Sunday Blog

Posted by BlueFat on Friday, November 13, 2020

Kubernetes Dashboard 创建只读用户Token

Kubernetes Dashboard Viewonly Token

创建kubernetes dashboard只读用户token kind: ClusterRole metadata: name: admin-viewonly rules: - apiGroups: - "" resources: - configmaps - endpoints - persistentvolumeclaims - pods - replicationcontrollers - replicationcontrollers/scale - serviceaccounts - services - nodes - persistentvolumeclaims - persistentvolumes verbs: - get - list - watch

Posted by BlueFat on Wednesday, October 28, 2020

Kubernetes RBAC认证 ServiceAccount、Dashboard

Kubernetes Rbac Serviceaccount

简介简介摘自Kubernetes权威指南 RBAC（Role-Based Access Control，基于角色的访问控制）在Kubernetes的1.5版

Posted by BlueFat on Wednesday, October 28, 2020

Docker基础

Docker Use

查看Docker版本 [root@k8s-master01 ~]# docker version Client: Docker Engine - Community Version: 20.10.7 API version: 1.40 Go version: go1.13.15 Git commit: f0df350 Built: Wed Jun 2 11:58:10 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 19.03.15 API version: 1.40 (minimum version 1.12) Go version: go1.13.15 Git commit: 99e3ed8919 Built: Sat Jan 30 03:16:33 2021 OS/Arch: linux/amd64

Posted by BlueFat on Saturday, October 24, 2020

Trojan 转发

Trojan Forward

iptables转发目前使用统计，trojan最多被封端口(如443),ip没太大问题。这里使用iptables实现最简单的的动态端口！将4

Posted by BlueFat on Wednesday, October 21, 2020

Trojan Web

https://github.com/Jrohy/trojan #安装/更新 source <(curl -sL https://git.io/trojan-install) #卸载 source <(curl -sL https://git.io/trojan-install) --remove 安装完后输入trojan可进入管理程序设置证书、新增用户 … root@ls:~# trojan mysql安全配置 # 记录mariadb r

Posted by BlueFat on Wednesday, October 21, 2020

Calico Ipip 切换为 Vxlan

Calico Ipip to Vxlan

https://projectcalico.docs.tigera.io/getting-started/kubernetes/installation/config-options https://projectcalico.docs.tigera.io/networking/vxlan-ipip calico_backend: “bird"修改为calico_backend: “vxlan” $ kubectl edit cm -nkube-system calico-config calico_backend: vxlan 禁用IP，开启VXLAN，禁止bird-liv

Posted by BlueFat on Tuesday, September 22, 2020

Kubernetes-dashboard Ingress SSL证书配置

Dashboard Ingress

删除已安装删除已安装kubernetes-dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml kubectl delete -f recommended.yaml 申请证书可以使用cert-manager申请三个月免费证书，此工具可

Posted by BlueFat on Thursday, September 17, 2020

使用 cert-manager 为 DNSPod 的域名签发免费证书

Cert Manager

cert-manager是一个云原生证书管理开源工具，用于在Kubernetes集群中提供HTTPS证书并自动续期。以下示例介绍了如何使用c

Posted by BlueFat on Wednesday, September 16, 2020

Loki LogQL 查询语句

Loki LogQL

日志查询 Log queries 所有 LogQL 查询都包含一个日志流选择器。以下示例显示了一个完整的日志查询： {container="query-frontend",namespace="loki-dev"} |= "metrics.go" | logfmt | duration > 10s and throughput_mb < 500 查询由以下部分组成：一个日志流选择

Posted by BlueFat on Tuesday, August 11, 2020

Ingress Nginx

https://kubernetes.github.io/ingress-nginx/ Install https://kubernetes.github.io/ingress-nginx/deploy/ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm search repo ingress-nginx helm pull ingress-nginx/ingress-nginx tar xf ingress-nginx-4.3.0.tgz cd ingress-nginx # 修改后 vim values.yaml # false -> true hostNetwork: true # ClusterFirst -> ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet # Deployment -> DaemonSet kind: DaemonSet # LoadBalancer -> ClusterIP type: ClusterIP # 指定标签代码行292-294 nodeSelector: nodeSelector: kubernetes.io/os: linux ingress:

Posted by BlueFat on Thursday, July 16, 2020

企业级镜像仓库 Harbor 的安装与配置

Harbor

官方地址 https://github.com/goharbor/harbor 安装 docker 17.03.0-ce+ and docker-compose 1.18.0+ 安装Docker https://docs.docker.com/engine/install/centos/ sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine \ podman \ runc sudo yum install -y yum-utils sudo yum-config-manager \ --add-repo \ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sudo sed -i 's@download.docker.com@mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin 安装Do

Posted by BlueFat on Monday, February 10, 2020

网络插件 Calico 安装

Calico Install

安装 # 直接etcd认证更高性能 curl https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/calico-etcd.yaml -O # https://docs.projectcalico.org/getting-started/kubernetes/installation/config-options 这里以apiserver认证方式安装 wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate 修改pod网段 vim calico.yaml POD_CIDR="172.16.0.0/12" sed -i 's@# - name: CALICO_IPV4POOL_CIDR@- name: CALICO_IPV4POOL_CIDR@' calico.yaml sed -i 's@# value: "192.168.0.0/16"@ value: '"$POD_CIDR"'@' calico.yaml kubectl apply

Posted by BlueFat on Thursday, January 23, 2020

一次HTTP connect-timeout的排查

Http Connect Timeout

一次HTTP connect-timeout的排查(上) 一次HTTP connect-timeout的排查(下)

Posted by BlueFat on Wednesday, January 22, 2020

Kubernetes 污点设置 Master 不可调度

Kubernetes Taint

kubectl taint node [node] key=value[effect] [effect] 可取值: [ NoSchedule | PreferNoSchedule | NoExecute ] NoSchedule: 一定不能被调度 PreferNoSchedule: 尽量不要调度 NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod # 设置污点 kubectl taint node master node-role.kubernetes.io/master="":NoSchedule # 取消污点

Posted by BlueFat on Wednesday, January 15, 2020

图解Https

Diagram Https

Kubernetes Dashboard 创建只读用户Token

Kubernetes Dashboard Viewonly Token

Kubernetes RBAC认证 ServiceAccount、Dashboard

Kubernetes Rbac Serviceaccount

Docker基础

Docker Use

Trojan 转发

Trojan Forward

Trojan Web

Trojan Web

Calico Ipip 切换为 Vxlan

Calico Ipip to Vxlan

Kubernetes-dashboard Ingress SSL证书配置

Dashboard Ingress

使用 cert-manager 为 DNSPod 的域名签发免费证书

Cert Manager

Loki LogQL 查询语句

Loki LogQL

Ingress Nginx

Ingress Nginx

企业级镜像仓库 Harbor 的安装与配置

Harbor

网络插件 Calico 安装

Calico Install

一次HTTP connect-timeout的排查

Http Connect Timeout

Kubernetes 污点设置 Master 不可调度

Kubernetes Taint

QUICK LINKS

FEATURED TAGS

FRIENDS