分类 Kubernetes 中的文章

Spinnaker_deployment_error

2021年7月1日
| Kubernetes CI/CD Error

腾讯云coding平台部署错误

Check that the Docker image name above matches the name used in the image field of your manifest.Failing the stage as this is likely a configuration error.

是因为【启动所需制品】下【仓库】的镜像配置和自定义变量【dockerImage】的镜像名不一致。

……

阅读全文

Deployment yaml模板

2021年5月22日
| Kubernetes 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ${APP_NAME}
    environment: ${RUN_ENV}
  name: ${APP_NAME}
  namespace: ${NAMESPACE}
spec:
  progressDeadlineSeconds: 600
  replicas: ${REPLICAS}
  selector:
    matchLabels:
      app: ${APP_NAME}
      environment: ${RUN_ENV}
  template:
    metadata:
      labels:
        app: ${APP_NAME}
        environment: ${RUN_ENV}
      annotations:
        prometheus.io/scrape: "${ENABLE_SCRAPE}"
        prometheus.io/port: "${RUN_PORT}"
        prometheus.io/path: "${METRICS_PATH}"
        kubesphere.io/collectSavedLog: 'true'
        logging.kubesphere.io/logsidecar-config: '{"containerLogConfigs":{"${APP_NAME}":{"${APP_NAME}-log-volume":["*.log"]}}}'
    spec:
      volumes:
        - name: ${APP_NAME}-log-volume
          emptyDir: {}
        - name: heap-dumps
          emptyDir: {}
      containers:
        - name: ${APP_NAME}
          env:
            - name: JAVA_OPTS
              value: -server -Dapp.id=${APP_NAME} -Denv=${RUN_ENV} -Dapollo.cacheDir=/services/apollo -Dspring.profiles.active=${RUN_ENV} -Xms${HEAP_XMS} -Xmx${HEAP_XMX} -Xss512k -XX:ParallelGCThreads=4 -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=45 -Xlog:gc* -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/dumper -Dsun.net.inetaddr.ttl=60 -XX:+ScavengeBeforeFullGC -XX:+CMSScavengeBeforeRemark -Dcom.sun.management.jmxremote.port=19185 -Dtomcat.base=/services/tomcat -Dio.netty.tryReflectionSetAccessible=true --add-exports java.base/jdk.internal.misc=ALL-UNNAMED -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dlog.base=/services/logs/  -verbose:gc -Xdebug -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:19085
          image: $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:${RUN_ENV}-${BRANCH_NAME}-${COMMIT_HASH}-$DATE-${BUILD_NUMBER}
          lifecycle:
            postStart:
              exec:
                command:
                  - "sh"
                  - "-c"
                  - >
                    wget -P /services/  http://192.168.0.169:12306/download/finch.jar;
                    nohup java -Dapp.id=finch -Denv=${RUN_ENV} -jar /services/finch.jar &
          volumeMounts:
            - mountPath: "/services/logs/"
              name: ${APP_NAME}-log-volume
            - mountPath: /dumper
              name: heap-dumps
          livenessProbe:
            httpGet:
              path: ${HEALTH_PATH}
              port: ${RUN_PORT}
            initialDelaySeconds: 60
            periodSeconds: 30
            timeoutSeconds: 3
            successThreshold: 1
            failureThreshold: 10
          readinessProbe:
            httpGet:
              path: ${HEALTH_PATH}
              port: ${RUN_PORT}
            initialDelaySeconds: 60
            periodSeconds: 30
            successThreshold: 1
            failureThreshold: 10
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: ${RUN_PORT}
              protocol: TCP
          resources:
            limits:
              cpu: ${LIMIT_CPU}
              memory: ${LIMIT_MEMORY}
            requests:
              cpu: ${REQUEST_CPU}
              memory: ${REQUEST_MEMORY}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          securityContext:
            runAsUser: 5000
            runAsGroup: 5000
            allowPrivilegeEscalation: false
        - name: dumper
          image: 'harbor.m.cn/library/dumper:1.96'
          env:
            - name: COS_BUCKETURL
              value: 'https://jvm-dump.cos.ap-guangzhou.myqcloud.com'
            - name: COS_DUMPER_ROOT
              value: /
            - name: APP_NAME
              value: ${APP_NAME}
            - name: DUMPER_ROOT
              value: /dumper/
            - name: RUN_ENV_NAME
              value: ${RUN_ENV}
          resources:
            limits:
              cpu: 4000m
              memory: 4000Mi
            requests:
              cpu: 1000m
              memory: 1000Mi
          volumeMounts:
            - name: heap-dumps
              mountPath: /dumper
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent            
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      imagePullSecrets:
      - name: ${IMAGE_PULL_SECRETS}
      ```
……

阅读全文

Docker镜像清理

2021年5月21日
| Kubernetes

运行docker system df 命令:

1
2
3
4
5
6

[root@VM_100_4_centos ~]# docker system df 
TYPE                TOTAL                       SIZE                RECLAIMABLE
Images              955                         77.06GB             74.21GB (96%)
Containers          65                          3.28MB              0B (0%)
Local Volumes       0                           0B                  0B
Build Cache         0                           0B                  0B

最后一列RECLAIMABLE字段标明了可回收的磁盘空间大小,此处表示有74.21GB的docker镜像可以收回,而containers、volumes等没有可回收的空间。

……

阅读全文

Ingress_yaml nginx模板

2021年3月11日
| Kubernetes 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: ${NAMESPACE}
  name: ${APP_NAME}-ingress
  annotations:
    nginx.ingress.kubernetes.io/service-upstream: true
    nginx.ingress.kubernetes.io/ssl-redirect: true
    kubernetes.io/ingress.class: "public-nginx-ingress"
    # 重写规则,相当于location /api/
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/api/(.*)$ /$1 break;
    kubernetes.io/ingress.rule-mix: "true"
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  tls:
    - hosts:
      - ${PUBLIC_DOMAIN}
      secretName: ${TLS_SECRET}
  rules:
    - host: ${PUBLIC_DOMAIN}
      http:
        paths:
          - path: ${REQUEST_PATH}
            backend:
              serviceName: ${APP_NAME}
              servicePort: ${RUN_PORT}
    - host: www.tangjihede.fun
      http:
        paths:
          - path: /api/
            backend:
              serviceName: api
              servicePort: 8080
……

阅读全文

nginx ingress 注解大全

2021年3月11日
| Kubernetes 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# http 跳转https
nginx.ingress.kubernetes.io/ssl-redirect: true

# 腾讯云公网类型
kubernetes.io/ingress.class: "public-nginx-ingress"

# 重写规则,相当于location /api/
nginx.ingress.kubernetes.io/configuration-snippet: |
  rewrite ^/api/(.*)$ /$1 break;

# 重写
annotations:
     nginx.ingress.kubernetes.io/server-snippet: |
         rewrite ^/v4/(.*)/card/query http://foo.bar.com/v5/#!/card/query permanent;
     nginx.ingress.kubernetes.io/configuration-snippet: |
         rewrite ^/v6/(.*)/card/query http://foo.bar.com/v7/#!/card/query permanent;

# 支持websocket协议
nginx.ingress.kubernetes.io/server-snippets: |
      proxy_set_header Upgrade $http_upgrade;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header Connection "upgrade";
      proxy_cache_bypass $http_upgrade;

# 腾讯云 https://cloud.tencent.com/document/product/457/45693
kubernetes.io/ingress.rule-mix: "true"

# 支持正则
nginx.ingress.kubernetes.io/use-regex: "true"

# 后端是https协议
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

# 白名单配置
nginx.ingress.kubernetes.io/whitelist-source-range: "58.246.135.154,58.246.135.155"

#开启ingress access日志
nginx.ingress.kubernetes.io/enable-access-log: true  

# 跨域参考
https://www.tangjihede.fun/post/LoadBalancing/%E8%B7%A8%E5%9F%9F%E9%97%AE%E9%A2%98/

链接:

……

阅读全文

Kubectl常用命令汇总

2020年12月26日
| Kubernetes
  1. 从容器中拷贝文件
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

kubectl cp -n namespace pod_name:app/test.txt ./test.txt --kubeconfig=./.kube/mykubeconfig

# 上面是linux,如果是windows的话,如下

kubectl cp -n namespace pod_name:app/test.txt .\test.txt --kubeconfig=.\.kube\mykubeconfig


# 从本地拷贝到容器里
kubectl cp -n kubesphere-controls-system .\curl kubectl-6f7f88ff9b-27lcq:tmp/curl --kubeconfig=.\.kube\local

docker cp container_name:file_path file_save_path
  1. 查看pod详情
1

kubectl describe pods -n namespace
  1. 删除节点
1
2
3
4
5
6
7

#先停止服务

systemctl stop docker

systemctl stop kubelet

kubectl delete node node_name
  1. 删除pod
1
2
3
4

kubectl delete pod pod_name -n namespace

强制删除
kubectl delete pod pod_name -n namespace --grace-period=0 --force
  1. 回滚
kubectl rollout history deployment/grafana -n kubesphere-monitoring-system

kubectl rollout history deployment/grafana --revision=83 -n kubesphere-monitoring-system

kubectl rollout undo deployment/grafana --to-revision=1 -n kubesphere-monitoring-system
  1. 进入容器
1
2
3
4
5
6

kubectl exec -it pod_name -n mynamespace --kubeconfig=/path/file -- /bin/bash

旧版命令会有相应提示,其实就是命令前面加了个'--'
[root@master ~]# kubectl exec -it nginx-deployment-f7ccf9478-ddxr6 -n default "/bin/bash"
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. 
Use kubectl exec [POD] -- [COMMAND] instead.
  1. 多集群
1
2

使用--kubeconfig
kubectl get svc -n default --kubeconfig=/path/.kube/config_file
  1. 节点label
1
2
3
4
5
6
7
8

查看
kubectl get nodes --show-labels

设置label
kubectl label nodes slave01 kubernetes.io/role=worker

覆盖
kubectl label --overwrite nodes slave01 kubernetes.io/role=worker1
  1. 查看api
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

kubectl api-resources
NAME                     SHORTNAMES   APIVERSION   NAMESPACED   KIND
bindings                              v1           true         Binding
componentstatuses        cs           v1           false        ComponentStatus
configmaps               cm           v1           true         ConfigMap
endpoints                ep           v1           true         Endpoints
events                   ev           v1           true         Event
limitranges              limits       v1           true         LimitRange


kubectl api-resources -v 6
...
I0108 ... GET https://192.168.58.2:8443/api?timeout=32s 200 OK in 10 milliseconds
I0108 ... GET https://192.168.58.2:8443/apis?timeout=32s 200 OK in 1 milliseconds
I0108 ... GET https://192.168.58.2:8443/apis/apiregistration.k8s.io/v1?timeout=32s 200 OK in 7 milliseconds
I0108 ... GET https://192.168.58.2:8443/api/v1?timeout=32s 200 OK in 13 milliseconds
...
  1. secret
# 创建tls证书
kubectl create secret tls my-tls-secret --cert=path/to/cert/file --key=path/to/key/file -n foreground --kubeconfig=.\.kube\kubeconfig

# 加密证书Opaque
kubectl create secret generic mycerts --from-file=private-rsa.pfx=.\private-rsa.pfx -n foreground  \
--kubeconfig=.\.kube\kubeconfig

然后yaml引用
```yaml
spec:
  volumes:
    - name: mycerts
      secret:
        secretName: mycerts
        defaultMode: 420
  ...
  containers:
    volumeMounts:
      - name: mycerts
        readOnly: true
        mountPath: /data/cer/

创建镜像仓库连接认证

kubectl create secret docker-registry secret-tiger-docker
docker-email=tiger@acme.example
–docker-username=tiger
–docker-password=pass1234
–docker-server=my-registry.example:5000

……

阅读全文