平静的海530
平静的海530

k8s之环境部署

一,环境部署简介

1,kubeadm方式进行部署

master主机
	--api-server
	--controller-manager
	--scheduler
	--etcd
	--flannel
	--coredns
	--kube-proxy

node主机
	-- kubelet
	-- kube-proxy	
	-- flannel

基础环境
	-- docker

依赖环境
	-- docker仓库(harbor)


2,主机安排
	
	master1 10.10.10.12
	master2 10.10.10.13
	master3 10.10.10.14
	node1 10.10.10.15
	node2 10.10.10.16
	ha1 10.10.10.17
	ha2 10.10.10.18
	harbor 10.10.10.19

二,部署前准备工作

1,修改主机名

在每台主机的/etc/hosts文件中加入下面内容
vim /etc/hosts

10.0.0.12master1.whp.com master1
10.0.0.13 master2.whp.com master2
10.0.0.14 master3.whp.com master3
10.0.0.15 node1.whp.com node1
10.0.0.16 node2.whp.com node2
10.0.0.17 ha1.whp.com ha1
10.0.0.18 ha2 whp.com ha2
10.0.0.19 register.whp.com register

[root@localhost ~]# hostnamectl set-hostname master1
[root@localhost ~]# ssh [email protected] "hostnamectl set-hostname node1"
[root@localhost ~]# ssh [email protected] "hostnamectl set-hostname node2"
[root@localhost ~]# ssh [email protected] "hostnamectl set-hostname register"

[root@localhost ~]# exec /bin/bash
[root@localhost ~]# ssh [email protected] "/bin/bash"
[root@localhost ~]# ssh [email protected] "/bin/bash"
[root@localhost ~]# ssh [email protected] "/bin/bash"

2,关闭交换分区


临时关闭	
swapoff -a
[root@master1 ~]# ssh [email protected] "swapoff -a"
[root@master1 ~]# ssh [email protected] "swapoff -a"
永久关闭
sed -i 's/.*swap.*/#&/' /etc/fstab
[root@master1 ~]# ssh [email protected] "sed -i 's/.*swap.*/#&/' /etc/fstab"
[root@master1 ~]# ssh [email protected] "sed -i 's/.*swap.*/#&/' /etc/fstab"

内核关闭
cat >> /etc/sysctl.d/k8s.conf << EOF
vm.swappiness=0
#配置转发
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF



[root@localhost ~]# sysctl -p /etc/sysctl.d/k8s.conf
[root@localhost ~]# modprobe br_netfilter
[root@localhost ~]# modprobe overlay

三,环境部署

1,安装docker(所有节点都安装)
	wget -qO- https://get.docker.com/ |sh

2,安装harbor
	
	(1),下载离线安装包(2.3.2版本)
	https://github.com/goharbor/harbor/releases?page=2
	
	(2),把下载好的安装包上传到10.0.0.19上
	[root@register softs]# ls
	harbor-offline-installer-v2.3.2.tgz

	(3),安装docker-compose(harbor依赖docker-compose)
	[root@register harbor]# yum install docker-compose -y

	(4),解压harbor离线安装包到对应目录
	[root@register softs]# tar xf harbor-offline-installer-v2.3.2.tgz -C /usr/local/

	(5),配置harbor
		[root@register harbor]# cd /usr/local/harbor/
		加载镜像:
		[root@register harbor]# docker load < harbor.v2.3.2.tar.gz


	[root@register harbor]# docker images
	REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
	goharbor/harbor-exporter        v2.3.2    37f41f861e77   4 months ago   81.1MB
	goharbor/chartmuseum-photon     v2.3.2    ad5cd42a4977   4 months ago   179MB
	goharbor/redis-photon           v2.3.2    812c6f5c260b   4 months ago   155MB
	goharbor/trivy-adapter-photon   v2.3.2    3f07adb2e138   4 months ago   130MB
	goharbor/notary-server-photon   v2.3.2    49aadd974d6d   4 months ago   110MB
	goharbor/notary-signer-photon   v2.3.2    6051589deaf9   4 months ago   108MB
	goharbor/harbor-registryctl     v2.3.2    0e551984a22c   4 months ago   133MB
	goharbor/registry-photon        v2.3.2    193d952b4f10   4 months ago   81.9MB
	goharbor/nginx-photon           v2.3.2    83bd32904c30   4 months ago   45MB
	goharbor/harbor-log             v2.3.2    dae52c0f300e   4 months ago   159MB
	goharbor/harbor-jobservice      v2.3.2    5841788c17a4   4 months ago   211MB
	goharbor/harbor-core            v2.3.2    cf6ad69c2dd4   4 months ago   193MB
	goharbor/harbor-portal          v2.3.2    4f68bc2f0a41   4 months ago   58.2MB
	goharbor/harbor-db              v2.3.2    3cc534e09148   4 months ago   227MB
	goharbor/prepare                v2.3.2    c2bd99a13157   4 months ago   252MB


	修改配置:
	[root@register harbor]# cp harbor.yml.tmpl harbor.yml
	[root@register harbor]# vim harbor.yml
	修改如下配置:
	34:harbor_admin_password: 123456
	47:data_volume: /data/harbor
	如果没有启用https,注释掉相关部分的内容


	3,启动harbor
	[root@register harbor]# ./prepare 
	[root@register harbor]# ./install.sh

	4,编辑服务启动文件
	
	vim /usr/lib/systemd/system/harbor.service
	
	[Unit]
	Description=Harbar
	After=docker.service systemd-networkd.service systemd-resolved.service
	Requires=docker.service
	Documentation=http://github.com/vmware/harbor
	
	[Service]
	Type=simple
	Restart=on-failure
	RestartSec=5
	
	ExecStart=/usr/bin/docker-compose -f /usr/local/harbor/docker-compose.yml up
	ExecStop=/usr/bin/docker-compose -f /usr/local/harbor/docker-compose.yml down

k8s之环境部署_第1张图片

4,创建普通用户
	whp,密码Whp@123456

k8s之环境部署_第2张图片

3,kubeadm方式安装kubenetes

参考资料:https://developer.aliyun.com/mirror/kubernetes

配置yum源
	cat < /etc/yum.repos.d/kubernetes.repo
	[kubernetes]
	name=Kubernetes
	baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
	enabled=1
	gpgcheck=1
	repo_gpgcheck=1
	gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg 	https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
	EOF
setenforce 0
查看有哪些版本
[root@master1 ~]# yum list kubelet --showduplicates
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * epel: mirrors.bfsu.edu.cn
 * extras: mirrors.163.com
 * remi-safe: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.163.com
已安装的软件包
kubelet.x86_64                                                      1.22.1-0                                                       @kubernetes
可安装的软件包
kubelet.x86_64                                                      1.5.4-0                                                        kubernetes 
kubelet.x86_64                                                      1.5.4-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.0-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.0-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.1-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.1-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.2-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.2-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.3-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.3-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.4-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.4-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.5-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.5-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.6-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.6-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.7-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.7-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.8-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.8-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.9-0                                                        kubernetes 
kubelet.x86_64                                                      1.6.9-1                                                        kubernetes 
kubelet.x86_64                                                      1.6.10-0                                                       kubernetes 
kubelet.x86_64                                                      1.6.10-1                                                       kubernetes 
kubelet.x86_64                                                      1.6.11-0                                                       kubernetes 
kubelet.x86_64                                                      1.6.11-1                                                       kubernetes 
kubelet.x86_64                                                      1.6.12-0                                                       kubernetes 
kubelet.x86_64                                                      1.6.12-1                                                       kubernetes 
kubelet.x86_64                                                      1.6.13-0                                                       kubernetes 
           
yum install kubelet-1.22.1-0 kubeadm-1.22.1-0 kubectl-1.22.1-0 -y
systemctl enable kubelet && systemctl start kubelet


启动kubelet报错:
E0218 01:01:38.663049   20525 server.go:302] "Failed to run kubelet" err="failed to run Kubelet: misconfiguration: kubelet cgroup driver: \"cgroupfs\" is different from docker cgroup driver: \"systemd\""

原因:kubelet的cgroup driver和docker的cgroup driver不一致,当前kubelet的cgroup driver 是"systemd”,而kubelet的cgroup driver是"cgroupfs"
解决办法:修改kubelet的cgroup driver为"systemd”


报错:
 master1 kubelet: E0306 22:45:08.261618    2617 server.go:206] "Failed to load kubelet config file" err="failed to load Kubelet config file /vn /var/lib/kubelet/config.yaml: no such file or directory" path="/var/lib/kubelet/config.yaml"


初始化master
可以通过配置文件的方式来初始化master,我们需要手动修改一些文件中的配置项,来使集群被初始化成我们想要的样子。
初始化方法1:

[root@node2 ~]#  kubeadm init --kubernetes-version=1.22.1 --apiserver-advertise-address=10.0.0.12 --image-repository 10.0.0.19:80/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=Swap
[init] Using Kubernetes version: v1.22.1
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local node2] and IPs [10.96.0.1 10.0.0.12]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost node2] and IPs [10.0.0.12 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost node2] and IPs [10.0.0.12 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 12.505301 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.22" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node node2 as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node node2 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: zkd4kn.5acfjbqhh88kqytj
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.0.12:6443 --token nh5cu9.us4lj0kydwlef92t \
--discovery-token-ca-cert-hash sha256:b56b1420c2b0de21c209de11bc3ab7ca2d20a5aee7a42599e9683c413b5e1069 

初始化方法2:
生成初始化文件
kubeadm config print init-defaults > init.config.yaml
 修改init.config.yaml文件

将advertiseAddress: 1.2.3.4修改为本机IP地址 10.0.0.12
将imageRepository: k8s.gcr.io修改为imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers , 这里是修改成阿里云的仓库。
修改节点名称,如果不修改就是默认的’node' 
修改podSubnet,如果采用calico作为网络插件,需要改为192.168.0.0/16


	[root@node1 ~]#  kubeadm init --config=init.config.yaml
	[init] Using Kubernetes version: v1.22.0
	[preflight] Running pre-flight checks
	error execution phase preflight: [preflight] Some fatal errors occurred:
		[ERROR NumCPU]: the number of available CPUs 1 is less than the required 2
	[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
	To see the stack trace of this error execute with --v=5 or higher
	[root@node1 ~]#  kubeadm init --config=init.config.yaml
	[init] Using Kubernetes version: v1.22.0
	[preflight] Running pre-flight checks
	[preflight] Pulling images required for setting up a Kubernetes cluster
	[preflight] This might take a minute or two, depending on the speed of your internet connection
	[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
	[certs] Using certificateDir folder "/etc/kubernetes/pki"
	[certs] Generating "ca" certificate and key
	[certs] Generating "apiserver" certificate and key
	[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master1] and IPs [10.96.0.1 10.0.0.12]
	[certs] Generating "apiserver-kubelet-client" certificate and key
	[certs] Generating "front-proxy-ca" certificate and key
	[certs] Generating "front-proxy-client" certificate and key
	[certs] Generating "etcd/ca" certificate and key
	[certs] Generating "etcd/server" certificate and key
	[certs] etcd/server serving cert is signed for DNS names [localhost master1] and IPs [10.0.0.12 127.0.0.1 ::1]
	[certs] Generating "etcd/peer" certificate and key
	[certs] etcd/peer serving cert is signed for DNS names [localhost master1] and IPs [10.0.0.12 127.0.0.1 ::1]
	[certs] Generating "etcd/healthcheck-client" certificate and key
	[certs] Generating "apiserver-etcd-client" certificate and key
	[certs] Generating "sa" key and public key
	[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
	[kubeconfig] Writing "admin.conf" kubeconfig file
	[kubeconfig] Writing "kubelet.conf" kubeconfig file
	[kubeconfig] Writing "controller-manager.conf" kubeconfig file
	[kubeconfig] Writing "scheduler.conf" kubeconfig file
	[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
	[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
	[kubelet-start] Starting the kubelet
	[control-plane] Using manifest folder "/etc/kubernetes/manifests"
	[control-plane] Creating static Pod manifest for "kube-apiserver"
	[control-plane] Creating static Pod manifest for "kube-controller-manager"
	[control-plane] Creating static Pod manifest for "kube-scheduler"
	[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
	[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
	[apiclient] All control plane components are healthy after 11.506754 seconds
	[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
	[kubelet] Creating a ConfigMap "kubelet-config-1.22" in namespace kube-system with the configuration for the kubelets in the cluster
	[upload-certs] Skipping phase. Please see --upload-certs
	[mark-control-plane] Marking the node master1 as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
	[mark-control-plane] Marking the node master1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
	[bootstrap-token] Using token: abcdef.0123456789abcdef
	[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
	[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
	[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
	[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
	[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
	[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
	[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
	[addons] Applied essential addon: CoreDNS
	[addons] Applied essential addon: kube-proxy
	
	Your Kubernetes control-plane has initialized successfully!
	
	To start using your cluster, you need to run the following as a regular user:
	
	  mkdir -p $HOME/.kube
	  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	  sudo chown $(id -u):$(id -g) $HOME/.kube/config
	
	Alternatively, if you are the root user, you can run:
	
	  export KUBECONFIG=/etc/kubernetes/admin.conf
	
	You should now deploy a pod network to the cluster.
	Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
	  https://kubernetes.io/docs/concepts/cluster-administration/addons/
	
	Then you can join any number of worker nodes by running the following on each as root:
	
	kubeadm join 10.0.0.12:6443 --token abcdef.0123456789abcdef \
		--discovery-token-ca-cert-hash sha256:c75c40197c8bc74c81f3fe6f6e06653fe2310878e232c8ba0b430f2f44b52154

	[root@master1 ~]# ls -al /var/lib/kubelet/
	总用量 20
	drwxr-xr-x.  8 root root  208 3月   6 23:14 .
	drwxr-xr-x. 34 root root 4096 3月   6 23:09 ..
	-rw-r--r--.  1 root root  893 3月   6 23:09 config.yaml   **# 生成了config.yaml文件,此时再去启动kubelet就不会再报错了**
	-rw-------.  1 root root   62 2月  18 02:45 cpu_manager_state
	drwxr-xr-x.  2 root root   45 3月   6 23:09 device-plugins
	-rw-r--r--.  1 root root  166 3月   6 23:09 kubeadm-flags.env
	-rw-------.  1 root root   61 2月  18 02:45 memory_manager_state
	drwxr-xr-x.  2 root root  124 3月   6 23:09 pki
	drwxr-x---.  2 root root    6 2月  18 02:45 plugins
	drwxr-x---.  2 root root    6 2月  18 02:45 plugins_registry
	drwxr-x---.  2 root root   26 3月   6 23:09 pod-resources
	drwxr-x---.  7 root root  210 3月   6 23:09 pods


	执行提示中的命令:
	To start using your cluster, you need to run the following as a regular user:

	  mkdir -p $HOME/.kube
	  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	  sudo chown $(id -u):$(id -g) $HOME/.kube/config
	
	Alternatively, if you are the root user, you can run:
	
	  export KUBECONFIG=/etc/kubernetes/admin.conf 



[root@node2 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
controller-manager   Healthy     ok                                                                                            
etcd-0               Healthy     {"health":"true","reason":""}                                                                 
[root@node2 ~]# vim /etc/kubernetes/
admin.conf               kubelet.conf             pki/                     
controller-manager.conf  manifests/               scheduler.conf           
[root@node2 ~]# vim /etc/kubernetes/manifests/

[root@node2 ~]# vim /etc/kubernetes/manifests/kube-scheduler.yaml 
将- --port=0 这行注释掉,上面scheduler            Unhealthy就会恢复正常

[root@node2 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE                         ERROR
scheduler            Healthy   ok                              
controller-manager   Healthy   ok                              
etcd-0               Healthy   {"health":"true","reason":""}  

查看节点状态
[root@node2 ~]# kubectl get nodes
NAME    STATUS     ROLES                  AGE   VERSION
node2   NotReady   control-plane,master   10m   v1.22.1

因为还没有安装网络插件

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
到这地址上面去下载kube-flannel.yml文件

[root@node2 flannel]# kubectl apply -f kube-flannel.yml 
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created


[root@node2 flannel]# kubectl get node
NAME    STATUS   ROLES                  AGE   VERSION
node2   Ready    control-plane,master   32m   v1.22.1



添加node节点到集群(10.0.0.15,10.0.0.16)
首先两个节点也需要安装docker,kubelet,kubeadm 安装方法跟master节点一样

[root@node1 ~]# kubeadm join 10.0.0.12:6443 --token zkd4kn.5acfjbqhh88kqytj \
> --discovery-token-ca-cert-hash sha256:40987a81b9407d434bf4c57fc2ef29bae1b58015e30bc56057381dde1162ee2f

[preflight] Running pre-flight checks
	[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster

节点添加成功后在master节点执行kubectl get nodes 命令显示如下内容说明节点创建成功
[root@master1 flannel]# kubectl get nodes
NAME      STATUS   ROLES                  AGE   VERSION
master1   Ready    control-plane,master   26m   v1.22.1
node1     Ready                     15m   v1.22.1
node2     Ready                     22s   v1.22.1

四,命令实践

1,kubectl get 的常见用法

[root@master1 flannel]# kubectl get cs #查看master节点kubernetes核心组件的状态
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE                         ERROR
scheduler            Healthy   ok                              
controller-manager   Healthy   ok                              
etcd-0               Healthy   {"health":"true","reason":""} 

[root@master1 flannel]# kubectl get nodes  # 查看kubernetes集群中各个节点的状态
NAME      STATUS   ROLES                  AGE     VERSION
master1   Ready    control-plane,master   33m     v1.22.1
node1     Ready                     22m     v1.22.1
node2     Ready                     7m32s   v1.22.1

[root@master1 flannel]# kubectl get ns    # 查看namespace的信息
NAME              STATUS   AGE
default           Active   33m
kube-node-lease   Active   33m
kube-public       Active   33m
kube-system       Active   33m

[root@master1 flannel]# kubectl get pod -n kube-system  # 查看具体某个namespace里面的信息
NAME                              READY   STATUS    RESTARTS   AGE
coredns-fd5877b89-q5ns4           1/1     Running   0          35m
coredns-fd5877b89-qmsdj           1/1     Running   0          35m
etcd-master1                      1/1     Running   0          35m
kube-apiserver-master1            1/1     Running   0          35m
kube-controller-manager-master1   1/1     Running   0          35m
kube-flannel-ds-kwptj             1/1     Running   0          9m27s
kube-flannel-ds-sh7bn             1/1     Running   0          24m
kube-flannel-ds-txdww             1/1     Running   0          27m
kube-proxy-94dk2                  1/1     Running   0          24m
kube-proxy-pcr2n                  1/1     Running   0          9m27s
kube-proxy-z2vqr                  1/1     Running   0          35m
kube-scheduler-master1            1/1     Running   0          28m

2,命令tab补全配置

[root@master1 flannel]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@master1 flannel]# source ~/.bashrc

3,污点处理

	k8s主节点默认是不作为工作节点参与任务调度的,它只负责管理k8s集群
	
	[root@master1 ~]# kubectl describe nodes master
	Name:               master1
	Roles:              control-plane,master
	Labels:             beta.kubernetes.io/arch=amd64
	                    beta.kubernetes.io/os=linux
	                    kubernetes.io/arch=amd64
	                    kubernetes.io/hostname=master1
	                    kubernetes.io/os=linux
	                    node-role.kubernetes.io/control-plane=
	                    node-role.kubernetes.io/master=
	                    node.kubernetes.io/exclude-from-external-load-balancers=
	Annotations:        flannel.alpha.coreos.com/backend-data: null
	                    flannel.alpha.coreos.com/backend-type: host-gw
	                    flannel.alpha.coreos.com/kube-subnet-manager: true
	                    flannel.alpha.coreos.com/public-ip: 10.10.10.12
	                    kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
	                    node.alpha.kubernetes.io/ttl: 0
	                    volumes.kubernetes.io/controller-managed-attach-detach: true
	CreationTimestamp:  Sun, 06 Mar 2022 22:13:50 +0800
	Taints:             node-role.kubernetes.io/master:NoSchedule  # NoSchedule 定义次节点不参与工作调度,

假如工作节点资源不够,希望master节点也承担一部分业务负载改如何处理?


	清除master上面的污点
	[root@master1 ~]# kubectl taint nodes --all node-role.kubernetes.io/master-node/master untainted

	重新给master添加污点
	[root@master1 ~]# kubectl taint nodes master node-role.kubernetes.io/master:NoSchedule

4,token处理

token默认有效时间是24小时

[root@master1 ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
nh5cu9.us4lj0kydwlef92t   22h         2022-03-07T14:13:52Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

5,node的隔离与恢复

node的隔离与恢复有几种方式:

通过kubectl的子命令:
[root@master1 flannel]# kubectl cordon node1  (cordon将node1节点隔离起来,不再参与调度)
node/node1 cordoned
[root@master1 flannel]# kubectl get nodes
NAME      STATUS                     ROLES                  AGE   VERSION
master1   Ready                      control-plane,master   68m   v1.22.1
node1     Ready,SchedulingDisabled                    57m   v1.22.1
node2     Ready                                       42m   v1.22.1
[root@master1 flannel]# kubectl uncordon node1 (uncordon将node1节点解除隔离起来)
node/node1 uncordoned
[root@master1 flannel]# kubectl get nodes
NAME      STATUS   ROLES                  AGE   VERSION
master1   Ready    control-plane,master   69m   v1.22.1
node1     Ready                     58m   v1.22.1
node2     Ready                     43m   v1.22.1


通过编写配置文件的方式:
后续补充

6,node节点删除

五,dashboard安装配置

参考资料:https://kubernetes.io/docs/concepts/cluster-administration/addons/
				  https://github.com/kubernetes/dashboard#kubernetes-dashboard

下载镜像:k8s-dashboard-v2.3.1.tar

[root@master1 softs]# docker load < k8s-dashboard-v2.3.1.tar 
8ca79a390046: Loading layer [==================================================>]  223.1MB/223.1MB
c94f86b1c637: Loading layer [==================================================>]  3.072kB/3.072kB
Loaded image: 10.0.0.19:80/google_containers/dashboard:v2.3.1
6de384dd3099: Loading layer [==================================================>]  34.55MB/34.55MB
a652c34ae13a: Loading layer [==================================================>]  3.584kB/3.584kB
Loaded image: 10.0.0.19:80/google_containers/metrics-scraper:v1.0.6

把镜像推送到10.0.0.19私有仓库
docker push 10.0.0.19:80/google_containers/dashboard:v2.3.1
docker push 10.0.0.19:80/google_containers/metrics-scraper:v1.0.6

下载recommended.yaml 文件
[root@master1 dashboard]# wget 	https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

修改recommended.yaml 
			把镜像仓库地址改为私有harbor仓库地址
          image: 10.0.0.19:80/google_containers/dashboard:v2.3.1 
          image: 10.0.0.19:80/google_containers/metrics-scraper:v1.0.6
         
         spec:
			  ports:
			    - port: 443
			      targetPort: 8443
			      nodePort: 30443   #新增      
			  type: NodePort			#新增  新增这个参数可以在所有节点上都开启一个端口用于dashboard访问
			  selector:
			    k8s-app: kubernetes-dashboard

安装dashboard

[root@master1 dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created

[root@master1 dashboard]# kubectl get all -n kubernetes-dashboard

NAME                                             READY   STATUS              RESTARTS   AGE
pod/dashboard-metrics-scraper-5ccc9dd85b-plxvj   0/1     ContainerCreating   0          64s
pod/kubernetes-dashboard-856748fbb8-w5dcq        0/1     ContainerCreating   0          64s

NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.105.183.187           8000/TCP        64s
service/kubernetes-dashboard        NodePort    10.103.243.29            443:30443/TCP   75s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   0/1     1            0           64s
deployment.apps/kubernetes-dashboard        0/1     1            0           64s

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-5ccc9dd85b   1         1         0       64s
replicaset.apps/kubernetes-dashboard-856748fbb8        1         1         0       64s

dashboard启动失败,查看信息发现状态为ImagePullBackOff 
[root@master1 softs]# kubectl get pods --namespace=kubernetes-dashboard
NAME                                         READY   STATUS             RESTARTS   AGE
dashboard-metrics-scraper-5ccc9dd85b-plxvj   0/1     ImagePullBackOff   0          18m
kubernetes-dashboard-856748fbb8-w5dcq        0/1     ImagePullBackOff   0          18m

失败原因是10.0.0.19 上面harbor服务没有正常启动,重新启动一下harbor服务后就正常了
[root@master1 data]# kubectl get pods --namespace=kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-5ccc9dd85b-plxvj   1/1     Running   0          45m
kubernetes-dashboard-856748fbb8-w5dcq        1/1     Running   0          45m

k8s之环境部署_第3张图片

创建专用服务账号

[root@master1 data]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created

使用集群角色绑定

[root@master1 data]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

查看创建的token

[root@master1 data]# kubectl -n kube-system get secret |grep dashboard-admin
dashboard-admin-token-2nwtj                      kubernetes.io/service-account-token   3      5m31s

查看token具体信息

[root@master1 data]# kubectl describe secret -n kube-system dashboard-admin-token-2nwtj
Name:         dashboard-admin-token-2nwtj
Namespace:    kube-system
Labels:       
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 31869c7b-6895-4b25-9eb3-5890ee391574

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlJGSVJQWUQxQ29NWFJSQ3UtZ3hfck9sd1cwN19YeHRBeWYxQmJlLXVydFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tMm53dGoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzE4NjljN2ItNjg5NS00YjI1LTllYjMtNTg5MGVlMzkxNTc0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Zep7pznKvivKT6rGAu7cNgTj4DzCcSel9DOLQFEKGr74T2uwGF6CDVdN4dCOlhiN2ZWsU2WEZNdQGrdzaSOUy9OdeBZ1jrF2IwcOls615dIkZNKX1dFhR4_7gYpjZjs_5OMcYk6S2ZXRD7kkkwChKVr1IaP60sLNx0JHrKgn-cyMXOQSizYHTYERzeNt_IaWoLu0UhKkMK6blCL7JxmtTRFu8z6Hqn_fRYofPSZfZjn1S5FIO82xJBlFVzUqFBC-vDG_mY5PySTaMXFT5GT7Q-udUNXVIHv0Hf58jhoczYUWaQEkUrj7Q1qe78M2AN9F_avIRefY5ZAoe0fq28YdyA
ca.crt:     1099 bytes
namespace:  11 bytes

使用上面生成的token就能登录dashboard了
k8s之环境部署_第4张图片

注意:生成的token是有时间限制的,所以在生产环境中推荐使用配置文件的方式登录

k8s之环境部署_第5张图片
k8s之环境部署_第6张图片

你可能感兴趣的:(kubernetes,docker,运维)

  • volcengine 库装不上 #25 LiuPig刘皮哥 python
    https://github.com/volcengine/volc-sdk-python/issues/25在Dockerpython3.10-slim中volcengine安装时报错,其依赖pycryptodome显示gcc相关错误调研发现pycryptodome3.19.0不会报错,volcengine依赖的pycryptodome3.9.9会报错修改方案是手动为volcengine安装依赖
  • docker启动命令,docker重启命令,docker关闭命令 web15085181368 javajava后端
    一.docker服务的命令启动:systemctlstartdocker守护进程重启:systemctldaemon-reload重启docker服务:systemctlrestartdocker/servicedockerrestart关闭:dockerservicedockerstop/dockersystemctlstopdocker二.关于docker容器的命令启动:dockerstart
  • 【Elasticsearch 】自定义分词器 程风破~ Elasticsearchelasticsearch大数据搜索引擎
    博主简介:CSDN博客专家,历代文学网(PC端可以访问:https://literature.sinhy.com/#/?__c=1000,移动端可微信小程序搜索“历代文学”)总架构师,15年工作经验,精通Java编程,高并发设计,Springboot和微服务,熟悉Linux,ESXI虚拟化以及云原生Docker和K8s,热衷于探索科技的边界,并将理论知识转化为实际应用。保持对新技术的好奇心,乐于分
  • 企业IT数字化运维运营平台(总体架构、总体蓝图)建设方案 公众号:优享智库 数字化转型数据治理主数据数据仓库运维架构
    这份文件是关于企业IT数字化运维运营平台的建设方案,主要介绍了业务背景、解决方案、成功应用案例等核心内容。以下是文件的核心要点总结:业务背景概述:IT运维趋势:随着万物互联时代的到来,IT设备数量激增,运维成为保障业务高效运转的基础。IT运维重要性:IT监控运维是企业业务正常与高效运转的基础保障,直接影响业务的收益和成本。IT运维现状:当前运维模式多为被动救火式,存在基础设施分散、管理困难、缺少自
  • 企业IT数字化运维运营平台(总体架构、总体蓝图)建设方案PPT 公众号:优享智库 数字化转型数据治理主数据数据仓库数据库运维大数据人工智能
    原文《企业IT数字化运维运营平台(总体架构、总体蓝图)建设方案》PPT格式,主要从构建IT一体化运营能力、构建统一IT运营管理体系、建立统一的应用系统监控视图、构建智能化、主动式的IT监控与运维能力进行建设一套企业IT统一智能运营管理平台。来源网络公开渠道,旨在交流学习,如有侵权联系速删,更多参考公众号:优享智库一、管理体系·构建面向业务的主动式统一运营理体系统一运营分析管理能力、统一运维监控管理
  • PostgreSQL 常用运维SQL整理 尚雷_TechTalk01 PostgreSQLpostgresql运维sql
    一、查询并杀会话--查询会话selectpid,usename,client_addr,client_port,query_start,query,wait_eventfrompg_stat_activity;--杀会话selectpg_terminate_backend('pid号');--使用如下命令自动生成杀会话语句selectdatid,datname,pid,usesysid,usena
  • 【PostgreSQL 】运维篇——PostgreSQL 高可用性架构 AI人H哥会Java sql数据库postgresql运维
    数据库的可用性和可靠性是至关重要的,随着业务需求的增长,系统必须能够持续运行,并在发生故障时迅速恢复。高可用性(HA)解决方案确保数据库系统能够在出现硬件故障、软件故障或其他意外情况下保持可用性,从而最小化停机时间和数据丢失。PostgreSQL提供了多种高可用性解决方案,包括主从复制、流复制和故障转移。这些解决方案可以帮助企业实现数据的冗余备份、负载均衡和快速恢复。以下是对这些解决方案的详细讨论
  • 云原生架构的核心原则:微服务、容器与DevOps zhousenshan 论文素材云原生架构微服务
    云原生架构正以前所未有的速度席卷各行各业,成为众多企业迈向高效、敏捷与创新之路的关键力量。据Gartner预测,到2025年,将有95%的新建数字工作负载基于云原生平台,这一数据直观地反映出云原生架构在未来企业技术布局中的核心地位。云原生架构之所以备受瞩目,源于它能充分释放云计算的潜能,为企业带来诸多显著优势。它打破了传统架构的诸多束缚,让应用开发、部署与运维变得更加灵活、高效,极大提升了企业应对
  • 网络工程师:华为设备BGP命令大全 wljslmz 网络技术华为BGP路径矢量协议
    华为(Huawei)作为全球领先的信息与通信技术(ICT)解决方案供应商,其网络设备广泛应用于企业网络和运营商网络中。边界网关协议(BorderGatewayProtocol,BGP)是互联网的主要路由协议,用于在不同自治系统(AS)之间交换路由信息。掌握华为设备的BGP命令对于网络工程师至关重要,因为这不仅涉及日常的网络运维,还影响到网络的整体性能和安全性。本文将详细介绍华为设备中的BGP命令,
  • 分层架构设计概念 祈遇& java
    技术架构分层设计  系统分层设计是一种设计思想(分而治之),是让每层对象都有一个独立职责,再让多层对象协同(耦合)完成一个完整的功能。这样做可以更好提高系统可扩展性,但同时也会增加系统整体运维的难度springBoot技术简介和特性  SpringBoot是Java软件开发框架(很多人现在把它理解为一个脚手架),其设计目的是用来简化Spring项目的初始搭建以及开发过程。该框架使用了特定的注解方式
  • 02.DockerCompose部署Nginx Felix_XY DockerComposeNginxnginxdockerdockercompose
    目录参考链接获取镜像单机部署(bridge模式)单机部署(host模式)单机部署使用templates配置nginx.conf官方镜像支持的环境变量准备template文件创建docker-compose.yml验证转载请注明出处参考链接https://hubgw.docker.com/_/nginxhttps://devopsian.net/p/nginx-config-template-wit
  • 一个真正可用的docker-compse部署 单机版kafka 版本2.x garen_dimon 软件研究dockerkafka容器
    注意:kafka3.x版本,Kafka3.x需要Java11或更高版本。确保系统已安装合适的Java版本。Kafka3.x推荐使用ZooKeeper3.5.x或更高版本。确保ZooKeeper集群与Kafka版本兼容。如果你计划使用KRaft模式替换传统的ZooKeeper模式,请确保你已经了解新模式的要求和配置。在网上搜索单机docker-compose部署kafka,出现最多的内容如下:ver
  • Docker-Compose以KRaft模式快速部署Kafka LUCIAZZZ dockerkafka容器java运维springboot
    我们创建一个docker-compose.yaml文件然后后台启动我们的DockerComposedocker-composeup-d我们修改配置后可以关闭后重启docker-composedowndocker-compose.yaml文件内容version:"3"services:kafka:image:'bitnami/kafka:latest'user:rootenvironment:-KA
  • Kafka(一)使用Docker Compose安装单机Kafka以及Kafka UI_docker 部署单机kafka 2401_84166396 2024年程序员学习kafkadockerui
    开启JMX监控JMX_PORT=9998KAFKA_JMX_OPTS=-Dcom.sun.management.jmxremote-Dcom.sun.management.jmxremote.authenticate=false-Dcom.sun.management.jmxremote.ssl=false-Djava.rmi.server.hostname=kafka-Dcom.sun.mana
  • Python 包管理之 poetry 奔跑的大西吉 Python
    poetry是一个Python虚拟环境和依赖管理的工具。poetry和pipenv类似,另外还提供了打包和发布的功能。官方文档:python-poetry.org/docs/python项目部署:poetry管理本地环境,上线用dockerpoetry安装poetry提供多种安装方式,个人推荐从以下2种方式中选择:方式一:(推荐)$curl-sSLhttps://raw.githubusercon
  • 【云原生】Docker搭建开源翻译组件Deepl使用详解 小码农叔叔 linux与容器实战docker部署翻译组件docker部署deepldocker搭建deepljava对接deepl翻译组件使用
    目录一、前言二、微服务项目使用翻译组件的场景2.1多语言用户界面2.2业务逻辑中的翻译需求2.3满足实时通信的要求2.4内容管理系统2.5个性化推荐系统2.6日志和监控三、开源类翻译组件解决方案3.1国内翻译组件方案汇总3.1.1百度翻译3.1.2腾讯翻译3.1.3阿里翻译(通用版)3.1.4华为翻译3.1.5小牛翻译3.1.6有道翻译3.1.7火山翻译3.1.8讯飞翻译3.2国外翻译组件方案汇总
  • 【云原生网关】Higress 从部署到使用详解 小码农叔叔 网关与限流术linux与容器实战docker搭建HigressHigress搭建docker部署HigressHigress使用详解Higress使用docker搭建higress
    目录二、网关概述2.1什么是云原生网关2.2常见的云原生网关2.2.1Nginx2.2.2ApiSix2.2.3Kong2.2.4ApacheShenyu2.2.5Higress2.2.6Envoy三、higress介绍3.1什么是higress3.2Higress定位3.3Higress内核选择四、Higress搭建过程4.1higress常用部署模式4.2环境准备4.3docker部署higr
  • Docker常用知识点问题 晚风-夏不凉 docker
    1.dockerfile基础命令及作用—copy和add区别—为什么要指定workdir—expose作用,能不能不用,不用会导致什么情况?—env,不用怎么打镜像—from2.dockerfile编写规范—jdk版本—依赖问题—shell指令引用—字体和时区配置3.多阶段构建优点4.构建过程—-t,-rm参数意思—构建文件(dockerfile)可以自定义名吗5.执行过程—不做端口映射会有什么情
  • Django SimpleUI运维管理系统搭建教程 ivwdcwso 开发运维sqlite数据库DjangoSimpleUIDjangopython开发
    DjangoSimpleUI运维管理系统搭建教程本教程将详细介绍如何从零搭建一个基于DjangoSimpleUI的运维管理系统。一、环境准备1.安装Python和相关依赖#安装Python3.8+sudoaptinstallpython3.8python3.8-dev#安装虚拟环境pip3installvirtualenv#创建并激活虚拟环境virtualenvvenvsourcevenv/bin
  • docker挂载mysql会失败_Docker Mysql 挂载 /var/lib/mysql 后无法启动 Joseph Holy
    我也遇到相同的问题了`dockerrun\-p4406:3306\-eMYSQL_ROOT_PASSWORD=localDocker@mysql\-eTZ=Asia/Shanghai\-v/mnt/hgfs/docker/mysql/data:/var/lib/mysql\-v/mnt/hgfs/docker/mysql/log:/var/log/mysql:rw\-v/mnt/hgfs/dock
  • 【日常运维】mongoDB学习-入门介绍-其强大之处以及用武之地 向往风的男子 运维日常DBAmongodb
    本站以分享各种运维经验和运维所需要的技能为主《python零基础入门》:python零基础入门学习《python运维脚本》:python运维脚本实践《shell》:shell学习《terraform》持续更新中:terraform_Aws学习零基础入门到最佳实战《k8》暂未更新《docker学习》暂未更新《ceph学习》ceph日常问题解决分享《日志收集》ELK+各种中间件《运维日常》运维日常《l
  • MongoDB常见的运维工具总结介绍 yuanpan mongodb运维数据库
    MongoDB提供了一些强大的运维工具,帮助管理员进行数据库监控、备份、恢复、性能优化等操作。以下是一些常见的MongoDB运维工具及其功能介绍:1.MongoDBAtlas功能:MongoDBAtlas是MongoDB官方的云托管数据库服务,它提供了全托管的MongoDB实例和自动化运维功能,包括自动备份、自动扩展、高可用性、监控和安全性等。它使得运维团队可以专注于应用开发,而无需担心数据库的管
  • 技术文档规划布局:构建系统性与连贯性的架构 m0_74136676 软件工程
    在技术文档的创作历程中,规划布局堪称构建稳固大厦的蓝图设计环节。合理确定文档的整体架构,包括精心设计章节设置与巧妙安排逻辑顺序,是确保信息呈现系统性与连贯性的关键所在,直接关系到文档的质量与可用性。一、明确核心主题与目标受众在着手规划文档架构之前,必须对文档的核心主题有透彻的理解。无论是关于一款软件的使用指南、一项技术的研发手册还是某个系统的运维说明,明确主题边界与重点内容是基础。同时,精准定位目
  • 【云原生技术】在 Kubernetes 中,ConfigMap类型挂在卷官方详细介绍 阿寻寻 云原生kubernetesjava
    ConfigMap类型挂在卷官方详细介绍一、ConfigMap类型挂在卷官方详细介绍ConfigMap挂载为卷概述创建ConfigMap配置Pod挂载ConfigMap挂载后的文件结构更新ConfigMap注意事项总结二、ConfigMap的使用是不是只能在挂在卷和环境变量中才能使用?ConfigMap的主要使用方法其他不太常见的用法注入数据的方法总结注意事项总结一、ConfigMap类型挂在卷官
  • 智联未来——打造基于机器学习的MySQL智能运维助手,开启协作新时代 墨夶 数据库学习资料2机器学习mysql运维
    在当今快速发展的信息技术领域,数据库作为信息系统的核心组件,其稳定性和效率直接关系到业务的成功与否。面对日益增长的数据管理和处理需求,传统的运维方式已经难以满足现代企业对高效、稳定服务的要求。为此,越来越多的企业开始探索如何通过智能化手段提升数据库运维水平,特别是利用最新的AI技术和自动化工具来构建一个功能强大的智能运维助手。今天,我们将深入了解如何训练这样一个基于机器学习的MySQL智能运维助手
  • Python交互式界面import acl后用Ctrl+D退出导致Docker容器中Anaconda虚拟环境崩溃core dump进而容器退出问题(用exit()没有问题)EOF信号 Dontla dockerlinuxpythondocker开发语言
    文章目录解释解释在Python交互式界面中,exit()和Ctrl+D(在Unix系统中)或Ctrl+Z(在Windows系统中)都是退出Python解释器的方法,但它们的工作机制是不同的:exit()是Python的内置函数,它会进行正常的清理工作,安全地关闭解释器。这个过程包括:调用已注册的清理函数释放资源正常终止Python进程而Ctrl+D则是发送一个EOF(EndOfFile)信号给进程
  • amd64版本的docker 如何拉取并运行 arm64镜像 幻影_1024 docker容器运维
    在amd64架构的机器上拉取arm64架构的Docker镜像,你可以使用Docker的多平台支持功能。这个功能允许你在不同的架构上运行和构建镜像。以下是步骤:启用QEMU多平台支持:首先,你需要确保系统支持通过QEMU模拟其他架构。如果你使用的是WindowsDockerDesktop,它已经内置了对QEMU的支持。如果你在Linux上,可以通过以下命令启用它:dockerrun--rm--pri
  • docker 19.03构建跨平台的镜像包并推送到私有仓库 水上冰石 树莓派云原生-运维架构docker容器linux
    默认的docker构建image镜像是不能跨平台的,如果需要构建跨平台的镜像,需要docker的版本在19.03版本以上,并开启buildx。以下为具体的步骤版本:docker19.03。一.安装/开启buildx1.1.手动开启dockerx开关docker19.3暂默认不开启dockerx,需要手动开启vim/etc/profilesexportDOCKER_CLI_EXPERIMENTAL=
  • 构建与推送 Docker 镜像至 Docker Hub:涵盖 AMD64 和 ARM64 架构的详细指南 曦紫沐 Dockerdocker架构容器
    构建Docker镜像并在本地测试后将其上传到DockerHub是一个常见的工作流程。以下是详细的步骤,包括如何为不同架构(如AMD64和ARM64)构建镜像,并解释这两种架构之间的区别。构建Docker镜像1.准备Dockerfile首先,你需要有一个描述如何构建镜像的Dockerfile文件。这个文件包含了所有必要的指令来组装你的应用环境。例如:#使用官方的基础镜像(这里以Python为例)FR
  • docker desktop使用ollama在GPU上运行deepseek r1大模型 yimenren docker容器运维
    一、安装docker安装WSL打开HyperV可以参考:用Docker快速安装软件_哔哩哔哩_bilibili二、拉取ollama镜像在powershell中运行如下命令,即可拉取最新版本的ollama镜像:dockerpullollama/ollama如果需要指定版本,可以用如下命令:#CPU或NvidiaGPU下载ollama0.3.0dockerpullollama/ollama:0.3.0
  • java短路运算符和逻辑运算符的区别 3213213333332132 java基础
    /* * 逻辑运算符——不论是什么条件都要执行左右两边代码 * 短路运算符——我认为在底层就是利用物理电路的“并联”和“串联”实现的 * 原理很简单,并联电路代表短路或(||),串联电路代表短路与(&&)。 * * 并联电路两个开关只要有一个开关闭合,电路就会通。 * 类似于短路或(||),只要有其中一个为true(开关闭合)是
  • Java异常那些不得不说的事 白糖_ javaexception
    一、在finally块中做数据回收操作 比如数据库连接都是很宝贵的,所以最好在finally中关闭连接。 JDBCAgent jdbc = new JDBCAgent(); try{ jdbc.excute("select * from ctp_log"); }catch(SQLException e){ ... }finally{ jdbc.close();
  • utf-8与utf-8(无BOM)的区别 dcj3sjt126com PHP
    BOM——Byte Order Mark,就是字节序标记   在UCS 编码中有一个叫做"ZERO WIDTH NO-BREAK SPACE"的字符,它的编码是FEFF。而FFFE在UCS中是不存在的字符,所以不应该出现在实际传输中。UCS规范建议我们在传输字节流前,先传输 字符"ZERO WIDTH NO-BREAK SPACE"。这样如
  • JAVA Annotation之定义篇 周凡杨 java注解annotation入门注释
        Annotation: 译为注释或注解 An annotation, in the Java computer programming language, is a form of syntactic metadata that can be added to Java source code. Classes, methods, variables, pa
  • tomcat的多域名、虚拟主机配置 g21121 tomcat
    众所周知apache可以配置多域名和虚拟主机,而且配置起来比较简单,但是项目用到的是tomcat,配来配去总是不成功。查了些资料才总算可以,下面就跟大家分享下经验。 很多朋友搜索的内容基本是告诉我们这么配置: 在Engine标签下增面积Host标签,如下: <Host name="www.site1.com" appBase="webapps"
  • Linux SSH 错误解析(Capistrano 的cap 访问错误 Permission ) 510888780 linuxcapistrano
    1.ssh -v [email protected] 出现 Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). 错误 运行状况如下: OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuratio
  • log4j的用法 Harry642 javalog4j
    一、前言:     log4j 是一个开放源码项目,是广泛使用的以Java编写的日志记录包。由于log4j出色的表现,     当时在log4j完成时,log4j开发组织曾建议sun在jdk1.4中用log4j取代jdk1.4 的日志工具类,但当时jdk1.4已接近完成,所以sun拒绝使用log4j,当在java开发中
  • mysql、sqlserver、oracle分页,java分页统一接口实现 aijuans oraclejave
    定义:pageStart 起始页,pageEnd 终止页,pageSize页面容量 oracle分页:     select * from ( select mytable.*,rownum num from (实际传的SQL) where rownum<=pageEnd) where num>=pageStart sqlServer分页:  
  • Hessian 简单例子 antlove javaWebservicehessian
    hello.hessian.MyCar.java package hessian.pojo; import java.io.Serializable; public class MyCar implements Serializable { private static final long serialVersionUID = 473690540190845543
  • 数据库对象的同义词和序列 百合不是茶 sql序列同义词ORACLE权限
    回顾简单的数据库权限等命令; 解锁用户和锁定用户 alter user scott account lock/unlock; //system下查看系统中的用户 select * dba_users; //创建用户名和密码 create user wj identified by wj; identified by //授予连接权和建表权 grant connect to
  • 使用Powermock和mockito测试静态方法 bijian1013 持续集成单元测试mockitoPowermock
            实例: package com.bijian.study; import static org.junit.Assert.assertEquals; import java.io.IOException; import org.junit.Before; import org.junit.Test; import or
  • 精通Oracle10编程SQL(6)访问ORACLE bijian1013 oracle数据库plsql
    /* *访问ORACLE */ --检索单行数据 --使用标量变量接收数据 DECLARE v_ename emp.ename%TYPE; v_sal emp.sal%TYPE; BEGIN select ename,sal into v_ename,v_sal from emp where empno=&no; dbms_output.pu
  • 【Nginx四】Nginx作为HTTP负载均衡服务器 bit1129 nginx
     Nginx的另一个常用的功能是作为负载均衡服务器。一个典型的web应用系统,通过负载均衡服务器,可以使得应用有多台后端服务器来响应客户端的请求。一个应用配置多台后端服务器,可以带来很多好处:   负载均衡的好处 增加可用资源 增加吞吐量 加快响应速度,降低延时 出错的重试验机制 Nginx主要支持三种均衡算法: round-robin l
  • jquery-validation备忘 白糖_ jquerycssF#Firebug
    留点学习jquery validation总结的代码:   function checkForm(){ validator = $("#commentForm").validate({// #formId为需要进行验证的表单ID errorElement :"span",// 使用"div"标签标记错误, 默认:&
  • solr限制admin界面访问(端口限制和http授权限制) ronin47 限定Ip访问
    solr的管理界面可以帮助我们做很多事情,但是把solr程序放到公网之后就要限制对admin的访问了。 可以通过tomcat的http基本授权来做限制,也可以通过iptables防火墙来限制。 我们先看如何通过tomcat配置http授权限制。 第一步: 在tomcat的conf/tomcat-users.xml文件中添加管理用户,比如: <userusername="ad
  • 多线程-用JAVA写一个多线程程序,写四个线程,其中二个对一个变量加1,另外二个对一个变量减1 bylijinnan java多线程
    public class IncDecThread { private int j=10; /* * 题目:用JAVA写一个多线程程序,写四个线程,其中二个对一个变量加1,另外二个对一个变量减1 * 两个问题: * 1、线程同步--synchronized * 2、线程之间如何共享同一个j变量--内部类 */ public static
  • 买房历程 cfyme
        2015-06-21: 万科未来城,看房子   2015-06-26: 办理贷款手续,贷款73万,贷款利率5.65=5.3675   2015-06-27: 房子首付,签完合同   2015-06-28,央行宣布降息 0.25,就2天的时间差啊,没赶上。   首付,老婆找他的小姐妹接了5万,另外几个朋友借了1-
  • [军事与科技]制造大型太空战舰的前奏 comsci 制造
           天气热了........空调和电扇要准备好..........        最近,世界形势日趋复杂化,战争的阴影开始覆盖全世界..........        所以,我们不得不关
  • dateformat dai_lm DateFormat
    "Symbol Meaning Presentation Ex." "------ ------- ------------ ----" "G era designator (Text) AD" "y year
  • Hadoop如何实现关联计算 datamachine mapreducehadoop关联计算
        选择Hadoop,低成本和高扩展性是主要原因,但但它的开发效率实在无法让人满意。     以关联计算为例。     假设:HDFS上有2个文件,分别是客户信息和订单信息,customerID是它们之间的关联字段。如何进行关联计算,以便将客户名称添加到订单列表中?   &nbs
  • 用户模型中修改用户信息时,密码是如何处理的 dcj3sjt126com yii
    当我添加或修改用户记录的时候对于处理确认密码我遇到了一些麻烦,所有我想分享一下我是怎么处理的。 场景是使用的基本的那些(系统自带),你需要有一个数据表(user)并且表中有一个密码字段(password),它使用 sha1、md5或其他加密方式加密用户密码。 面是它的工作流程: 当创建用户的时候密码需要加密并且保存,但当修改用户记录时如果使用同样的场景我们最终就会把用户加密过的密码再次加密,这
  • 中文 iOS/Mac 开发博客列表 dcj3sjt126com Blog
      本博客列表会不断更新维护,如果有推荐的博客,请到此处提交博客信息。 本博客列表涉及的文章内容支持 定制化Google搜索,特别感谢 JeOam 提供并帮助更新。 本博客列表也提供同步更新的OPML文件(下载OPML文件),可供导入到例如feedly等第三方定阅工具中,特别感谢 lcepy 提供自动转换脚本。这里有导入教程。
  • js去除空格,去除左右两端的空格 蕃薯耀 去除左右两端的空格js去掉所有空格js去除空格
    js去除空格,去除左右两端的空格 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>&g
  • SpringMVC4零配置--web.xml hanqunfeng springmvc4
    servlet3.0+规范后,允许servlet,filter,listener不必声明在web.xml中,而是以硬编码的方式存在,实现容器的零配置。 ServletContainerInitializer:启动容器时负责加载相关配置 package javax.servlet; import java.util.Set; public interface ServletContainer
  • 《开源框架那些事儿21》:巧借力与借巧力 j2eetop 框架UI
    同样做前端UI,为什么有人花了一点力气,就可以做好?而有的人费尽全力,仍然错误百出?我们可以先看看几个故事。 故事1:巧借力,乌鸦也可以吃核桃 有一个盛产核桃的村子,每年秋末冬初,成群的乌鸦总会来到这里,到果园里捡拾那些被果农们遗落的核桃。 核桃仁虽然美味,但是外壳那么坚硬,乌鸦怎么才能吃到呢?原来乌鸦先把核桃叼起,然后飞到高高的树枝上,再将核桃摔下去,核桃落到坚硬的地面上,被撞破了,于是,
  • JQuery EasyUI 验证扩展 可怜的猫 jqueryeasyui验证
      最近项目中用到了前端框架-- EasyUI,在做校验的时候会涉及到很多需要自定义的内容,现把常用的验证方式总结出来,留待后用。   以下内容只需要在公用js中添加即可。   使用类似于如下: <input class="easyui-textbox" name="mobile" id="mobile&
  • 架构师之httpurlconnection----------读取和发送(流读取效率通用类) nannan408
    1.前言.    如题. 2.代码. /* * Copyright (c) 2015, S.F. Express Inc. All rights reserved. */ package com.test.test.test.send; import java.io.IOException; import java.io.InputStream
  • Jquery性能优化 r361251 JavaScriptjquery
    一、注意定义jQuery变量的时候添加var关键字 这个不仅仅是jQuery,所有javascript开发过程中,都需要注意,请一定不要定义成如下: $loading = $('#loading'); //这个是全局定义,不知道哪里位置倒霉引用了相同的变量名,就会郁闷至死的 二、请使用一个var来定义变量 如果你使用多个变量的话,请如下方式定义: . 代码如下: var page
  • 在eclipse项目中使用maven管理依赖 tjj006 eclipsemaven
    概览: 如何导入maven项目至eclipse中 建立自有Maven  Java类库服务器 建立符合maven代码库标准的自定义类库 Maven在管理Java类库方面有巨大的优势,像白衣所说就是非常“环保”。 我们平时用IDE开发都是把所需要的类库一股脑的全丢到项目目录下,然后全部添加到ide的构建路径中,如果用了SVN/CVS,这样会很容易就 把
  • 中国天气网省市级联页面 x125858805 级联
    1、页面及级联js <%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> &l
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他