Sunday Blog

人生是一场刻意练习

使用Kubespray 部署Kubernetes集群

Kubespray

介绍 Kubespray是一个安装k8s集群的工具,kuberspray对比kubeadm更加简洁内部集成了kubeadm与ansible,通

Posted by BlueFat on Tuesday, May 11, 2021

Kubernetes 常见面试题汇总

Kubernetes Interview Question Summary

Kubernetes 常见面试题汇总 简述 etcd 及其特点? 答:etcd 是 CoreOS 团队发起的开源项目,是一个管理配置信息和服务发现 (service discovery)的项目,它的目标是构建

Posted by BlueFat on Monday, January 18, 2021

使用 acme.sh 自动签发 ZeroSSL 的 ECC 证书

使用 acme.sh 自动签发 ZeroSSL 的 ECC 证书

网站一直以来都是使用的Let’s Encrypt SSL证书,主要是因为Let’s Encrypt浏览器兼容性较好,支持ACME自动化部署,支持泛域名证书等,

Posted by BlueFat on Sunday, December 27, 2020

OpenSSL 生成 gRpc SSL证书

Grpc Ssl Generate

TLS 概述 传输层安全 (TLS) 对通过 Internet 发送的数据进行加密,以确保窃听者和黑客无法看到您传输的内容,这对于密码、信用卡号和个人通信等私人和敏感信息特别有用

Posted by BlueFat on Sunday, December 6, 2020

Grpc Proxy 反向代理

Grpc Proxy

Nginx 在 1.13.10 中,新增了对gRPC的原生支持。 有了对 gRPC 的支持,NGINX 就可以代理 gRPC TCP 连接,还可以终止、检查和跟踪 gRPC 的方法调用。你可以: 发布 gRPC 服务,

Posted by BlueFat on Sunday, December 6, 2020

PHP Rocketmq grpc 插件安装

Php grpc

grpc need version 3.13 or later of cmake gcc https://ftp.gnu.org/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.gz tar xf gcc-8.3.0.tar.gz cd gcc-8.3.0 ./contrib/download_prerequisites ./configure --prefix=/usr/local/gcc-8.3.0 --enable-bootstrap --enable-languages=c,c++ --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib make -j$(nproc) make install cmake 指定gcc版本 可以直接在shell中对CC和CXX进行指定: export CC=/usr/local/gcc-8.3.0/bin/gcc export CXX=/usr/local/gcc-8.3.0/bin/g++ cmake /path/to/your/project make 也可以直

Posted by BlueFat on Thursday, December 3, 2020

Kube Prometheus 监控 Etcd

Kube Prometheus Etcd

监控外部Etcd 导入etcd证书 kubectl -n monitoring create secret generic etcd-certs \ --from-file=ca.pem=/etc/ssl/etcd/ssl/ca.pem \ --from-file=etcd.pem=/etc/ssl/etcd/ssl/admin-master1.pem \ --from-file=etcd-key.pem=/etc/ssl/etcd/ssl/admin-master1-key.pem prometheus挂载etcd-certs cd /root/kube-prometheus/manifests/ vim prometheus-prometheus.yaml spec: ... secrets: - etcd-certs kubectl apply -f prometheus-prometheus.yaml 验证 [root@master1 manifests]# kubectl exec

Posted by BlueFat on Sunday, November 29, 2020

Kube Prometheus 监控Scheduler Controller Manager

Kube Prometheus Scheduler Controller Manager

监控scheduler和controller-manager 问题 kube-prometheus安装后,我们可以看到监控指标大部分的配置都是正

Posted by BlueFat on Sunday, November 29, 2020

Kubernetes Network Policies 网络策略

Kubernetes Network Policies

https://kubernetes.io/docs/concepts/services-networking/network-policies/ Network Policy提供了基于策略的网络控制,用于隔离应用并减少攻击面。它使用标签选择器模拟传统的分段网络,并通过策略控制它们之间的流量以及来自

Posted by BlueFat on Wednesday, November 25, 2020

Kubernetes Metrics Server

Kubernetes Metrics Server

metrics-server github release wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml 修改镜像 command中增加 --kubelet-insecure-tls 关闭证书认证 spec: containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls image: k8s-gcr.m.daocloud.io/metrics-server/metrics-server:v0.6.1 [root@master1 ~]# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% master1 784m 20% 2040Mi 61% master2 792m 20% 2155Mi 65% master3 896m 23% 2242Mi 67% node1

Posted by BlueFat on Tuesday, November 24, 2020

Containerd Mirrors 加速

Containerd Mirrors

containerd 使用https://docker.mirrors.ustc.edu.cn加速 抽风403 FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code

Posted by BlueFat on Monday, November 23, 2020

Kubernetes nfs动态storageclass

nfs安装 yum install -y nfs-utils systemctl start nfs-server mkdir /data/nfs/k8s -p echo "/data/nfs *(rw,sync,no_subtree_check,no_root_squash)" > /etc/exports exportfs -r systemctl reload nfs-server 静态持久卷 cat <<EOF | kubectl apply -f - apiVersion: v1 kind: PersistentVolume metadata: name: nfs-pv spec: capacity: storage: 5Gi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Recycle storageClassName: nfs-slow mountOptions: - hard - nfsvers=4.1 nfs: path: /data/nfs/k8s server: 192.168.10.228 EOF cat <<EOF

Posted by BlueFat on Monday, November 23, 2020

Kubernetes DiskPressure 磁盘压力

Kubernets Diskpressure

[Kubernetes 文官方档-节点压力驱逐]https://kubernetes.io/zh/docs/concepts/scheduling-evictio

Posted by BlueFat on Wednesday, November 18, 2020

使用Rook搭建Ceph集群

Rook

在容器世界中,无状态是一个核心原则,然而我们始终需要保存数据,并提供给他人进行访问。所以就需要一个方案用于保持数据,以备重启之需。 在 Kubernetes 中,P

Posted by BlueFat on Tuesday, November 17, 2020

Rocketmq 集群

Rocketmq

https://github.com/apache/rocketmq/tree/master/docs/cn 集群方案 https://github.com/apache/rocketmq/blob/master/docs/cn/operation.md 单Master模式 这种方式风险较大,一旦Broker重启或者宕机时,会导致整个服务不可用。不建议线上环境使用,可以用于本地测试。

Posted by BlueFat on Saturday, November 14, 2020

avatar

开心的蓝胖

QUICK LINKS
FEATURED TAGS
ansible bash calico containerd docker firewalld flannel grpc https iptables keepalived kernel kubernetes linux lvs mysql network nginx prometheus python rabbitmq rocketmq shell sort ssh tcp tcpdump ubuntu ufw 性能 排序 正则表达式 算法 递归 闭包
FRIENDS