署集群。 准备工作 要想离线安

Posted by BlueFat on Tuesday, May 11, 2021

使用Kubespray 部署Kubernetes集群

Kubespray

介绍 Kubespray是一个安装k8s集群的工具,kuberspray对比kubeadm更加简洁内部集成了kubeadm与ansible,通

Posted by BlueFat on Tuesday, May 11, 2021

Kube Prometheus 监控 Etcd

Kube Prometheus Etcd

监控外部Etcd 导入etcd证书 kubectl -n monitoring create secret generic etcd-certs \ --from-file=ca.pem=/etc/ssl/etcd/ssl/ca.pem \ --from-file=etcd.pem=/etc/ssl/etcd/ssl/admin-master1.pem \ --from-file=etcd-key.pem=/etc/ssl/etcd/ssl/admin-master1-key.pem prometheus挂载etcd-certs cd /root/kube-prometheus/manifests/ vim prometheus-prometheus.yaml spec: ... secrets: - etcd-certs kubectl apply -f prometheus-prometheus.yaml 验证 [root@master1 manifests]# kubectl exec

Posted by BlueFat on Sunday, November 29, 2020

Kube Prometheus 监控Scheduler Controller Manager

Kube Prometheus Scheduler Controller Manager

监控scheduler和controller-manager 问题 kube-prometheus安装后,我们可以看到监控指标大部分的配置都是正

Posted by BlueFat on Sunday, November 29, 2020

Kubernetes Network Policies 网络策略

Kubernetes Network Policies

https://kubernetes.io/docs/concepts/services-networking/network-policies/ Network Policy提供了基于策略的网络控制,用于隔离应用并减少攻击面。它使用标签选择器模拟传统的分段网络,并通过策略控制它们之间的流量以及来自

Posted by BlueFat on Wednesday, November 25, 2020

Kubernetes Metrics Server

Kubernetes Metrics Server

metrics-server github release wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml 修改镜像 command中增加 --kubelet-insecure-tls 关闭证书认证 spec: containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls image: k8s-gcr.m.daocloud.io/metrics-server/metrics-server:v0.6.1 [root@master1 ~]# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% master1 784m 20% 2040Mi 61% master2 792m 20% 2155Mi 65% master3 896m 23% 2242Mi 67% node1

Posted by BlueFat on Tuesday, November 24, 2020

avatar

开心的蓝胖

QUICK LINKS
FEATURED TAGS
ansible bash calico containerd docker grpc https kernel kubernetes linux lvs mysql network nginx prometheus python rabbitmq rocketmq shell sort ssh tcp tcpdump 性能 排序 正则表达式 算法 递归 闭包
FRIENDS