Sunday Blog

人生是一场刻意练习

Kube Prometheus 监控Scheduler Controller Manager

Kube Prometheus Scheduler Controller Manager

监控scheduler和controller-manager 问题 kube-prometheus安装后,我们可以看到监控指标大部分的配置都是正

Posted by BlueFat on Sunday, November 29, 2020

Kubernetes Network Policies 网络策略

Kubernetes Network Policies

https://kubernetes.io/docs/concepts/services-networking/network-policies/ Network Policy提供了基于策略的网络控制,用于隔离应用并减少攻击面。它使用标签选择器模拟传统的分段网络,并通过策略控制它们之间的流量以及来自

Posted by BlueFat on Wednesday, November 25, 2020

Kubernetes Metrics Server

Kubernetes Metrics Server

metrics-server github release wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml 修改镜像 command中增加 --kubelet-insecure-tls 关闭证书认证 spec: containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls image: k8s-gcr.m.daocloud.io/metrics-server/metrics-server:v0.6.1 [root@master1 ~]# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% master1 784m 20% 2040Mi 61% master2 792m 20% 2155Mi 65% master3 896m 23% 2242Mi 67% node1

Posted by BlueFat on Tuesday, November 24, 2020

Containerd Mirrors 加速

Containerd Mirrors

containerd 使用https://docker.mirrors.ustc.edu.cn加速 抽风403 FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code

Posted by BlueFat on Monday, November 23, 2020

Kubernetes nfs动态storageclass

nfs安装 yum install -y nfs-utils systemctl start nfs-server mkdir /data/nfs/k8s -p echo "/data/nfs *(rw,sync,no_subtree_check,no_root_squash)" > /etc/exports exportfs -r systemctl reload nfs-server 静态持久卷 cat <<EOF | kubectl apply -f - apiVersion: v1 kind: PersistentVolume metadata: name: nfs-pv spec: capacity: storage: 5Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Recycle storageClassName: nfs-slow mountOptions: - hard - nfsvers=4.1 nfs: path: /data/nfs/k8s server: 192.168.10.228 EOF cat <<EOF

Posted by BlueFat on Monday, November 23, 2020

Kubernetes DiskPressure 磁盘压力

Kubernets Diskpressure

[Kubernetes 文官方档-节点压力驱逐]https://kubernetes.io/zh/docs/concepts/scheduling-evictio

Posted by BlueFat on Wednesday, November 18, 2020

使用Rook搭建Ceph集群

Rook

在容器世界中,无状态是一个核心原则,然而我们始终需要保存数据,并提供给他人进行访问。所以就需要一个方案用于保持数据,以备重启之需。 在 Kubernetes 中,P

Posted by BlueFat on Tuesday, November 17, 2020

Kubernetes Dashboard 创建只读用户Token

Kubernetes Dashboard Viewonly Token

创建kubernetes dashboard只读用户token kind: ClusterRole metadata: name: admin-viewonly rules: - apiGroups: - "" resources: - configmaps - endpoints - persistentvolumeclaims - pods - replicationcontrollers - replicationcontrollers/scale - serviceaccounts - services - nodes - persistentvolumeclaims - persistentvolumes verbs: - get - list - watch

Posted by BlueFat on Wednesday, October 28, 2020

Kubernetes RBAC认证 ServiceAccount、Dashboard

Kubernetes Rbac Serviceaccount

简介 简介摘自Kubernetes权威指南 RBAC(Role-Based Access Control,基于角色的访问控制)在Kubernetes的1.5版

Posted by BlueFat on Wednesday, October 28, 2020

Docker基础

Docker Use

查看Docker版本 [root@k8s-master01 ~]# docker version Client: Docker Engine - Community Version: 20.10.7 API version: 1.40 Go version: go1.13.15 Git commit: f0df350 Built: Wed Jun 2 11:58:10 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 19.03.15 API version: 1.40 (minimum version 1.12) Go version: go1.13.15 Git commit: 99e3ed8919 Built: Sat Jan 30 03:16:33 2021 OS/Arch: linux/amd64

Posted by BlueFat on Saturday, October 24, 2020

Calico Ipip 切换为 Vxlan

Calico Ipip to Vxlan

https://projectcalico.docs.tigera.io/getting-started/kubernetes/installation/config-options https://projectcalico.docs.tigera.io/networking/vxlan-ipip calico_backend: “bird"修改为calico_backend: “vxlan” $ kubectl edit cm -nkube-system calico-config calico_backend: vxlan 禁用IP,开启VXLAN,禁止bird-liv

Posted by BlueFat on Tuesday, September 22, 2020

Kubernetes-dashboard Ingress SSL证书配置

Dashboard Ingress

删除已安装 删除已安装kubernetes-dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml kubectl delete -f recommended.yaml 申请证书 可以使用cert-manager申请三个月免费证书,此工具可

Posted by BlueFat on Thursday, September 17, 2020

使用 cert-manager 为 DNSPod 的域名签发免费证书

Cert Manager

cert-manager是一个云原生证书管理开源工具,用于在Kubernetes集群中提供HTTPS证书并自动续期。以下示例介绍了如何使用c

Posted by BlueFat on Wednesday, September 16, 2020

Ingress Nginx

Ingress Nginx

https://kubernetes.github.io/ingress-nginx/ Install https://kubernetes.github.io/ingress-nginx/deploy/ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm search repo ingress-nginx helm pull ingress-nginx/ingress-nginx tar xf ingress-nginx-4.3.0.tgz cd ingress-nginx # 修改后 vim values.yaml # false -> true hostNetwork: true # ClusterFirst -> ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet # Deployment -> DaemonSet kind: DaemonSet # LoadBalancer -> ClusterIP type: ClusterIP # 指定标签 代码行292-294 nodeSelector: nodeSelector: kubernetes.io/os: linux ingress:

Posted by BlueFat on Thursday, July 16, 2020

企业级镜像仓库 Harbor 的安装与配置

Harbor

官方地址 https://github.com/goharbor/harbor 安装 docker 17.03.0-ce+ and docker-compose 1.18.0+ 安装Docker https://docs.docker.com/engine/install/centos/ sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine \ podman \ runc sudo yum install -y yum-utils sudo yum-config-manager \ --add-repo \ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sudo sed -i 's@download.docker.com@mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin 安装Do

Posted by BlueFat on Monday, February 10, 2020

avatar

开心的蓝胖

QUICK LINKS
FEATURED TAGS
ansible bash calico containerd docker firewalld flannel grpc https iptables keepalived kernel kubernetes linux lvs mysql network nginx prometheus python rabbitmq rocketmq shell sort ssh tcp tcpdump ubuntu ufw 性能 排序 正则表达式 算法 递归 闭包
FRIENDS